Working with root powers - Linux Nitty Gritty: Working at the Ubuntu Command-Line Prompt (2011)

Linux Nitty Gritty: Working at the Ubuntu Command-Line Prompt (2011)

Working with root powers

It’s generally discouraged under Ubuntu to log in as the root user. Therefore, administrative tasks are carried out by ordinary users who “borrow” the root user’s powers.

Using sudo

At the command-line, you can force a command to run with root powers by preceding it with sudo (short for super-user do). For example, to install software using the dpkg command, root powers are needed, so to use dpkg you would type something similar to the following:

sudo dpkg -i package.deb

You’ll be prompted for your password. Once this is entered, the command will complete.

If you run a graphical application from the command-line it’s necessary to precede it with gksu instead of sudo. To most intents and purposes, gksu is identical to sudo. For example, to start the Synaptic software installation application, you would type gksu synaptic.

NOTE If you’re using Kubuntu, the kdesu command is used instead of gksu. It’s identical in function to gksu. Under Xubuntu the gksu command is used, as with the main Ubuntu release.

Temporarily switching to root

Despite the desire of Ubuntu’s developers to stop you logging in as root, it’s possible to temporarily switch to the root user account. This is useful if you have a lot of administrative work to do, where typing sudo before each command can become annoying.

To switch to the root user temporarily, type the following:

sudo su

After typing your password, you’ll see that the command-prompt changes to a hash symbol, to indicate that you have root powers.

When you’ve finished your work and want to return to your ordinary user account, just type exit, or hit Ctrl+D.

Enabling root login

It’s also possible to enable the root login account. This will make Ubuntu just like most other versions of Linux and Unix. The main benefit of this is that it will let you directly login as root at a virtual console—just type root as the username.

To enable the root login, type the following; this will assign the root user a password and thereby allow login:

sudo passwd root

After typing your own password to authorize, you’ll be prompted to create a new password for root, so do so.

Following this, in addition to logging in as root at a virtual console, you can switch to the root user in a terminal window by typing su -, and entering the new root password when prompted. Once the admin work is done, type exit to logout (or hit Ctrl+D).

NOTE Enabling the root account login makes no difference to borrowing root powers using sudo or gksu—you’ll still have to enter your login password. The only time you’ll need to type the root password is when logging in as the root user.

It’s even possible to login to a Gnome desktop session as root. Because of the real potential for a misclick disaster, this is considered insanely reckless and isn’t permitted by default. However, for some major administrative operations, access to a root-enabled GUI can be useful.

To allow GUI login as root, click System > Administration > Login Window. Select the Security tab and put a check in the box marked Allow Local System Administrator Login. Then logout and back in.

Give it a try—type root as the username at the login screen.

TIP When logged in as an ordinary user you can start a Nautilus file browsing window with root powers by opening a terminal window and typing gksu nautilus. However, close the window straight after you’ve finished with it, because that Nautilus window will be able to delete any file, anywhere on the system!

File permissions in depth

It’s at the command-line where permissions become important.

The basics

Previously I mentioned that every single file is owned by a particular user on the system, and that the owner can set permissions for who can read the file and also who can write to it (i.e. modify the file).

Firstly, he can set permissions for himself. He can deny himself complete access if he wants, but more usually he might choose to deny himself the ability to write to the file so he can’t accidentally damage it—effectively, making it read only.

Additionally, each user is part of a group, and each file is assigned to a group. Further read/write permissions can be set to allow or deny read or write access by members of the group the file is assigned to.

A third set of read/write permissions can be set for all other users on the system, regardless of what group they’re in.

Execute permission

In addition to reading and writing, another permission can be set for files: execute. This is what marks out a file as a program and not just another data file.

The idea of an execute permission can be confusing to Windows users. Under Windows, the .exe file extension is usually used to identify files that are programs. However, if the execute permission isn’t set on a Linux file, the program is effectively just another data file, regardless of its file extension.

All this means that, if Frank was to manually download some software, he can set permissions for who can run the program. Again, three sets of permissions are available—for himself, the group the file is assigned to, and others. He could make it so that only he can run the program.