The root user in Ubuntu server

　　Ubuntu server, in addition to the installation process will prompt to set the first user (non-root) user name and password, until the installation is complete does not involve the root user settings. What the root user's password is, and how to set the root user, is confusing for the user who is just starting to use it.

Overview

Here is the official Ubuntu Server documentation for the relevant chapters of this topic, which are explained below:

　　The Ubuntu developer decides to disable the root account by default, which does not mean that the root account is deleted or inaccessible. It is only given a hard-to-crack password, so it should not be logged in directly.

Instead, users are encouraged to use a tool called Sudo to perform system management tasks,sudo allows authenticated users to temporarily gain root privileges through their own passwords without needing to know the password of the root account. This simple and efficient approach provides the user with the ability to act on the behavior, and gives administrators granular control over what they can do if a user gives certain permissions.

By default, the first user created during Ubuntu installation is part of the "admin" group, and the "admin" group has been added to the/etc/sudoers file as a certified sudo user.

sudo simple application

After logging in with the first user created, such as Bob, if you want to perform a command that requires root permissions, such as reboot, enter

sudo reboot

When the command executes, it prompts for Bob's password, which is valid for 15 minutes, that is, the sudo command is not required to re-enter the password within 15 minutes.

If you need to enable the root user for some reason, you need to give the root a password

sudo passwd root

You will be prompted for Bob's password and a new password for root

[sudo] password for username: (Enter your own password) enter new UNIX password: (Enter a new password for root) retype new UNIX Password: (Repeat new password for root) Passwd:password updated successfully

Once used, the root user should be locked out immediately.

sudo passwd-l root

If you want to allow other users to get full root access via sudo, you simply need to add it to the Admin user group. such as new user Sam

sudo adduser samsudo adduser Sam Admin

Features of Sudo

The Redhat release version of Linux (Redhat,rhel,fedora) uses Su by default, and sudo is enabled by default in the Debian distribution Linux (Debian,ubuntu). SU is the switch user, in the execution of the command is actually switch to the root user run, the switch needs to enter the root password. While sudo is enabled, the root user is locked by default, the password is unknown, the current user's password is entered when executing the corresponding command, and the sudo user determines whether the appropriate permissions are available. Also

1.sudo can restrict the specified user from running certain commands on the specified host.
2.sudo can provide logs, faithfully record what each user has done with sudo, and can upload logs to a central host or log server.
3.sudo provides a configuration file for system administrators that allows system administrators to centrally manage user permissions and hosts used by users. Its default storage location is/etc/sudoers.
4.sudo uses timestamp files to complete a system similar to "wicket". When the user executes sudo and enters the password, the user obtains a "ticket" with a default survival period of 15 minutes (the default value can be changed at compile time). After the timeout, the user must re-enter the password.

　　

Here are some of the personal summaries

Security angle: Sudo default root lock, whether local, remote, SSH or desktop can not log on, want to dictionary brute force root is impossible, want to crack only from other users. First of all need to know the user name, and then cracked the user may not have sufficient permissions.

User perspective: When executing a command, you need to enter a password to remind the user to reconfirm, and enter a password for a certain period of time, avoiding the ability to log in as root to do anything at any time.

Management perspective: You can specify different permissions for different users (to implement this also requires a further learning of sudo configuration), but also can log the user's actions.

The root user in Ubuntu server