There are quite a few situations in which it is necessary to elevate privileges and execute commands as
root. Some we have already encountered, others we will get to know in future lessons:
- Installing new programs
- Navigating through someone else's directories
- Changing permissions and owners of files that do not belong to the current user
- Creating, editing, and deleting files in places where the current user does not have rights
- Running programs that require elevated privileges
You can become another user directly in the system by using the su (substitute user, switch user) utility. This was once the main way, but now it's outdated and not recommended for use. You can read more about this in the article from the supplementary materials. The main way to elevate privileges in modern systems is the utility sudo (substitute user and do).
Using sudo is very easy, just write this command to the left of any other command and execute it. By default it tries to elevate privileges to superuser:
# No rights to execute touch /etc/myfile touch: cannot touch '/etc/myfile': Permission denied # With sudo everything works sudo touch /etc/myfile # You can see that the owner of the file is root stat /etc/myfile File: '/etc/myfile' Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: ca01h/51713d Inode: 2761 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) # No rights to delete rm /etc/myfile rm: remove write-protected regular empty file '/etc/myfile'? y rm: cannot remove '/etc/myfile': Permission denied # sudo helps again sudo rm /etc/myfile
Depending on your system's
sudo settings, this utility may ask for your login password or refuse to work at all, saying you have no right to use it. As a rule, in Ubuntu
sudo asks for the password and remembers it for 5 minutes. During this period, you can use
sudo without having to enter the password every time.
Sometimes it's necessary to execute a command under a user other than
root. Then we have to add the
sudo -u nobody mkdir /tmp/test # File created by nobody stat /tmp/test File: '/tmp/test' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: ca01h/51713d Inode: 4577 Links: 2 Access: (0755/drwxr-xr-x) Uid: (65534/ nobody) Gid: (65534/ nogroup)
If the task is to perform a bunch of actions at once on behalf of another user, it's possible to start a new shell inside the current one (they say that we start a new session):
sudo -i id uid=0(root) gid=0(root) groups=0(root)
The main thing is not to forget to switch back after completing the necessary actions. To do this, type
Knowing about sudo plays a cruel trick on newbies. Every time they see "strange" errors, they do not try to figure it out, but try to run a command with sudo without parameters, i.e., just run it as a superuser. This approach often works, but it creates more problems than it solves.
Running a command that creates files and directories under sudo, causes the root user to become the owner of those files. In fact, all subsequent access rights to this file without sudo will start giving an error about lack of access rights. And you may not even have to work with these files directly; many programs in one way or another access the file system to read the configuration and other files.
The right way out in each case is different. In some cases sudo is just what you need, but sometimes you need to change permissions (more on that in the next lesson) and sometimes you need to reinstall some part of the system.
The most general rule might be that everything in the user's private directories should belong to the user, not to the superuser. Anything that requires additional rights because it is in the system paths (outside the user's home directory) should instead be run with sudo (but this isn't necessary).
ls -la # All the contents of the home directory belong to a single user. # The user directory itself belongs to the user, # and the parent directory belongs to the superuser drwxr-xr-x+ 117 mokevnin staff 3744 Feb 19 15:55 . drwxr-xr-x 5 root admin 160 Oct 12 19:15 .. -r-------- 1 mokevnin staff 7 Nov 21 2017 .CFUserTextEncoding -rw-r--r--@ 1 mokevnin staff 22532 Feb 8 00:04 .DS_Store