Outline

  1. Introduction
  2. Way to Gain Root Level Privileges

1. Introduction

The “root” user on a Linux is the super-user with full privileges. It is often necessary to performing commands that affect system files. In this article I will cover how to obtain root privileges.

2. Way to Gain Root Level Privileges

There are three ways of gaining root level privileges.

i. Login as a Root

The simplest way of obtaining root level privilege is to login as root. This can be done using the following command:

ssh root@IP-ADDRESS

When prompted to put the password type the root password.

Because root is so powerful, it’s recommended to only request root access when necessary rather than log in as the root user. In the article Basic Server Security Setup I have covered how to disallow remote SSH access to the root user.  

ii. Using “su” to Become Root

The second way to gain root level privileges is by invoking “su” (meaning “substitute user”), which allows you to become the root user at any time. To do this simply run the following command: 

su

When prompted to put the password type the root password. When finished the task exit using the following command:

exit

iii. Using “sudo” to Execute Commands as Root

The other way of obtaining root level privilege is to use the command “sudo“. This command allows you to execute one time command with root level privileges without the need to spawn a new shell. This is done using the following command:

sudo COMMAND_TO_EXECUTE

Unlike the other two this method uses the password of the user calling the command not the root password.

Note: For security reason, sudo access is not granted to users by default. It must be setup. When we give the root level privilege to a new user using the command gpasswd -a ermi sudo (as we have seen it in the article Basic Server Security Setup) we are basically editing the config file of sudo command. This config file is found in /etc/sudoers. If we open the file using nano this is what we get:

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

root    ALL=(ALL:ALL) ALL

%admin  ALL=(ALL) ALL
%sudo   ALL=(ALL:ALL) ALL

#includedir /etc/sudoers.d

To be continue …