Linux: Setting up Users and Groups – Super Users

Super User Privileges

We need super user privileges for a variety of tasks on Linux, for example system-wide changes, changes that affect other users, and changing the configuration of services.

There are a few ways to get access to superuser privileges, the most commonly used when entering a single command is sudo.

>sudo apt install chromium

This will prompt you for a password, execute the command as root and then cache the password for a default time of 5 minutes.

If we want to make a change as though we were another user or even the root user we would use the su command. Su stands for substitute user.

> su -
this switches to the root user
> su - fred
this switches to the user fred

Not just any user is authorised to run su/sudo, your account must be authorised. Some distros, for example, Ubuntu have a sudo group as a secondary group on other distros you need to make your own group and add it to the /etc/sudoers file.

>visudo fred ALL=(ALL)

If you wanted to limit a user to having sudo rights over specific commands then the sudoers file would contain an entry like this.

%fred localhost=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

This would just allow fred access to mount and unmount cdroms.

There is also the command sudoedit which is useful for editing single protected files.

>sudoedit /etc/hosts.allow