Detailed explanation of root control in Linux system

Source: Internet
Author: User
Tags create directory mkdir system log

In the Linux operating system, root is the highest, and is also known as the owner of the Super privilege. The actions that ordinary users cannot perform, which root users can accomplish, are also called Super Admin users.

In a system, each file, directory, and process is owned by one user, and no user is permitted to operate on other ordinary users, except for root. Root privileges also appear to be that root can exceed any user or user group to read, modify, or delete files or directories (within the system's normal license), execute and terminate the executable, and add, create, and remove hardware devices; Files and directories can also be modified to suit the needs of system administration (because root is the most privileged user in the system);

One, to the super user and the general user's understanding;

 1, what is a super user;

In all Linux systems, the system uses UID to differentiate user privilege levels, and users with a UID of 0 are agreed by the system to have super privileges. Super users have the highest privileges in the system agreed to operate within the park, so that the superuser can complete the system management of all the tools, we can find through/etc/passwd to the UID of 0 of the user is root, and only the root corresponding to the UID 0, from this point of view, The root user is irreplaceable to high status and unrestricted permissions in the system. Root user is superuser in the system;

 2, understand the UID and the corresponding relationship between users

When the system is installed by default, the system user and UID are one-to-one pairs, meaning that a UID corresponds to a user. We know that user identity is confirmed by UID, we have mentioned in the commentary to the UID in user and user group profile details that "UID is an identity that confirms user rights, and the role of the user logon system is achieved through UID, not user name;" It is dangerous to share a UID with a few users, for example, if we change the UID of the average user to 0 and root with a UID, this in fact creates a confusion over the system's administrative privileges. If we want to use root permissions, we can do this through Su or sudo, and we must not let a user and root share the same UID;

In the system, can you make the UID and the user is a one-to-many relationship? Yes, for example, we can assign a UID value of 0 to several users to use together, which is the UID and the user's one-to-many relationship. But it is a bit dangerous to do so; users with the same UID have the same identity and permissions. For example, we in the system to beinan this ordinary user's UID to 0, in fact, the average user has a super privilege, his ability and permissions and the same as the root user Beinan all operations will be identified as root operation, because the Beinan uid is 0, The UID of 0 users is root, is not a bit of a nuisance? can also be understood as the UID of 0 of the user is root, the root of the UID is 0;

UID and the user's one-to-one correspondence, only requires administrators to conduct system management, the adherence to the guidelines, because system security is still the first place. So we still keep the super permissions to root the only user is the best choice;

If we do not share the 0 value of the UID to other users, only the root user is the only one with uid=0, and Root is the only Super privilege user;

 3, ordinary users and camouflage users

The opposite of the superuser is the average user and the dummy (also known as the Disguise user), the ordinary and the disguised user is the limited user, but in order to complete the specific task, the ordinary user and the disguise user also must; Linux is a multi-user, multitasking operating system, many users are mainly embodied in the user's role of diversity, different users are assigned different permissions; This is also the essence of Linux systems that are more secure than Windows, even now the latest version of Windows 2003, Also cannot erase its single user system's brand;

  The function of Super User (authority) in System management

How does a superuser (UID 0 user) play a role in system management? Mainly in the following two points;

1, to any file, directory or process to operate;

However, it is worth noting that this operation is within the maximum allowable scope of the system operation, and some operations are the root of the super permission can not be completed;

For example, the/proc directory,/proc is used to respond to real-time state information of the system running, so even root is powerless; its permissions are as follows

The code is as follows:

[Root@localhost ~]# pwd

/root

[Root@localhost ~]# CD/

[Root@localhost/]# ls-ld/proc/

Dr-xr-xr-x 134 root Root 0 2005-10-27/proc/

This is the directory, can only read and execute permissions, but absolutely no write permissions; it is that we open the/proc directory write permission to Root,root user is also unable to write operations;

The code is as follows:

[Root@localhost ~]# chmod 755/proc

[Root@localhost/]# ls-ld/proc/

Drwxr-xr-x 134 root Root 0 2005-10-27/proc/

[Root@localhost/]# cd/proc/

[Root@localhost proc]# mkdir TestDir

mkdir: Unable to create directory ' TestDir ': no file or directory

 2. For system management involving system overall;

Hardware management, file system understanding, user management and the system global configuration involved, etc... When you execute a command or tool, you are prompted to have no permissions, most of which require super privileges to complete;

For example, the use of AddUser to add users, this can only be done through the user with super privileges;

  3. The irreplaceable of Super authority;

Because of the important role that super privilege plays in system management, in order to complete the system management tasks, we must use the Super permission; In general, for system security, for the general level of application, the root user is not required to complete the operation, root users are only used to manage and maintain the system; such as system log viewing, cleaning, user additions and deletions ...

In the context of work that does not involve system management, ordinary users can do it, such as writing a file, listening to music, processing a picture with gimp ... Based on ordinary application calls, most ordinary users can complete;

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.