Administrative Access
Many Linux commands deal with sensitive data like system hardware, passwords or operate under exceptional circumstances. Prevents regular users from executing these commands by mistakes and helps to protect data and system integrity. By logging in as root enables the ability to execute privileged commands.
SuperUser su Command
The su command, if it’s not mentioned any username, will open a new shell for the root user, which provides administrative access. The su command can be used to act temporary as a different user.
su [options][username]
Shell login option is recommended, as the shell login resets and reconfigure the shell with the settings of the new user. You can use one of the options below:
su – su -l su -login
After you execute the su command, you will be asked for the password. The password will not be visible as you type it, because of security purposes.
If you try to execute sensitive commands as sysadmin user, they will fail:
And as root user, will not fail:
Example (as normal user): yum update (updates the linux operating system). (apt-get update/upgrade in Ubuntu)
To leave the current login and get back to you previous one, use exit command.
sudo Command
The sudo command allows a user to execute a command as another user, but will not create a new shell. sudo assumes that the default root user should be used to run the command. If you want to run a command using sudo, but as another user, -u option should be used:
Example: sudo -u username
Permissions
Determines the ways that users can interact with files and directories. When executing the command ls -l, the output includes permission details. We will use a script called test.sh located in the Documents directory. Use this command to switch to Documents directory: cd ~ /Documents
ls -l test.sh
File Type Field
The first character indicate the type of the file. If it’s a “ – ” character, this is a regular file. The “ d ” character is for the directories.
Permissions Field
The next 9 characters, after the file type character, indicates the permissions. These are broken in sets of 3 characters.
Owner
The first set of 3 characters is for the user who owns the file. If the current account is the user owner of the file then the first set of permissions will apply and the others will have no effect. To determine which of the users is the owner we can take a look at the user owner field.
Group
The second set of 3 characters if for the group that owns the file. If the current user is not the owner of the file and you are member of the group that owns the file, then this set of permissions apply and the others have no effect.
The group for this file can be identified if you take a look at the group owner field.
Other
The last set of permissions if for everyone else. If you are not the owner and you are not a member of the group, than the last set of permissions applies to you.
Permissions Types
r: contents of the file can be read or copied
w: contents of the file can be modified/deleted/overwritten. Allows the file to be added ore moved from a directory
x: a file can be executed/run as a process. Script files require read permissions as well.
Changing Permissions
The file permissions can be changed only by the root user or by the user that owns the file. The chmod (change the modes of access) command must be used in order to change the permissions of a file.
Using the chmod command there are two ways to change the permissions of the file: symbolic and octal.
Symbolic method is good to change a set of permissions at a time.
Octal/numeric method requires knowledge of the octal values of each permission and also requires all 3 sets of permissions, user, group, other to be specified each time.
In this tutorial will be covered only the symbolic one. You can find the octal mode here.
Symbolic Method
chmod [ <SET> <ACTION> <PERMISSIONS> ] . . . FILE
<SET> can have these values:
u: (user) user who owns the file
g: (group) group who owns the file
o: (other) anyone other than the owner or the group owner of the file.
a: (all) refers to the user, group and others
<ACTION> can have these values:
+: add permission
=: exact permission
–: remove permission
<PERMISSIONS> can have these values:
r: read
w: write
x: execute
FILE is the file on which the above permissions will be applied to.
The test.sh used in the previous example is a script. A script is a file that can be executed, and acts the same as a command or set of commands.
Use this command to execute the script (the dot is important): ./test.sh
The attempt fails. The system is logged in as sysadmin user which is also the owner of the file, giving the user owner the permission to run the script should allow you to execute it. Use chmod command with: u(user) +(add) x(execute) test.sh(FILE). The full command line should be: chmod u+x test.sh
If there is no output after you run the above command then it mean it has succeeded and you can verify the new permissions: ls -l
Try to execute the script again: ./test.sh
./ indicates that the script should be run from the current directory.
Changing file ownership
Owner of a file is the user who created it, this can be changed by chown command. To use this command require administrative access. The chown command can also change the group ownership, this can be accomplished by root user or owner of the file.
chown [OPTIONS] [OWNER] FILE
The [OWNER] attribute specifies the new owner of the file and FILE attribute specifies the name of the file on which the new owner should be applied.
Switch to the /Documents/ directory.
Example: cd ~/Documents/
View the owner of the file.
Example: ls -l
To switch the owner of test.sh script to root user, use root as [OWNER] and also implies the use of sudo command to gain administrative access.
Example: sudo chown root test.sh
How to add a user to sudoers file?
Use ls -l to check the new owner of the script test.sh
Example: ls -l test.sh
Try to execute the script again.
Example: ./test.sh
It will fail. The new owner is root and administrative access is required because only the owner has the right to execute it. In order to execute it sudo command is required.
Example: sudo ./test.sh
