Previous | Table of Contents | Next |
The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. The user name for this account is root. Note that the terms root and superuser have the same meaning and are used interchangeably in this book. You must be root to perform many system administration tasks, such as mounting and unmounting file systems, changing ownership or permissions for a file or directory you do not own, backing up and restoring file systems, creating device files, and shutting down the system.
You can become superuser in two ways:
When you have superuser privileges, the shell provides a special # ( pound sign) prompt to remind you that you have extra access to the system. The system keeps a log that records each time the su command is used and who uses it. You can keep track of who is using the superuser account by consulting the log file /var/adm/sulog.
You should only become superuser when it is required and avoid doing routine work as superuser. Occasionally, you may need to log out of your user account and log in again as root. When a task requires you to log in as root, you will be instructed to do so. You should switch user (su) to root, perform the required tasks, and exit superuser status when the tasks are complete.
Because unauthorized access to root can be a serious security breach, always add a password to the root account. For enhanced security, change the root password frequently.
NOTE: The default shell for root is the Bourne shell. See Chapter 8 for more information.
You should become superuser only when you need to perform a task that requires root permissions. Here's how to become superuser:
oak% su Password: #
To exit superuser status, simply type exit and press Return. The shell prompt is redisplayed:
# exit oak%
To log in as root, you must be at a login prompt:
login: root Password: #
An important part of your job as a system administrator is communicating with users to let them know that a task you are performing will affect their ability to use a system. Always let users know when you are about to perform a task that will affect them, such as rebooting a system, installing new software, or changing the environment in some way.
You can communicate with users by personal visit or phone, but the most common way is by using the system to:
Each time a user logs in to a system, the message of the day in the file /etc/motd is displayed. The message is not displayed to users who are already logged in and are using the system. Use motd to give users information specific to the system which someone logging in would want to know. This information might include which operating system release is installed, changes to system software, the name of the newly installed (or deleted) third-party software, or a list of scheduled downtimes.
Be sure to keep the motd file current. If motd displays outdated messages, users may begin to ignore all the messages, thereby missing out on critical information when it is presented. Keep the message short: If the message is longer than a screenful of information, users won't be able to read the beginning.
Root should own the /etc /motd file and be the only user who has write permission to it:
oak% ls -l /etc/motd -rw-r--r-- 1 root sys 49 Jan 1 1970 /etc/motd oak%
NOTE: When the system software is installed, several files, including /etc/motd, have a time stamp of "Jan 1 1970." This date is the beginning of UNIX time. When you edit these files, the time stamp is updated.
Follow these steps to create a message of the day:
You can send a message to the terminal of an individual user using the write command. When using a windowing system such as CDE or OpenWindows, each window is considered a separate login. If the user is logged in more than once, the message is directed to the console window.
Previous | Table of Contents | Next |