Root 101 - Concept of Root for Newbies

Fozz writes "One of my colleagues wrote this article explaining the concept of root/super user for Unix newbies. He wrote it after looking for information like it and not finding much. His analogy of Unix and an apartment complex is one of the best metaphors I've seen for understanding multi-user OSes." If you're running any variety of Unix, you've probably been forced to learn this pretty well already, but this is a very lucid explanation to point out to curious friends / co-workers who aren't so sure.

CLI

[TheCrimsonUnbeliever]

It is the CLI of unix that gets people every time - there is no way to explain that it is generally easier to do stuff through a cli

ifconfig for example - I can rememeber the ifconfig line for any computer on my network and have it in and done in seconds

But in windows it takes a few minutes just to click click click

Re:CLI

[suwain_2]

Precisely! I constantly field questions from people on why I insist on using programs in 'DOS,' and how Linux is SOOOOO outdated because of this. What they don't get is exactly what you said: if you know what you're doing, it's often times 10x easier to just type in the command than it is to point-and-click through illogically-oriented menus. (I'll admit, if I have no clue what I'm doing, a GUI helps...)

Sometimes the command line can save even more time, not just because you don't have to search poorly-layed-out GUIs for the option you want. For example, the other day I got really sick of having about 50 "incomplete" MP3s in my playlist. Rather than going through and deleting all the files one by one, I fired up Cygwin (which gives you a shell on Windows... quite handy!) and did "rm __INCOM*" to delete the countless files beginning with "__INCOMPLETE__" Nice and handy.

Not to mention the remote access aspect of the command line. I'm responsible for maintaining a webserver running Linux; it's so handy to be able to pull up an ssh session and do whatever needs to be done. Let's see the admins of the Windows boxes neighboring it work on their servers from home.

Anyway, I may have just bored everyone to death, but for those just getting into Linux/UNIX, don't fear the command line! If you take the time to learn it, you'll grow to love it.

Re:CLI

[joshuac]

---snip
Not to mention the remote access aspect of the command line. I'm responsible for maintaining a webserver running Linux; it's so handy to be able to pull up an ssh session and do whatever needs to be done. Let's see the admins of the Windows boxes neighboring it work on their servers from home.
---snip

It's not difficult to setup ssh on windows, and redirect the io of cmd.exe (or most any other CLI shell available for windows, come to think of it) through it if you know what you are doing. The problem isn't so much the OS, it's the type of admins the OS attracts. 90% of windows "admins" do not know how to use the cli and cli apps included with windows, or even use many of the graphical management tools included to their full extent.

With NT 5 native RDP support was added, although you have been able to make any NT machine support RDP for awhile now, (assuming you do not need multi-user support; in that case your stuck with their terminal server distribution, or purchasing something re-written by Citrix and dumping RDP for their protocol), and with NT 5 they made a telnet server an official part of the distribution (not that I would suggest using it). Of course, you could do all this years ago with NT 4 as well...(and with NT 3.5x with a little adaptation, probably).

BUT...do many NT "admins" know how to do this, or even have the slightest clue about where they would go to get started? Nope. And from what I have observed, in more than a few places having a _little_ more knowledge about the OS they "support" would have made their lives a lot easier...but they don't bother, they just keep slogging on with what little knowledge someone force fed them at a certification class.

Unix admins on the other hand tend to actually take an interest in knowing what makes their OS tick. Partly that the OS is much more open (for some Unix OS's, you can even get the source code easily). Partly that in the Windows world, the interface to a server appears identical to the interface to a workstation, which gives confidence to users who want to become an admin where they deserve no confidence at all :).

A good admin can make up for a weakness on any platform, whether it be Netware, Linux, Windows, or Lantastic, without needing to blame his/her tools. A lousy "admin" can also more than compensate for all the strengths of a platform. What matters most is the competency of the admins that tend to work with those systems, not really the systems themselves.

That all said, given a choice, I know which platform is takes me much less effort to secure than the others...heck, you might almost say it is "secure by default" :)

Not a good idea ...

[Khalidz0r]

I think if this is directed to newbies then it shouldn't contain information about "how to get your root password".

Well, if someone needed it they'll know how to search and find out, but then, stating it right away in a "beginner" introduction only brings interest to script kiddies to *hack* the password.

If you use the information below to bypass security on a computer you're not supposed to be messing with, you're probably committing a felony.

That's more of an eye opener than a warning.

Thanks for reading,

Khalid

Re:Not a good idea ...

[Khalidz0r]

The fact that they have short memory doesn't mean you tell em (oh it's easy to get it back so never mind about caring about the password).

Telling a newbie that they SHOULD do something right is way more impoortant than telling them the WRONG alternative.

There are many cases where machines are physically accessible by script kiddies, one would GO search for a unix-based PC just to "root" it after seeing this, I know many people who would.

I just don't think it's the right place to put such info.

Khalid

Re:Not a good idea ...

[haoledave]

I put this in the piece because I forgot my own password once, when I was first learning to use Linux. A buddy set up the machine for me, configured it, and I basically just played around on the command line. When I actually began to want to do things, I found I had forgotten my root password. Luckily, my buddy knew it, since he had set up the machine

My belief is that if we want to make Linux a viable alternative to Windows for garden variety users, we have to demystify it. This means giving them the tools to save themselves if they make mistakes.

We can't have it both ways. If we want people to use Linux, we can't keep them in the dark about the ins and outs. This means those of us who have boxes sitting around need to make sure they're physically secure. Both grub and lilo have password options...

Re:Not a good idea ...

If your site security is so bad you're worried about a how-to text describing how newbies can obtain their own root password, I feel justified in disregarding your opinion in this matter. Honestly, you're recommending security through obscurity, which is never a good thing. Not only that, but the information you're objecting to is so basic that I can't help but wonder if you're serious.

Making a master key

[DeadSea]

Too bad that it doesn't tell you how to escalate your priveleges from user to root the same way that you can escalate your priveleges to master key in your apartment building using your apartment door key.

That would be really worthy of Slashdot.

The one thing that appears to be missing is the section "Why shouldn't I run as root all the time if I'm the only one using my system." In your house (comparing your single user system to your house) nobody can control you like a puppet. Somebody can't move your arms and legs and force you to take a sledgehammer to the hot water heater. If you are running Unix as root, any code that you run could make you do just that. It's worth protecting yourself against virii by not running as root.

Sudo

[aridhol]

The comments on sudo are almost correct...

When you use sudo, you will be asked for a password. But it's your own password, not the admin password. Also, you'll have to be configured with sudo access to run the command you're requesting. And your admin will be emailed if you try to do something you're not allowed to do.

Re:misleading capabilites of root

He probably meant 'services' instead of 'processes'. Like things in /etc/rc.d/init.d for example. Starting stuff like network interfaces, system loggers, daemons can only be done by root.

root vs. Administrator

[magickalhack]

This piece deserves a companion article: what Microsoft did wrong. It is utterly impracticle to use anything other than an Administrator account when running windows (despite the vulnerabilities this leaves you open to) because over half of the useful programs out there, including many titles by Microsoft itself, require Administrative access unnecessarily. The breakdown of privledges is much more distinct in the *nix world. Windows has a long way to go.

Re:Kludge?

[martyros]

Well, even in systems like LIDS which have controls even on root, there are still ways to gain privileges to do things... in other words, there is the need for a super-super-user. The basic problem is that people make mistakes, and things are buggy. What happens if a user accidentally takes away his own access to a file? What happens if the MAC or capabilities get screwed up somehow -- either because of end-user error, or some glitch in the system? Until we can guarantee this won't happen (i.e., probably never) you need the ability to come in and play 'God', so to speak, to set things right.

What's a kludge is giving some random process complete superuser access, when all it needs to do is just one thing -- i.e., modify /etc/passwd, or bind to port 80, or access /dev/tape to do a backup. That's what MAC and capabilities are for.

You know what I want?

I want to use Linux. I want to use a command line. I want to know how to add and remove programs. I want to know how to add and remove hardware refences in the kernal. I want to know how to access my data. I want to know what programs are on my system, and what they do. I want to find programs that do specific tasks. I want these and a whole lot more. And I want it all in an easy to UNDERSTAND reference guide.

I know everyone says "Switch to Linux! It's more powerful and stable then Windows, and it free!" But I have tried several times to switched, and everytime I do something goes wrong. I can't get the sound to work. I can't get my network card to work. I can't get the proper video drivers installed. I can't get it to boot up properly. Whatever. And everytime, I install Windows, spend an hour or two setting up my programs and getting everything, and I'm done. I'm using my system. I have never had that with Linux.

Basically, I want a Linux system that's as easy to install and use as Windows. I would love to learn how to use Linux properly. But I can't seem to learn it. And I've had to learn how to use an AS/400 system. Even that was easier to do then learn Linux. And I'm a programmer. It's not like I'm some dumb schmuck who thinks Windows is the best thing in the world. So until you can give me a Linux system that I can learn, or give me a better way to learn it...then you'll have problems getting the mainstream users.

Re:You know what I want?

[zootread]

Well, I never asked you to switch to Linux. Linux/UNIX as a primary OS is for the experienced. If you want to learn, give it a try and spend the time to get experienced. If you're too unmotivated to figure it out, don't bother. It takes time to learn these things. You have to give Linux/UNIX at least 6 months of solid use before you can even call yourself a beginner. It will not be easy, no one said it would. But in the end you will be more comfortable in this environment then you ever were in Windows. You'll feel the true power as you will be able to do things that are effortless to do in Linux but nearly impossible to do in Windows.

I want to use Linux. I want to use a command line. I want to know how to add and remove programs. I want to know how to add and remove hardware refences in the kernal. I want to know how to access my data. I want to know what programs are on my system, and what they do. I want to find programs that do specific tasks.

Sounds like you want to give Debian a try.

Also, Linux is not the only OS you can try. Try a *BSD or even OS X.

Re:You know what I want?

[haoledave]

Hear hear! Get a Mac, run OS X, do as much as you can in the terminal, and then drop into the GUI when you really get into a bind.

From my experience, the only way to learn this stuff is to do it. Make mistakes. Buy a book or two, search the web for the stuff you don't understand, and make some really good hacker friends. Buy them caffeine.

What Microsoft did right...

[hoegh]

...was to see that users like my parent couldn't care less about security. Anything that hinders them in doing what they want to do is considered a nuisance.

I am also having a hard time explaining to my wife why I have revoked most priviliges for the "Internet zone" in IE (yes, I prefer Phoenix too, but the sad fact is, that there are many sites that won't work unless you use IE) - somehow it is still to much of a bother to add sites that we trust to the "trusted site" list the first time we visit them.

Maybe you just need to get burned once to respect fire (and of course understand what happened). Within the first 48 hours of my job as a student programmer I managed to wipe all files of several projects - my current directory wasn't what I thought is was and I had become more priviliged than I should be. That day I learnt not to invoke all priviliges in the login-script but only as needed. I also learnt something about proper backup routines that day - the nightly backup really saved me (thank you dear sysadmin for saving my from the wrath of my colleges...!).

Oh - that reminds me of another story. As student programmers we were given group-privileges (this was VAX/VMS). It was very practical to be able to start and stop job on behalf of other student programmers etc. Once one of the other student programmers wrote a utility that would log you out every interactive session wherever you where logged in (which was rather handy when someone asked if you would like to come along for beer). The utility stopped all interactive processes that it could find, but the author remembered to explicitly turn of our group priviliges before doing so, so we didn't accidentially log each other out. Somehow our sysadmin got hold of this utility and since it was throughly tried and tested by us for several months, he trusted it. One crusual difference between a student programmer and a sysadmin is that a sysadmin has world-priviliges and the script didn't turn these of...! He learnt the hard way that as a sysadmin you should trust noone.

When we asked above mentioned sysadmin for more privileges ("can I have oper-privileges so I can restart this print-queue?!?") he always answered "Do you want more responsabilities?" No, we only wanted more privileges. "Well" he said "it is the same thing - do you still want your privileges?" Somehow it wasn't really nessecary with more privileges anyway. And that is perhaps one of the most useful lessons to be learnt.