The difference between the Linux root user and the general user __linux

The root user can do anything on the Linux system, and permissions do not receive any restrictions. Tasks that typically require root permissions include moving files or folders in or out of the system directory, copying files to the system directory, giving or withdrawing user rights, and system maintenance and installation of applications, such as: software that installs the RPM format usually requires root permissions, Because you need to write some information to the system directory. There is also a need to note that for a well-known port less than 1024 ports, only the root user can have permission to listen, if the application needs to listen for ports less than 1024, you can use the temporary power, listening to the port after the way to recover permissions. If you run the application with root all the time, it will be dangerous, and Linux SendMail has been running with root sendmail because you are listening on port 25, you can control the entire server through this security issue after the SendMail program has gone wrong. Because it was set up with the root user.

A typical user is something that is specified according to the permissions of the group he is in, but in general, it refuses to use commands that affect his home directory. Users can be allowed to use the sudo command and give root privileges temporarily. The Unix family system defaults to the organization's general user access to the key parts of the system and other users ' files and folders.

What commands you can perform after sudo can be edited by editing the/etc/sudoers file:

To give a user privileges so that they can execute all commands using sudo, add in the configuration file:

User name all= (all)

Only partial privileges are enabled for the user:

User name Host name =/sbin/halt,/sbin/poweroff,/sbin/reboot

You can also set the time-out mechanism by/etc/sudoers, and so on.

The/etc/sudoers file defaults to only root users can modify and access, and if you accidentally modify the access rights of/etc/sudoers, remember to restore immediately.

In short, for a typical application, no matter how high-sounding the reason is, it is forbidden to start with the root user, even within the company or within the data center of the server, because you can not guarantee that your program will not go wrong. Therefore, for the sake of security, it is best to create an application-specific account, and give the account application needs the permissions (that is, the minimum permissions), so that even if the program is out of order, the attacker's control of the entire machine is limited.

References: http://www.linfo.org/root.html