Skip to main content

What Is SU & Why Is It Important to Using Linux Effectively?

Linux has a lot of security measures in place that are meant to protect your system from threats and sometimes (admittedly) our own stupidity. There are three main features that exist to limit and provide access as needed — file permissions, file ownership, and the root user account.

Although widely known as the super user account, SU actually refers to substitute user, and instructs the computer to execute commands with the file permissions of another user, by default the root account. This shortcut is a powerful tool that can be very helpful when used correctly or absolutely devastating if used recklessly.

Today, we’re going to go into deeper detail about SU and why you should be responsible when using it.

Admin Accounts


All of the major operating systems have the concept of an administrator account, offering heightened privileges compared to otherwise “normal” user accounts. Normal users have access to their own files, but not other users’ files and only read-only access to system files so that they can run installed applications.
 
Administrators, on the other hand, can change system files, which includes installation of new or updated applications, and can (usually) see other users’ files.

Simple enough, right? Sure, the concepts are quite easy to understand, but it has further-reaching implications than just that. Administrators, who assumedly know more about what they’re doing, can make more major changes to a system without it breaking or leaking sensitive data. Normal users without these permissions cannot perform these tasks, so there’s little chance that those users will break the system.

On most systems with just one user, that user is often the administrator and can do whatever they want with their computer. This is a hierarchy of one, so no third party needs to be present as administrator. However, whenever users have access to these system privileges all the time, they tend to use them blindly, simply accepting requests for admin rights without thinking it through.

The Super User Account On Linux

Linux takes a different approach to handling these administrative privileges. Instead of assigning admin rights to user accounts, Linux separates these into two different accounts: the SU account (sometimes called root) and then your normal user account. The idea is that if you need to do something that requires elevated privileges, you can use the SU command and do whatever you need to do.

At least psychologically speaking, this method forces you to realize that you’re doing something more serious to your system as it won’t let you do it without using SU.

To switch, you just need to open up a terminal and type in

su
 
It will then ask for the root password to grant you access. If you use sudo, you can also run

sudo bash
 
which will open up bash (simply another instance of the terminal) but on behalf of the root.

linux_su_bash

 

SU Benefits

Separating these accounts also helps with managing systems. If a system administrator needs access to the system to make changes, but they aren’t a regular user, they just need to use SU and they won’t have to make a normal user account. These accounts can have different passwords, so only people trying to switch with SU and know the password will get in.

The root account is really powerful, so it should feel like a big deal if you need to switch into it. As root, you can delete your entire system in one terminal command. As a normal user, it wouldn’t let you do that because you don’t have access to modify any files outside of your home folder. Any damage that you do as a normal user stays contained within that domain — it doesn’t affect the system or any other users.

 

Comments

Post a Comment

Popular posts from this blog

Boot process hangs at dracut: Switching root

Environment Red Hat Enterprise Linux 6 Issue When server is booting the boot process hangs at  dracut: Switching root , and never displays anything else. Raw device-mapper: ioctl: 4.33.1-ioctl (2015-8-18) initialised: xx-xxxx@redhat.com udev: starting version 147 dracut: Starting plymouth daemon dracut: rd_NO_DM: removing DM RAID activation dracut: rd_NO_MD: removing MD RAID activation scsi0 : ata_piix scsi1 : ata_piix ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc120 irq 14 ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc128 irq 15 Refined TSC clocksource calibration: 2599.999 MHz. virtio-pci 0000:00:03.0: PCI INT A -> Link[LNKC] -> GSI 11 (level, high) -> IRQ 11 virtio-pci 0000:00:05.0: PCI INT A -> Link[LNKA] -> GSI 10 (level, high) -> IRQ 10 virtio-pci 0000:00:07.0: PCI INT A -> Link[LNKC] -> GSI 11 (level, high) -> IRQ 11 virtio-pci 0000:00:08.0: PCI INT A -> Link[LNKD] -> GSI 11 (level, high) -> IRQ 11 input: ImExPS/2 Gener
Post a Comment
Read more

Interpreting the output of lspci

On Linux, the lspci command lists all PCI devices connected to a host (a computer). Modern computers and PCI devices communicate with each other via PCI Express buses instead of the older Conventional PCI and PCI-X buses since the former buses offer many advantages such as higher throughput rates, smaller physical footprint and native hot plugging functionality. The high performance of the PCI Express bus has also led it to take over the role of other buses such as AGP ; it is also expected that SATA buses too will be replaced by PCI Express buses in the future as solid-state drives become faster and therefore demand higher throughputs from the bus they are attached to (see this article for more on this topic). As a first step, open a terminal and run lspci without any flags (note: lspci may show more information if executed with root privileges): lspci   This is the output I get on my laptop: 00:00.0 Host bridge: Intel Corporation Haswell-ULT DRAM Co
Post a Comment
Read more

How to get the SAN environment information and statistics on AIX, HP-UX, Linux, Solaris, and Windows

How to get the SAN environment information and statistics on AIX, HP-UX, Linux, Solaris, and Windows Description NetBackup SAN Client is supported on the Linux , Solaris, Windows, HP-UX and AIX operating systems.  These environments provide the initiator device driver which can login to the SAN client media server and mount an pseudo   target device “ARCHIVE PYTHON” so that the backup or restore can be use the fiber transport (FT).  If there is an issue in the SAN environment, it is necessary to get the information/statistics from the SAN fabric for analysis.  The commands below can be used, on the respective operating system, to gather the necessary information. If the outputs show many or steadily increasing error counts, that indicates one or more issues with  the fabric  infrastructure. The issue(s) can be caused by cabling, SFP, san switch, DWDM, HBA or ISL and those components will need to be analyzed and evaluated.  Linux Get the hardware information fo
Post a Comment
Read more