Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to understand the root access control in the Linux system". In the daily operation, I believe that many people have doubts about how to understand the root access control in the Linux system. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "how to understand the root access control in the Linux system". Next, please follow the editor to study!

In the Linux operating system, root has the highest permissions, also known as the owner of super permissions. Root users can perform operations that ordinary users cannot perform, so they are also called super administrative users.

In the system, every file, directory and process belongs to a certain user, and it is impossible for other ordinary users to operate without the user's permission, except for root. The privilege of root users is also shown in that root can read, modify or delete files or directories beyond any user or user group (within the normal license of the system), execute and terminate executable programs, add, create and remove hardware devices, etc. You can also modify the ownership and permissions of files and directories to meet the needs of system management (because root is the most privileged user in the system)

1. Understanding of super users and ordinary users

1. What is a superuser

In all Linux systems, the system distinguishes the user privilege level through UID, and the user whose UID is 0 is agreed by the system to have super privilege. The superuser can operate within the system with the highest permissions agreed upon, so the superuser can complete all the tools for system management. We can find out through / etc/passwd that the user whose UID is 0 is root, and only the UID corresponding to root is 0. From this point of view, root users have irreplaceable supreme status and unlimited permissions in the system. Root users are superusers in the system.

2. Understand the corresponding relationship between UID and users

When the system is installed by default, there is an one-to-one relationship between the system user and the UID, that is, a UID corresponds to a user. We know that the identity of the user is confirmed through UID. In the explanation of UID in the detailed explanation of user (user) and user Group (group) profile, we mentioned that "UID is the identity of confirming the user's rights, and the role of the user logging in to the system is realized through UID, not the user name." It is dangerous for several users to share a UID. For example, we change the UID of an ordinary user to 0 and share a UID with root, which actually leads to confusion of system management rights. If we want to use root permission, we can do it through su or sudo. We must not allow a user and root to share the same UID at will. "

Is it possible to have an one-to-many relationship between UID and users in the system? Yes, for example, we can assign a UID of 0 to several users, which is the one-to-many relationship between UID and users. But it's a little dangerous to do so; users with the same UID have the same identity and permissions. For example, after we change the UID of the ordinary user beinan to 0 in the system, in fact, this ordinary user has super privileges, and his abilities and permissions are the same as those of root users; all operations of user beinan will be identified as root operations, because the UID of beinan is 0, while the user with UID 0 is root, isn't it a bit disturbing? It can also be understood that the user whose UID is 0 is root, and the UID of root user is 0.

The one-to-one correspondence between UID and users is only a criterion that administrators should adhere to when managing the system, because system security is still the first priority. So we still reserve super privileges to root, the only user, is the best choice.

If we do not share the 0 value of UID with other users, and only root users have UID=0, root users are the only super-privileged users.

3. Ordinary users and camouflaged users

As opposed to super users, ordinary users and virtual users (also known as camouflage users) are limited users, but in order to complete specific tasks, ordinary users and camouflage users are also necessary. Linux is a multi-user, multi-task operating system, multi-users are mainly reflected in the diversity of users' roles, and different users are assigned different permissions. This is also the essence that Linux systems are more secure than Windows systems. Even the latest version of Windows 2003 cannot erase the brand of its single-user system.

II. The role of superuser (authority) in system management

What exactly is the role of super-privileged users (users with UID 0) in system administration? It is mainly shown in the following two points

1. Operate on any file, directory or process

However, it is worth noting that this kind of operation is within the maximum permission of the system; some operations cannot be completed even by root with super permissions.

For example, the / proc directory, / proc is used to reflect the real-time status information of the system, so even root is powerless; its permissions are as follows

The code is as follows:

[root@localhost ~] # pwd

/ root

[root@localhost ~] # cd /

[root@localhost /] # ls-ld / proc/

Dr-xr-xr-x 134root root 0 2005-10-27 / proc/

This is the directory, which can only have read and execute permissions, but absolutely no write permissions. Even if we open the write permissions of the / proc directory to root,root users, we cannot write.

The code is as follows:

[root@localhost ~] # chmod 755 / proc

[root@localhost /] # ls-ld / proc/

Drwxr-xr-x 134root root 0 2005-10-27 / proc/

[root@localhost /] # cd / proc/

[root@localhost proc] # mkdir testdir

Mkdir: unable to create directory 'testdir': does not have that file or directory

2. For system management involving the overall situation of the system

Hardware management, file system understanding, user management, system global configuration involved, and so on. If you are prompted to have no permissions when you execute a command or tool, most of them require super permissions to do so.

For example, use adduser to add users, which can only be done by users with super privileges.

3. The irreplaceability of super authority

Because of the indispensable important role of super permissions in system management, in order to complete system management tasks, we must use super permissions; in general, for the sake of system security, for general-level applications, there is no need for root users to operate, root users are only used to manage and maintain the system, such as viewing and cleaning system logs, adding and deleting users.

In an environment that does not involve system management, ordinary users can do it, such as writing a file, listening to music, processing a picture with gimp, etc. Based on the call of ordinary application, most ordinary users can complete it.

At this point, the study on "how to understand the root access control in the Linux system" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.