ch01_24.htm

the unix power tools

<HTML
><!--Distributed by F --><HEAD
><TITLE
>[Chapter 1] 1.24 The Superuser (Root) </TITLE
><META
NAME="DC.title"
CONTENT="UNIX Power Tools"><META
NAME="DC.creator"
CONTENT="Jerry Peek, Tim O'Reilly &amp; Mike Loukides"><META
NAME="DC.publisher"
CONTENT="O'Reilly &amp; Associates, Inc."><META
NAME="DC.date"
CONTENT="1998-08-04T21:31:32Z"><META
NAME="DC.type"
CONTENT="Text.Monograph"><META
NAME="DC.format"
CONTENT="text/html"
SCHEME="MIME"><META
NAME="DC.source"
CONTENT="1-56592-260-3"
SCHEME="ISBN"><META
NAME="DC.language"
CONTENT="en-US"><META
NAME="generator"
CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"><LINK
REV="made"
HREF="mailto:online-books@oreilly.com"
TITLE="Online Books Comments"><LINK
REL="up"
HREF="ch01_01.htm"
TITLE="1. Introduction"><LINK
REL="prev"
HREF="ch01_23.htm"
TITLE="1.23 File Access Permissions "><LINK
REL="next"
HREF="ch01_25.htm"
TITLE="1.25 Access to Directories "></HEAD
><BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
><DIV
CLASS="htmlnav"
><H1
><IMG
SRC="gifs/smbanner.gif"
ALT="UNIX Power Tools"
USEMAP="#srchmap"
BORDER="0"></H1
><MAP
NAME="srchmap"
><AREA
SHAPE="RECT"
COORDS="0,0,466,58"
HREF="index.htm"
ALT="UNIX Power Tools"><AREA
SHAPE="RECT"
COORDS="467,0,514,18"
HREF="jobjects/fsearch.htm"
ALT="Search this book"></MAP
><TABLE
WIDTH="515"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch01_23.htm"
TITLE="1.23 File Access Permissions "
><IMG
SRC="gifs/txtpreva.gif"
SRC="gifs/txtpreva.gif"
ALT="Previous: 1.23 File Access Permissions "
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><B
><FONT
FACE="ARIEL,HELVETICA,HELV,SANSERIF"
SIZE="-1"
>Chapter 1<BR>Introduction</FONT
></B
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch01_25.htm"
TITLE="1.25 Access to Directories "
><IMG
SRC="gifs/txtnexta.gif"
SRC="gifs/txtnexta.gif"
ALT="Next: 1.25 Access to Directories "
BORDER="0"></A
></TD
></TR
></TABLE
>&nbsp;<HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"></DIV
><DIV
CLASS="SECT1"
><H2
CLASS="sect1"
><A
CLASS="title"
NAME="UPT-ART-1034"
>1.24 The Superuser (Root) </A
></H2
><P
CLASS="para"
>In general, a
<SPAN
CLASS="link"
><EM
CLASS="emphasis"
>process</EM
> (<A
CLASS="linkend"
HREF="ch38_01.htm#UPT-ART-4890"
TITLE="What's in This Chapter "
>38.1</A
>)</SPAN
>
is a program that's running: a shell, the
<EM
CLASS="emphasis"
>ls</EM
> command, the <EM
CLASS="emphasis"
>vi</EM
> editor, and so on.
In order to
<SPAN
CLASS="link"
>kill a process (<A
CLASS="linkend"
HREF="ch38_10.htm"
TITLE="Destroying Processes with kill "
>38.10</A
>)</SPAN
>,
<SPAN
CLASS="link"
>change its priority (<A
CLASS="linkend"
HREF="ch39_09.htm"
TITLE='Know When to Be "nice&quot; to OTher Users...and When
Not to'
>39.9</A
>)</SPAN
>,
or
manipulate it in any other way, you have to be the process' owner
(i.e., the user who started it). In order to delete a job from a
<SPAN
CLASS="link"
>print queue (<A
CLASS="linkend"
HREF="ch43_01.htm#UPT-ART-4960"
TITLE="Introduction to Printing "
>43.1</A
>)</SPAN
>,
you must be the user who started it.</P
><P
CLASS="para"
>As you might guess, there needs to be a way to circumvent all of this
security. Someone has to be able to kill runaway programs, modify the
system's files, and so on. Under UNIX, a special user known as
<EM
CLASS="emphasis"
>root</EM
> (and commonly called the &quot;superuser&quot;) is allowed to do
anything.</P
><P
CLASS="para"
><A
CLASS="indexterm"
NAME="AUTOID-2257"
></A
><A
CLASS="indexterm"
NAME="AUTOID-2260"
></A
>On any system, the root user should always have a password.
The system administrator should be very careful about giving out the
superuser password and can't be blamed if he won't give the superuser
password to anyone. Historically, UNIX systems have tended to be very
lax: at many sites, all the users know the superuser password and
don't hesitate to use it whenever they have the slightest problem.</P
><P
CLASS="para"
>Common as it may be, this is a very bad practice&nbsp;- systems where
everyone knows the superuser password have no security whatsoever.
People can read each other's mail, trample all over each other's
files, scribble on disks by accident, or mail all of the company's
proprietary documentation to a competitor (and delete the log files so
there's no record that they did it).
Worse, even if every user is an angel, being superuser makes it easy
for someone to cause big problems accidentally&nbsp;- for instance, typing
<CODE
CLASS="literal"
>rm&nbsp;*</CODE
> in an important directory when you thought you were
somewhere else.
Wise system administrators
<SPAN
CLASS="link"
>don't use their superuser status except when they have to (<A
CLASS="linkend"
HREF="ch22_22.htm"
TITLE="The su Command Isn't Just for the Superuser "
>22.22</A
>)</SPAN
>.</P
><P
CLASS="para"
>In this book, we'll assume
that you don't have the superuser password. Almost all of
what we describe can be done without becoming superuser.</P
><DIV
CLASS="sect1info"
><P
CLASS="SECT1INFO"
>- <SPAN
CLASS="authorinitials"
>ML</SPAN
></P
></DIV
></DIV
><DIV
CLASS="htmlnav"
><P
></P
><HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"><TABLE
WIDTH="515"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch01_23.htm"
TITLE="1.23 File Access Permissions "
><IMG
SRC="gifs/txtpreva.gif"
SRC="gifs/txtpreva.gif"
ALT="Previous: 1.23 File Access Permissions "
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><A
CLASS="book"
HREF="index.htm"
TITLE="UNIX Power Tools"
><IMG
SRC="gifs/txthome.gif"
SRC="gifs/txthome.gif"
ALT="UNIX Power Tools"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch01_25.htm"
TITLE="1.25 Access to Directories "
><IMG
SRC="gifs/txtnexta.gif"
SRC="gifs/txtnexta.gif"
ALT="Next: 1.25 Access to Directories "
BORDER="0"></A
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
>1.23 File Access Permissions </TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><A
CLASS="index"
HREF="index/idx_0.htm"
TITLE="Book Index"
><IMG
SRC="gifs/index.gif"
SRC="gifs/index.gif"
ALT="Book Index"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
>1.25 Access to Directories </TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"><IMG
SRC="gifs/smnavbar.gif"
SRC="gifs/smnavbar.gif"
USEMAP="#map"
BORDER="0"
ALT="The UNIX CD Bookshelf Navigation"><MAP
NAME="map"
><AREA
SHAPE="RECT"
COORDS="0,0,73,21"
HREF="../index.htm"
ALT="The UNIX CD Bookshelf"><AREA
SHAPE="RECT"
COORDS="74,0,163,21"
HREF="index.htm"
ALT="UNIX Power Tools"><AREA
SHAPE="RECT"
COORDS="164,0,257,21"
HREF="../unixnut/index.htm"
ALT="UNIX in a Nutshell"><AREA
SHAPE="RECT"
COORDS="258,0,321,21"
HREF="../vi/index.htm"
ALT="Learning the vi Editor"><AREA
SHAPE="RECT"
COORDS="322,0,378,21"
HREF="../sedawk/index.htm"
ALT="sed &amp; awk"><AREA
SHAPE="RECT"
COORDS="379,0,438,21"
HREF="../ksh/index.htm"
ALT="Learning the Korn Shell"><AREA
SHAPE="RECT"
COORDS="439,0,514,21"
HREF="../lrnunix/index.htm"
ALT="Learning the UNIX Operating System"></MAP
></DIV
></BODY
></HTML
>