Linux Nitty Gritty: Working at the Ubuntu Command-Line Prompt (2011)
When you installed Ubuntu, a personal user account was created for you. As part of this process, a folder named after your username was created in /home, as mentioned previously.
In fact, on most Linux systems two login accounts are created during installation—a standard user, and the root user. The root user is a special user account gifted with the ability to do anything, such as delete system files, or install software. Its username is always root.
Normally when Linux is used on a PC, a standard user logs into the root account whenever she has to administer the system, and then logs out when she’s finished. However, she will spend most of her time logged into her ordinary user account, doing day-to-day stuff like browsing the web.
Ubuntu differs slightly from most Linuxes. Although the root account is there in the background, the user is discouraged from directly logging in as root. Instead, the user “borrows” root powers to administer the system when necessary. Usually, this is done by simply entering your login password when prompted. You’ll see this when attempting to run Synaptic, a program that administers software. Synaptic lives on the System > Administration menu, and, in fact, if you run any program on this menu a password prompt dialog box will pop-up. You won’t be able to get any further until the password is typed but, after this, the application will run with root powers.
Alternatively, some applications will start, but will have restricted functionality until the Unlock button is clicked, at which point the same password request will appear. With these applications, typing your password doesn’t give the entire application root powers, but a component of it. This is more secure and, eventually, all of Ubuntu’s administrative applications will work this way.
NOTE When working at the command-line, any command needing administrative powers must be preceded by sudo (gksu should be used for GUI apps).
Although the root user account has a back seat in Ubuntu, its influence is felt everywhere. Most operating system files are “owned” by the root user, and have permissions so that only root can edit them. In other words, only the root user—or a user borrowing root powers—can delete or modify vital files. In some cases, even viewing operating system files by ordinary users is prohibited.
This simple mechanism of protecting operating system files through root user ownership is how Linux enforces security and system protection. It’s simple but highly effective, and has stood the test of time for many years.
NOTE The fact that Windows fails to make this distinction, and effectively merges the standard and administrator types of user account, is one reason it’s so insecure. If a virus infects the system, it operates with administrator powers, so it can really cause trouble. Vista fixes this situation somewhat by pestering the user every time they do something even remotely dangerous to the system.
File permissions lie at the heart of understanding and working with the Linux filesystem, so let’s take a look at them in more depth.
As mentioned previously, every file is owned by a particular user—even system files, which are owned by the root user.
The owner of a file can set three separate sets of permissions: firstly for himself, secondly for the group, and lastly for all others.
In setting file permissions for himself, the file’s owner could mark a file as read-only, for example, to avoid accidentally changing it.
All users are members of a group, and each file is assigned to a particular group, in addition to being owned by a user. So, a separate set of file permissions can be granted for members of that group.
A third and final set of permissions can be configured for others, which is to say, users on the computer who aren’t the file’s owner, and who aren’t in the group.
TIP When trying to comprehend how Linux handles files, it helps if you remember it’s a clone of Unix, an operating system designed to have hundreds or even thousands of different users. One of the fun facts about Linux is that, although you might use it on your humble desktop computer, it really is capable of running on a mainframe computer without any adaptation.
You can view and edit file permissions for any file or folder by right-clicking it and selecting Properties from the menu. In the dialog box that appears, click the Permissions tab. You can only change permissions for a file or folder that you own.
Let’s take a look at permissions in action. The user called frank creates a spreadsheet. He’s a member of the accounts group, along with the user called jane, his colleague in the Accounts department. frank wants jane to be able to edit the spreadsheet, so he sets the group permissions for the file so that anybody in the accounts group can both read and write the spreadsheet. frank wants other people in the company to be able to view the spreadsheet, including users in other departments who aren’t in the accounts group. Yet he doesn’t want them to be able to edit it. So, he sets read-only permission for others.
In the case of operating system files, owned by the root user, permissions are normally set so that other users on the system can view (read) files, but not modify them (write). Important system folders are also protected in this way, so that new files can’t be created there. The root user also owns the root of the filesystem (known as C:\ in Windows). This particular permission is “hard-wired”, so that only the root user can create new files or folders there. Again, this is for security reasons.
NOTE Under Ubuntu, group file permissions are unimportant when it comes to files owned by root, because the root user is in a private group of its own, also called root.
Hands-on at the command-line
Finally, we look at what some consider the most fascinating and useful aspect of Linux: the command-line. The chapter explains:
* How to understand what the command prompt is telling you;
* How commands work (i.e. arguments and options);
* An overview of useful day-to-day commands;
* Tips and tricks to let you work efficiently;
* Using root powers at the command-line;
* Dealing with crashed or stalled programs;
* Understanding and manipulating file permissions;
* Advanced tricks (redirection, piping and brace expansion).