Working As Root
The root, or super-user account, is a special account and user on UNIX and Linux systems. Super-user permissions are required in part because of the restrictive file permissions assigned to important system configuration files. You must have root permission to edit these files or to access or modify certain devices (such as hard drives). When logged in as root, you have total control over your system, which can be dangerous.
When you work in root, you have the ability to destroy a running system with a simple invocation of the rm command like this:
# rm -fr /
This command line not only deletes files and directories, but also could wipe out file systems on other partitions and even remote computers. This alone is reason enough to take precautions when using root access.
The only time you should run Linux as the super-user is when booting to runlevel 1, or system maintenance mode, to configure the file system, for example, or to repair or maintain the system. Logging in and using Linux as the root operator isn’t a good idea because it defeats the entire concept of file permissions.
Knowing how to run commands as root without logging in as root can help avoid serious missteps when configuring your system. Linux comes with a command named su that allows you to run one or more commands as root and then quickly return you to normal user status. For example, if you would like to edit your system’s file system table (a simple text file that describes local or remote storage devices, their type, and location), you can use the su command like this:
$ su -c "nano -w /etc/fstab" Password:
After you press Enter, you are prompted for a password that gives you access to root. This extra step can also help you “think before you leap” into the command. Enter the root password, and you are then editing /etc/fstab using the nano editor with line wrapping disabled.
You can use sudo to assign specific users permission to perform specific tasks (similar to BSD UNIX and its “wheel” group of users). The sudo command works by first examining the file named sudoers under the /etc directory; you modify this file with the visudo command. See the section “Granting Root Privileges on Occasion—The sudo Command” in Chapter 14, “Managing Users,” for details on how to configure and use sudo.
Creating Users
When a Linux system administrator creates a user, an entry in /etc/passwd for the user is created. The system also creates a directory, labeled with the user’s username, in the /home directory. For example, if you create a user named bernice, the user’s home directory is /home/bernice.
Use the useradd command, along with a user’s name to quickly create a user:
# useradd andrew
After creating the user, you must also create the user’s initial password with the passwd command:
# passwd andrew Changing password for user andrew. New password: Retype new password: passwd: all authentication tokens updated successfully.
Enter the new password twice. If you do not create an initial password for a new user, the user will not be able to log in.
You can view useradd’s default new user settings by using the command and its -D option like this:
# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel
These options display the default group ID, home directory, account and password policy (active forever with no password expiration), the default shell, and the directory containing defaults for the shell.
The useradd command has many different command-line options. The command can be used to set policies and dates for the new user’s password, assign a login shell, assign group membership, and other aspects of a user’s account.
Deleting Users
Use the userdel command to delete users from your system. This command removes a user’s entry in the system’s /etc/passwd file. You should also use the command’s -r option to remove all the user’s files and directories (such as the user’s mail spool file under /var/spool/mail):
# userdel -r winky
If you do not use the -r option, you have to manually delete the user’s directory under /home, along with the user’s /var/spool/mail queue.
Shutting Down the System
Use the shutdown command to shut down your system. The shutdown command has a number of different command-line options (such as shutting down at a predetermined time), but the fastest way to cleanly shut down Linux is to use the -h or halt option, followed by the word now or the numeral zero (0), like this:
# shutdown -h now
or
# shutdown -h 0
To incorporate a timed shutdown and a pertinent message to all active users, use shutdown’s time and message options, like so:
# shutdown -h 18:30 "System is going down for maintenance this evening"
This example shuts down your system and provides a warning to all active users 15 minutes before the shutdown (or reboot). Shutting down a running server can be considered drastic, especially if there are active users or exchanges of important data occurring (such as a backup in progress). One good approach is to warn users ahead of time. This can be done by editing the system Message of the Day (MOTD) motd file, which displays a message to users after login. To create your custom MOTD, use a text editor and change the contents of /etc/motd. You can also make downtimes part of a regular schedule, perhaps to coincide with security audits, software updates, or hardware maintenance.
You should shut down Fedora only for a few very specific reasons:
- You are not using the computer and want to conserve electrical power.
- You need to perform system maintenance that requires any or all system services to be stopped.
- You want to replace integral hardware.
Rebooting the System
You should also use the shutdown command to reboot your system. The fastest way to cleanly reboot Linux is to use the -r option, and the word now or the numeral zero (0):
# shutdown -r now
or
# shutdown -r 0
Both rebooting and shutting down can both have dire consequences if performed at the wrong time (such as during backups or critical file transfers, which arouse the ire of your system’s users). However, Linux-based operating systems are designed to properly stop active system services in an orderly fashion. Other commands you can use to shut down and reboot Linux are the halt and reboot commands, but the shutdown command is more flexible.