Application of Super privilege control in Linux operating system

In the Linux operating system, root is the highest, and is also known as the owner of the Super privilege. The actions that ordinary users cannot perform, which root users can accomplish, are also called Super Admin users.

In a system, each file, directory, and process is owned by one user, and no user is permitted to operate on other ordinary users, except for root. Root privileges also show that root can exceed any user and user group to

Read, modify, or delete files or directories (within the system's normal license); executing, terminating, adding, creating, and removing of the executable, or modifying the files and directories to fit the needs of system administration (because root is the most privileged user in the system) ;

I. Understanding of super users and ordinary users

1, what is a super user;

In all Linux systems, the system uses UID to differentiate user privilege levels, and users with a UID of 0 are agreed by the system to have super privileges. Super users have the highest privileges in the system agreed to operate within the park, so that the superuser can complete the system management of all the tools, we can find through/etc/passwd to the UID of 0 of the user is root, and only the root corresponding to the UID 0, from this point of view, The root user is irreplaceable to high status and unrestricted permissions in the system. Root user is superuser in the system;

2, understand the UID and the corresponding relationship between users

When the system is installed by default, the system user and UID are one-to-one pairs, meaning that a UID corresponds to a user. We know that user identity is confirmed by UID, we have mentioned in the commentary to the UID in user and user group profile details that "UID is an identity that confirms user rights, and the role of the user logon system is achieved through UID, not user name;" It is dangerous to share a UID with a few users, for example, if we change the UID of the average user to 0 and root with a UID, this in fact creates a confusion over the system's administrative privileges. If we want to use root permissions, we can do this through Su or sudo, and we must not let a user and root share the same UID;

In the system, can you make the UID and the user is a one-to-many relationship? Yes, for example, we can assign a UID value of 0 to several users to use together, which is the UID and the user's one-to-many relationship. But it is a bit dangerous to do so; users with the same UID have the same identity and permissions. For example, we in the system to beinan this ordinary user's UID to 0, in fact, the average user has a super privilege, his ability and permissions and the same as the root user Beinan all operations will be identified as root operation, because the Beinan uid is 0, The UID of 0 users is root, is not a bit of a nuisance? can also be understood as the UID of 0 of the user is root, the root of the UID is 0;

UID and the user's one-to-one correspondence, only requires administrators to conduct system management, the adherence to the guidelines, because system security is still the first place. So we still keep the super permissions to root the only user is the best choice;

If we do not share the 0 value of the UID to other users, only the root user is the only one with uid=0, and Root is the only Super privilege user;

3, ordinary users and camouflage users

The opposite of the superuser is the average user and the dummy (also known as the Disguise user), the ordinary and the disguised user is the limited user, but in order to complete the specific task, the ordinary user and the disguise user also must; Linux is a multi-user, multitasking operating system, many users are mainly embodied in the user's role of diversity, different users are assigned different permissions; This is also the essence of Linux systems that are more secure than Windows, even now the latest version of Windows 2003, Also cannot erase its single user system's brand;

Two. The role of Super User (privilege) in System management

How does a superuser (UID 0 user) play a role in system management? Mainly in the following two points;

1, to any file, directory or process to operate;

However, it is worth noting that this operation is within the maximum allowable scope of the system operation, and some operations are the root of the super permission can not be completed;

For example, the/proc directory,/proc is used to respond to real-time state information of the system running, so even root is powerless; its permissions are as follows

[Root@localhost ~]# pwd

/root

[Root@localhost ~]# CD/

[Root@localhost/]# ls-ld/proc/

Dr-xr-xr-x 134 root Root 0 2005-10-27/proc/