Previous Section  < Day Day Up >  Next Section

16.2. The Superuser

A newbie to UNIX or Linux forgets his or her password and asks a colleague what to do. A typical response would be "You can't fix it yourself, unless you're root. Go find a superuser." Before looking into the details of running scripts as a superuser (also called root user), you should make sure you understand what the term superuser means. UNIX/Linux systems come with two types of user accounts, regular and superuser. Regular accounts have access only to the files and processes they own or that give them specific permissions, such as group and other. Superuser accounts, on the other hand, have access to all the files and processes on the system. Superusers can modify, copy, remove, examine, change permissions, and delete files owned by other users without having specific permissions to do so; they can kill processes without being the process owner. They are omnipotent and have no restrictions. The most common superuser account is called root. Many machines also have additional superuser accounts. You can identify a superuser account by running the id command or by looking at the prompt. If the output of the id command displays a user identification number (uid) of 0, or the shell prompt is a pound sign (#), then the account belongs to a superuser. The terms superuser and root are often used interchangeably.

Example 16.1.

1   # id

    uid=0(root) gid=0(root) groups=0(root)

2   # ls -l /tmp

    total 1

    drwxr-xr-x    2 root     root           72 Feb 10 23:29 .

    drwxr-xr-x   26 root     root          680 Feb 10 23:28 ..

    -r--------    1 ellie    users           0 Feb 10 23:29 myfile

3   # cat myfile

    This is my file.


EXPLANATION

  1. First, notice that the prompt is a pound sign (#). Superuser accounts traditionally use this prompt. When the id command is run, the output shows a uid number of 0, which means that this is a superuser account. (The uid number is your account number, listed in the third field of /etc/passwd file on your machine.) The output also shows a login name of root. Although root is commonly the name of the account, it is technically the uid number of 0 that gives you superuser access; it doesn't matter whether the account is named root or something else.

  2. The ls command displays a file called myfile in the /tmp directory owned by user ellie. User ellie is the only user who has permission to read the file. All other permissions are all turned off.

  3. Because this is a superuser account, the file contents can be displayed without having read access to the file.

    Previous Section  < Day Day Up >  Next Section