Shulou(Shulou.com)06/01 Report--

This article will explain in detail the difference between the Linux privileged account and the ordinary account. The content of the article is of high quality, so the editor will share it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

In the Linux operating system, its account can be divided into two categories: privileged account and ordinary account. In fact, this is very imaginary with the role in the Microsoft operating system. It's just that there are many predefined roles in the Microsoft operating system, while in the Linux operating system, there are only two types of users. As a Linux system administrator, you must understand the difference between these two columns of accounts. And the points that should be paid attention to in the future use.

Typically, after the Linux system is installed, a privileged account, root, is automatically created. If you need to deploy other applications on the Linux operating system, I suggest you re-create an account. If you want to deploy a mailbox server on the Linux operating system, it is best to set up an account for mail. Then use this account to log in to the system, and then carry out related operations. This is definitely not a multiple hit. This is mainly because the root account is very different from the ordinary account. This is mainly reflected in the following aspects.

First, the limitation of disk space.

In general, the root account has the highest permissions for the operating system, and there are often no disk space restrictions. Even if disk limits are set for other users, root accounts are often not subject to this restriction. By default, ordinary users can only have permission to store files in their home directory. For this reason, the size of disk space can be limited by means such as disk quota. In some cases, it is important to achieve this disk space limit.

Because Linux operating system is a multi-user operating system. It is possible to deploy multiple application services simultaneously on the same Linux operating system. If possible, both the mail server and the file server will be deployed. They are deployed under two different account names. Then the system administrator can set disk limits for them separately to prevent another service from crashing because one application erodes all the hard disk space due to viruses and other reasons. If both services are deployed under the root account, or if one of the services runs under the root account, it cannot be limited to disk space. If you use a root account to deploy a mail server, in case the mail server has a virus (or some clients have a virus) and spam, it is likely that the hard drive will run out of space before the system management knows it. Resulting in a crash of the server. If you use a sub-account deployment, then at most only the mailbox server crashes, but will not affect the operation of the file server and root account, and there is room for salvage.

Therefore, no matter how many applications are deployed on the Linux operating system, it is best to separate the root account from the normal account. Root accounts are generally used only for administrative purposes, not for other purposes. Only in this way can the disk quota be achieved.

Second, to ensure relatively independent environmental variables.

Linux operating system is similar to Windows operating system, environment variables are divided into user environment variables and general environment variables. The user environment variable is valid only for the current user, while the general environment variable is valid for the user in the entire operating system. Sometimes when deploying network applications, it is necessary to make each environment variable relatively independent. Environment variables (user environment variables) created under one user are invalid to another account. To do this, you can create multiple accounts to ensure the independence of environment variables between different accounts. For example, an ERP application needs to be deployed in the Linux operating system, which is composed of two parts: the database server and the ERP application server, which are independent and interrelated. System administrators often set up two ordinary accounts to deploy the two applications. In this way, individual environment variables can be saved separately for each application. So that when multiple applications are deployed on the same computer, they can work relatively independently and will not interfere with each other.

If you deploy all these applications under the same account, you need to set a lot of environment variables. If they are all set up under one account at this time, they are likely to make mistakes and conflict with each other. For this reason, in order to create a relatively independent working environment for some applications, the author recommends that these applications should not be deployed with root accounts. And it is best to create a general account for each application to manage to ensure the independence of environment variables.

Third, it is convenient to back up users' files.

The home directory of a Root account is different from that of a regular account. The home directory of the privileged user root is / root, while the home directory of the normal user is the / home/ account name. This setting of the Linux operating system is very useful. For example, there are two users on the Linux operating system, one is a privileged user and the other is an ordinary employee. In general, ordinary accounts can only save their own files, emails, and so on in their own home directory. Then you only need to back up the home directory of the employee account to back up the user's private files. By backing up the user's home directory, even if the operating system is paralyzed or the employee changes computers, only the files in the home directory need to be restored, then the user can have exactly the same working environment. For this reason, it is very useful to separate the directory of a privileged user from that of an ordinary user.

In addition, the home directory under each user is also relatively independent. For example, two ordinary accounts An and B are created in the system. Then there will be directories An and B in the / home/ directory under the operating system root. By default, user An only has permission to manipulate directory A, and user B only has permission to operate on directory B. That is, each account can only manipulate files in its own directory. For this reason, when multiple users share the same host, each user has a private folder, which can prevent their files from being inadvertently modified or deleted by others.

So if an employee leaves his job or forgets his password, will the employee's files be unreadable? Won't this cause a lot of losses to the enterprise? Actually this is not so. Because the privileged user root has unparalleled privileges, the root account can access and modify the home directory of any ordinary account. That is, if an employee leaves and his agent needs files in the employee's home directory, the system administrator can still log in to the system with his root account and copy the relevant files to his agent. It can also be seen from here that the permissions of the root account are very large. By default, it is best to separate the root account from the normal account. To ensure that each user can have a relatively independent personal home directory.

Fourth, the relevant permissions of the files are different.

In general, only the owner of the file can change the permissions of the file. If user A (ordinary account) creates another file, it can set whether other users have the right to read or modify the file. Because user An is the owner of this file, it has the right to make this setting. This is the most basic principle of access control in Linux operating system. But root privileged users will break this rule. By default, the root account can read and modify all files and directories in the system, and modify the permissions of all files. In other words, the root account operates on files and directories so that they are not subject to the condition of ownership. Even if the root account is not the owner of the file, it can grant certain permissions to other users.

For this reason, the system administrator should restrict other ordinary users from using this account in their daily work. As the saying goes, the heart of harm must not be, and the heart of prevention must not be absent. If some employees who are dissatisfied with the company use their root account to view files that they do not have the right to view, or to modify, delete and other operations, then it may cause greater losses. Because the root account can do similar things to any user's files. Therefore, in the daily work, the system administrator should manage the password of the root account and should not disclose it. At the same time, when assigning an account to an employee, don't give the root account directly to the employee to use. Not only will it not worry, but it will also make the system administrator more upset.

In short, root accounts and regular accounts are two fundamentally different accounts. In other words, the root account is originally set up for administrators, not for ordinary users. For this reason, the author strongly recommends that for whatever purpose, it is best to set up independent ordinary users for the Linux operating system. Even if the system administrator is using the Linux operating system, it is best to set up a normal account for it. When they need administrator rights, they can easily switch to privileged mode through the su command. In addition, try to set up different accounts for different employees and different applications. Provide them with a relatively independent working environment through different accounts to reduce interference with each other. This can be said to be an established principle in the deployment of Linux operating systems.

About the difference between the Linux privileged account and the ordinary account is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.