I am root
Why root?
- Multiuser OS
Note:
- root is god mode
- File permissions don’t apply
More about the su command
su -
Note:
- GUI discourages root login
- su = substitute/switch user
- dash = login shell
Experiment 11-1
Playing with su
Getting to know the root account
Experiment 11-2
root’s user and group ID
Experiment 11-3
File access privileges
Experiment 11-4
File ownership and permissions
Experiment 11-5
God mode
Disadvantages of root
“Unix was not designed to stop its users from doing stupid things, as that would also stop them from doing clever things.” —Doug Gwyn
Note:
- Catastrophic mistakes
Escalating user privilege
The bad ways
Note:
- Give user root password
- Change user ID to 0
- Setuid
–
Using sudo
Experiment 11-6
Empowering users with sudo
Do do that sudo that you do so well
Note:
- Rough description of sudo
The sudoers file
Experiment 11-7
Taking a look at the sudoers file
Host aliases
Note:
- Make sudoers file portable
User aliases
Note:
- Define groups of users
- % = group
Command aliases
Note:
- Define groups of commands
Environment defaults
Note:
- !visiblepw = do not run if terminal echoes password
Command section
student ALL=(ALL) ALL
SCRIPTUSERS ALL=/usr/local/bin/myscript
Note:
- First ALL: host
- Second ALL: run as
- Third ALL: command
Bypassing passwords
SCRIPTUSERS ALL=NOPASSWD: /usr/local/bin/myscript
wheel
Real sysadmins don’t sudo
Note:
- This topic needs more nuance
- sudo writes a log
- Modern dev tools often work without sudo
sudo or not sudo
Bypass sudo
sudo -i
Note:
- Easier than assign a root password and
su -
Valid uses for sudo
Delegation of specific tasks
Using su as root
$ su - username
vs
# su - username
Note:
- Never give away your password