Previous Section
 < Day Day Up > 
Next Section


Superuser Control: the Root User

To perform system administration operations, you must first have access rights such as the correct password that enables you to log in as the root user, making you the superuser. Because a superuser has the power to change almost anything on the system, such a password is usually a carefully guarded secret, changed very frequently, and given only to those whose job is to manage the system. With the correct password, you can log in to the system as a system administrator and configure the system in different ways. You can start up and shut down the system, as well as change to a different operating mode, such as a single-user mode. You can also add or remove users, add or remove whole file systems, back up and restore files, and even designate the system's name and address.

To become a superuser, you log in to the root user account. This is a special account reserved for system management operations with unrestricted access to all components of your Linux operating system. You can log in as the root user from either the GUI (graphical user interface) login screen or the command line login prompt. You then have access to all administrative tools. Using a GUI interface like GNOME, the root user has access to a number of Red Hat GUI administrative tools such as redhat-config-packages for installing software or redhat-config-users for managing users. If you log in from the command line interface, you can run corresponding administrative commands like rpm to install packages or useradd to add a new user. From your GUI desktop, you can also run command-line administrative tools using a terminal window. The command line interface for the root user uses a special prompt, the sharp sign, #. In the next example, the user logs in to the system as the root user and receives the # prompt.

login: root
password:
#

Root User Password

As the root user, you can use the passwd command to change the password for the root login, as well as for any other user on the system. The passwd command will check your password with Pluggable Authentication Modules (PAM), as discussed in Chapter 28, to see if you've selected one that can be easily cracked. To more easily change your root password from a GUI interface, you can use the redhat-config-rootpassword tool.

# passwd root
New password:
Re-enter new password:
#

You must take precautions to protect your root password. Anyone who gains access as the root user will have complete control over your system. The online manual for the passwd command provides detailed recommendations for handling and choosing your password. For example, never store your password in a file on your system, and never choose one based on any accessible information, such as your phone number or date of birth. A basic guideline is to make your password as complex as possible using a phrase of several words with numbers and upper- and lowercase, yet something you can still remember easily so you never have to write it down. You can access the passwd online manual page with the command:

# man passwd

Root User Access: su

While you are logged in to a regular user account, it may be necessary for you to log in as the root and become a superuser. Ordinarily, you would have to log out of your user account first, and then log in to the root. Instead, you can use the su command (switch user) to log in directly to the root while remaining logged in to your user account. If you are using a GUI desktop like GNOME, you can enter the su command from a terminal window, or use ALT-CTRL-F1 to switch to a command line interface (ALT-CTRL-F10 returns you back to the GUI interface). A CTRL-D or exit command returns you to your own user login. When you are logged in as the root, you can use su to log in as any user, without providing the password. In the next example, the user is logged in already. The su command then logs in as the root user, making the user a superuser. Some basic superuser commands are shown in Table 27-1.

$ pwd
/home/chris
$su
 password:
# cd
# pwd
/root
# exit
$
Tip 

For security reasons, Linux distributions do not allow the use of su in a Telnet session to access the root user. For SSH- and Kerberos-enabled systems, Red Hat provides secure login access using slogin (SSH) and rlogin (Kerberos version).

Table 27-1: Basic System Administration Tools

Command

Description

su root

Logs a superuser into the root from a user login; the superuser returns to the original login with a CTRL-D.

passwd login-name

Sets a new password for the login name.

crontab options file-name

With file-name as an argument, installs crontab entries in the file to a crontab file; these entries are operations executed at specified times (see later section):
-e Edits the crontab file
-l Lists the contents of the crontab file
-r Deletes the crontab file

telinit runlevel

Changes the system runlevels.

shutdown options time

Shuts down the system.

date

Sets the date and time for the system.

Red Hat Date and Time Properties tool, redhat-config-date

GUI tool to set system time and date (System Settings | Date & Time).

Kcron

KDE GUI interface cron management tool (System Tools | Task Scheduler).

redhat-config-rootpassword

GUI tool to change the root user (administrator) password. (System Settings | Root Password).

redhat-logviewer

GUI tool to view system logs the of root user. (System Settings | Root Password).



Previous Section
 < Day Day Up > 
Next Section
This HTML Help has been published using the chm2web software.