User Accounts
A good place to start is with the concept of user-based security. For the most part, only two types of people will access the system as users. (Although there will be other accounts that run programs and processes, here we are talking about accounts that represent human beings rather than something like an account created for a web server process.) Most people have a regular user account. These users can change anything that is specific to their account, such as the wallpaper on the desktop, their personal preferences, and the configuration for a program when it is run by them using their account. Note that the emphasis is on anything that is specific to their account. This type of user cannot make systemwide changes that could affect other users.
To make systemwide changes, you need to use super-user privileges, such as can be done using the account you created when you started Ubuntu for the first time (see Chapter 1, “Installing Ubuntu”). With super-user privileges, you have access to the entire system and can carry out any task, even destructive ones. To help prevent this from happening, this user does not run with these powers enabled at all times, but instead spends most of the time as a regular user.
To use super-user privileges from the command line, you need to preface the command you want to execute with another command, sudo, followed by a space and the command you want to run. As a mnemonic device, some think of this as “super user do.” When you press Enter (after typing the remaining command), you are prompted for your password, which you should type in followed by the Enter key. As usual on any UNIX-based system, the password does not appear on the screen while you are typing it as a security measure, in case someone is watching over your shoulder. Ubuntu then carries out the command, but with super-user privileges.
An example of the destructive nature of working as the super user can be found in the age-old example, sudo rm -rf /, which erases everything on your hard drive. If you enter a command using sudo as a regular user who does not have an account with super-user privileges, an error message appears and nothing happens because the command will not run. We recommend that you don’t try this particular command as a test, though. If you enter this command using an account with super-user privileges, you will soon find yourself starting over with a fresh installation and hoping you have a current backup of all of your data. You need to be especially careful when using your super-user privileges; otherwise, you may do irreparable damage to your system.
However, the ability to work as the super user is fundamental to a healthy Linux system and should not be feared, but rather respected, even while used only with focused attention. Without this ability, you could not install new software, edit system configuration files, or do a large number of important administration tasks. By the way, you have already been performing operations with super-user privileges from the GUI if you have ever been asked to enter your password to complete a specific task, such as installing software updates. The difference is that most graphical interfaces limit the options that users have and make it a little more difficult to do some of the big, disruptive tasks, even the ones that are incredibly useful.
Ubuntu works slightly differently from many other Linux distributions. If you study some other Linux distros, especially older or more traditional ones, you will hear about a specific user account called root, which is a super-user account. In those distros, instead of typing in sudo before a command while using a regular user account with super-user privileges, you log in to the root account and simply issue the command without entering a password (at least by default; in almost all cases, sudo can be installed and configured in these distros). In those cases, you can tell when you are using the root account at the command line because you will see a pound sign (#) in the command-line prompt in the place of the dollar sign ($).
For example: matthew@seymour:~# versus the usual matthew@seymour:~$
In Ubuntu, the root account is disabled by default because forcing regular users with super-user privileges to type a specific command every time they want to execute a command as a super user should have the benefit of making them carefully consider what they are doing when they use that power. It is easy to forget to log out of a root account, and entering a powerful command while logged in to root can be catastrophic. However, if you are more experienced and comfortable with the more traditional method of using super-user privileges and want to enable the root account, you can use the command sudo passwd. When prompted, enter your user password to confirm that your user account has super-user privileges. You are then asked for a new UNIX password, which will be the password for the root account, so make sure and remember it. You are also prompted to repeat the password, in case you’ve made any mistakes. After you’ve typed it in and pressed Enter, the root account is active. You’ll find out how to switch to root later on.
An alternative way of getting a root prompt, without having to enable the root account, is to issue the command sudo -i. After entering your password, you will find yourself at a root prompt (#). Do what you need to do and when you are finished, type exit, and press Enter to return to your usual prompt. You can learn more about sudo and root from an Ubuntu perspective at https://help.ubuntu.com/community/RootSudo.