Red Hat Linux 7 Unleashed

By William Ball

• Table of Contents
  • Copyright
  • About the Lead Authors
  • About the Contributing Authors
  • Acknowledgments
  • Tell Us What You Think!
  • Introduction
  • I. Red Hat Linux Installation and User Services
  • Chapter 1. Introduction to Red Hat Linux
  • Chapter 2. Installation of Your Red Hat System
  • Chapter 3. LILO and Other Boot Managers
  • Chapter 4. Configuring the X Window System, Version 11
  • Chapter 5. Window Managers
  • Chapter 6. Connecting to the Internet
  • Chapter 7. IRC, ICQ, and Chat Clients
  • Chapter 8. Using Multimedia and Graphics Clients
  • II. Configuring Services
  • Chapter 9. System Startup and Shutdown
  • Chapter 10. SMTP and Protocols
  • Chapter 11. FTP
  • Chapter 12. Apache Server
  • Chapter 13. Internet News
  • Chapter 14. Domain Name Service and Dynamic Host Configuration Protocol
  • Chapter 15. NIS: Network Information Service
  • Chapter 16. NFS: Network Filesystem
  • Chapter 17. Samba
  • III. System Administration and Management
  • Chapter 18. Linux Filesystems, Disks, and Other Devices
  • Chapter 19. Printing with Linux
  • Chapter 20. TCP/IP Network Management
  • Chapter 21. Linux System Administration
    • Working as root
    • Performing System Maintenance
    • Managing Software with RPM
    • Using Gnome-RPM
    • Managing Users and Groups with linuxconf
    • Managing Users and Groups from the Command Line
    • Setting Disk Quotas with linuxconf
    • Creating Special Accounts with linuxconf
    • Analyzing Performance
    • Understanding Your Security Responsibilities
    • Getting Help
    • Summary
  • Chapter 22. Backup and Restore
  • Chapter 23. System Security
  • IV. Red Hat Development and Productivity
  • Chapter 24. Linux C/C++ Programming Tools
  • Chapter 25. Shell Scripting
  • Chapter 26. Automating Tasks
  • Chapter 27. Configuring and Building Kernels
  • Chapter 28. Emulators, Tools, and Window Clients
  • V. Appendixes
  • A. The Linux Documentation Project
  • B. Top Linux Commands and Utilities
  • C. The GNU General Public License
  • D. Red Hat Linux RPM Package Listings

Working as root

In order for the system administrator to perform his many duties, he can assume super-user privileges to perform tasks not normally available to the average user of the system. The superuser performs these tasks as user root. root is a special user account that is available on every UNIX system. This special user has full access to the system. The system ignores all permissions when responding to commands from the root user, providing read, write, and execute permissions to every file and device known to the system.

What does the power of root mean in practical terms? The command rm -rf / run as root could delete the entire system. It also means that root has access to all data. Complete access is helpful for backing up and restoring data, performing system maintenance, and even performing security tasks. Many commands, with certain parameters, are ideal to hand off to the users; bringing up print queues is a good example. Unfortunately, with different parameters the same commands could take down the print queues or delete other users' printouts. The root account is all-powerful. The root user keeps the system up and running as a stable environment; but a root user can also destroy the system and all data contained therein.

It is because of this ability to manipulate the system that, as system administrator, you should take great care when you are using the root account—not only when you are using and modifying the system, but also when you are changing passwords.

A password is the identification that the operating system uses to determine whether a user attempting to log in with a certain user ID is authorized to use that account. Anyone who knows the root password can control the entire system. A user can boot a Red Hat Linux system that is left unsecured from disk and change the root password even if he does not know it.

That is correct—you can change the root password this easily:

1. Boot the system with the boot disk.
2. Mount the root partition.
3. Edit the /etc/passwd file to remove the password for root.
4. Reboot from the hard disk.
5. Set a new password for root.

This process is nice and convenient if the Red Hat system happens to be a system in someone's home with no other purpose than teaching the user how to use Linux. This process is a problem, however, for a Red Hat system used as an ISP in an unsecured location in a public building.

Because of the power of the root account, a user on the system who has access to the root password should not log in directly as root. To perform a task that requires root authority, the user should log in with his regular user account and su to root to perform the task. Then, the user should return to his normal account. This procedure helps ensure two things. First, it keeps the user from accidentally performing actions that he did not intend but are allowed by root. Second, it provides logging. /etc/login.defs is the file that defines, among other things, the su log, the failed login log, and the list of who logged in last. Although logging does not stop an action, it will at least help determine who performed the action.

Share This