Linux_logo_errorbits.comAdministrative Access

Many Linux commands deal with sensitive data like system hardware, passwords or operate under exceptional circumstances. Prevents regular users from executing these commands by mistakes and helps to protect data and system integrity. By logging in as root enables the ability to execute privileged commands.

SuperUser su Command

The su command, if it’s not mentioned any username, will open a new shell for the root user, which provides administrative access. The su command can be used to act temporary as a different user.

su [options][username]

linux su command errorbits.com

Shell login option is recommended, as the shell login resets and reconfigure the shell with the settings of the new user. You can use one of the options below:

su –
su -l
su -login

After you execute the su command, you will be asked for the password. The password will not be visible as you type it, because of security purposes.

If you try to execute sensitive commands as sysadmin user, they will fail:

linux yum update command errorbits.com

And as root user, will not fail:

linux yum update command errorbits.com _success

Example (as normal user): yum update (updates the linux operating system). (apt-get update/upgrade in Ubuntu)

To leave the current login and get back to you previous one, use exit command.

linux exit su command errorbits.com

sudo Command

The sudo command allows a user to execute a command as another user, but will not create a new shell. sudo assumes that the default root user should be used to run the command. If you want to run a command using sudo, but as another user, -u option should be used:

linux sudo command errorbits.com

Example: sudo -u username

Permissions

Determines the ways that users can interact with files and directories. When executing the command ls -l, the output includes permission details. We will use a script called test.sh located in the Documents directory. Use this command to switch to Documents directory: cd ~ /Documents

ls -l test.sh

linux script ls-l errorbits.com

File Type Field

The first character indicate the type of the file. If it’s a “ ” character, this is a regular file. The “ d ” character is for the directories.

Permissions Field

The next 9 characters, after the file type character, indicates the permissions. These are broken in sets of 3 characters.

Owner

The first set of 3 characters is for the user who owns the file. If the current account is the user owner of the file then the first set of permissions will apply and the others will have no effect. To determine which of the users is the owner we can take a look at the user owner field.

Group

The second set of 3 characters if for the group that owns the file. If the current user is not the owner of the file and you are member of the group that owns the file, then this set of permissions apply and the others have no effect.

The group for this file can be identified if you take a look at the group owner field.

Other

The last set of permissions if for everyone else. If you are not the owner and you are not a member of the group, than the last set of permissions applies to you.

Permissions Types

r: contents of the file can be read or copied

w: contents of the file can be modified/deleted/overwritten. Allows the file to be added ore moved from a directory

x: a file can be executed/run as a process. Script files require read permissions as well.

Changing Permissions

The file permissions can be changed only by the root user or by the user that owns the file. The chmod (change the modes of access) command must be used in order to change the permissions of a file.

Using the chmod command there are two ways to change the permissions of the file: symbolic and octal.

Symbolic method is good to change a set of permissions at a time.

Octal/numeric method requires knowledge of the octal values of each permission and also requires all 3 sets of permissions, user, group, other to be specified each time.

In this tutorial will be covered only the symbolic one. You can find the octal mode here.

Symbolic Method

chmod [ <SET> <ACTION> <PERMISSIONS> ] . . . FILE

<SET> can have these values:

u: (user) user who owns the file

g: (group) group who owns the file

o: (other) anyone other than the owner or the group owner of the file.

a: (all) refers to the user, group and others

<ACTION> can have these values:

+: add permission

=: exact permission

: remove permission

<PERMISSIONS> can have these values:

r: read

w: write

x: execute

FILE is the file on which the above permissions will be applied to.

The test.sh used in the previous example is a script. A script is a file that can be executed, and acts the same as a command or set of commands.

Use this command to execute the script (the dot is important): ./test.sh

linux script run errorbits.com

The attempt fails. The system is logged in as sysadmin user which is also the owner of the file, giving the user owner the permission to run the script should allow you to execute it. Use chmod command with: u(user) +(add) x(execute) test.sh(FILE). The full command line should be: chmod u+x test.sh

linux chmod command errorbits.com

If there is no output after you run the above command then it mean it has succeeded and you can verify the new permissions: ls -l

Try to execute the script again: ./test.sh

./ indicates that the script should be run from the current directory.

Changing file ownership

Owner of a file is the user who created it, this can be changed by chown command. To use this command require administrative access. The chown command can also change the group ownership, this can be accomplished by root user or owner of the file.

chown [OPTIONS] [OWNER] FILE

The [OWNER] attribute specifies the new owner of the file and FILE attribute specifies the name of the file on which the new owner should be applied.

Switch to the /Documents/ directory.

Example: cd ~/Documents/

linux cd ~ command errorbits.com

View the owner of the file.

Example: ls -l

linux ls -l command errorbits.com

To switch the owner of test.sh script to root user, use root as [OWNER] and also implies the use of sudo command to gain administrative access.

linux chown root fail command errorbits.com

Example: sudo chown root test.sh

linux sudo chown command errorbits.com

How to add a user to sudoers file?

Use ls -l to check the new owner of the script test.sh

Example: ls -l test.sh

linux ls -l test.sh errorbits.com

Try to execute the script again.

Example: ./test.sh

linux test.sh script run fail errorbits.com

It will fail. The new owner is root and administrative access is required because only the owner has the right to execute it. In order to execute it sudo command is required.

Example: sudo ./test.sh

linux sudo test.sh script run errorbits.com


Useful links:

Linux Directory Map / Structure

Introduction to Linux

Using Help in Linux

Download and install Oracle VirtualBox

How to install CentOS on Oracle VirtualBox