There is a superuser in every operating system we find today. A superuser is a user who has the overall privilege to the file system. He has the power to manage users, create passwords, and do the entire administrative task in the system. A superuser has every privilege to damage the system. Thus, the need to protect superusers credentials is essential.
In the Windows environment, the superuser is called the local administrator, but in UNIX-like and Linux systems, it is called the root. To perform tasks as a regular user such as installing, creating users and user’s password, managing system files; a user must escalate its privileges as root
A regular user can manage most external devices such as the removable devices like the HDD, mouse, and many others, but only the root user is allowed to manage the system’s internal hard drive by default.
In Linux systems, it is necessary you log in as a regular user and escalate privileges as root. Logging in as root makes the entire system vulnerable to attack when the root user’s account is compromised
The article will guide you on how to escalate privileges as root and important security features while working on Linux platforms as regards to privileges
HOW TO SWITCH BETWEEN USERS USING SU COMMAND
The su command is used to switch between users. When invoked by a regular user, the system prompts the user to enter the password of the account of the other user; the system won’t prompt for a password when invoked by the root user.
By default, when su command is run without specifying the username, the system automatically switches you as the root user. When the command, su username is run, the system switches to the specified user with a non-login shell, but when run with the – option (as su – username), the system starts up a login shell for the user.
DIFFERENCE BETWEEN LOGIN SHELL AND A NON-LOGIN SHELL
Lots of Linux beginners face this common challenge in differentiating between a login shell and a non-login shell. However, it is good to know that for a Linux user to interact with the operating system; you need two primary shell interfaces, which are the login shell and the non-login shell.
In this section, I will explicitly explain the difference in both words.
When we say a login shell, its primary responsibility is to start up the non-login shell and prepare every environmental variable needed by the user to start using the system.
Try to understand this from the graphical point of view. Usually, when you start-up your Linux machine, it loads and prompt you for your username and password, then, you are in non-login shell interface, by the time you enter your username and password, the system takes you to a login shell because you have already logged in
A non-login shell interface
Now, open up your terminal
A login shell interface from the terminal
What you see on the terminal is a login shell because you have already logged in. As you can see, I have logged in as the root user, and I have administrative privileges. Linux also provides an option to switch between users and provides an alternative to either create a login shell or non-login shell for the user. This is where the su username and su – username comes in. The first, create a non-login shell, and the second creates a login shell.
HOW TO USE SUDO TO GAIN SUPERUSER ACCESS
In every Linux system, the root user has the power to do anything on the system, and other users are limited to what they can do on the system. We have talked about using the su command to switch between users to gain access, but this offers lots of disadvantages when it comes to security. While using the su command, it allows the system to grant fine-grained permissions to the user, and this makes the system vulnerable to attacks
The sudo command acts differently when compared to the su command. The sudo command allows regular users to run commands as root based on the settings in the /etc/sudoers file. Unlike su command, sudo requires the user to enter their password for authentication and not the password of the root user. This allows the root user to grant fine-grained permissions to regular users without having to give out the root’s password.
To use sudo command to add a user to the system, enter on the terminal;
sudo useradd username.
You can see from the command above, the root user switched to another user “Chika,” and tried adding a user using sudo command, but it wasn’t successful. For a regular user to be able to run sudo command, the user must be added to a sudo group (for Debian based machines) or wheel group in (RHEL based machines).
In all Linux system, all members of the wheel or sudo group can use sudo command as any user. The usermod command is used to add a user to the wheel or sudo group
usermod command will be discussed in details in the next article.
Note that, anytime you want to run the sudo command as a regular user, you must follow your command by sudo as seen above. The first line added “festus” to the sudo group. The second command switches user to “festus” using the su – command. In the third command, the user tried running the useradd command without adding sudo in front, and it throws a message (“permission denied”).
CONCLUSION
You now have a basic understanding of how to use sudo and su command to gain superuser privileges and a better understanding of a login shell and non-login shell.
Please remember that the root user has all privileges to the system and as such regular users were not given permissions by default; this is to maintain the security of the system.
It is best to understand what each command you execute with root privileges does before trying to use them.
Also, for security measures, it is essential you log in as a regular user and use the su or sudo command to gain superuser privileges. Logging in as the root user makes the entire system runs with administrative privileges, in that case, any vulnerable attack on the system which is supposed to affect only the user’s account has the potential to affect the entire system.
Ellingwood, J. (2013). www.digitalocean.com. Retrieved August 08, 2019, from
How To Edit the Sudoers File on Ubuntu and CentOS:
https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos
linuxize. (2019). Sudo Command In Linux. Retrieved August 08, 2019, from
linuxize.com: https://linuxize.com/post/sudo-command-in-linux/
Su(1) man page
Sudo(1) man page
Red Hat Enterprise System Administration I and II course