- Way to Gain Root Level Privileges
The “root” user on a Linux is the super-user with full privileges. It is often necessary to performing commands that affect system files. In this article I will cover how to obtain root privileges.
2. Way to Gain Root Level Privileges
There are three ways of gaining root level privileges.
i. Login as a Root
The simplest way of obtaining root level privilege is to login as root. This can be done using the following command:
When prompted to put the password type the root password.
Because root is so powerful, it’s recommended to only request root access when necessary rather than log in as the root user. In the article Basic Server Security Setup I have covered how to disallow remote SSH access to the root user.
ii. Using “su” to Become Root
The second way to gain root level privileges is by invoking “su” (meaning “substitute user”), which allows you to become the root user at any time. To do this simply run the following command:
When prompted to put the password type the root password. When finished the task exit using the following command:
iii. Using “sudo” to Execute Commands as Root
The other way of obtaining root level privilege is to use the command “sudo“. This command allows you to execute one time command with root level privileges without the need to spawn a new shell. This is done using the following command:
Unlike the other two this method uses the password of the user calling the command not the root password.
Note: For security reason, sudo access is not granted to users by default. It must be setup. When we give the root level privilege to a new user using the command gpasswd -a ermi sudo (as we have seen it in the article Basic Server Security Setup) we are basically editing the config file of sudo command. This config file is found in /etc/sudoers. If we open the file using nano this is what we get:
Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" root ALL=(ALL:ALL) ALL %admin ALL=(ALL) ALL %sudo ALL=(ALL:ALL) ALL #includedir /etc/sudoers.d
To be continue …