This is the first question that users ask after installing Ubuntu - read, remember, and pass on to others ...
By the way - this was my very first problem when I started working with Ubuntu.
For a long time I was trying to understand how to get superuser rights (it's nice to get at least some rights :-))
Everything turned out to be much simpler than I thought and even simpler than expected. There are two ways to run commands with root privileges:
sudo security team
For example, we need to start updating packages using this command
If you try to run it outside the root, you can get the following message:
But in Ubuntu there is a pretty simple way to get rid of these messages by typing the command as follows:
When you start such a combination, you will see something like the following
This means that everything is OK and the package lists have been updated.
The whole charm of using the sudo command is that from a security point of view (and lately this word has been buzzing buzzing everywhere)
it is much better only if necessary to perform operations with superuser rights.
But there is a second option - my most beloved and familiar, as well as many beginners and inveterate Linuxsoids ...
The difference is small at first glance, but there is a huge gap between the sudo and sudo -i teams.
With the sudo -i command, the user gets the opportunity to switch from a regular user session to a superuser session - root
Logging in with superuser rights right after the login to the console looks something like this:
Where to get the password?
If you didn’t put the system yourself, then this question is logical, but it’s better to ask the one who set the system.
If you installed Ubuntu yourself, then the answer is simple - the username that you entered during installation and that password
which you entered for the user and are necessary for superuser rights.
The installation automatically adds the first user created (the one that was specified in the installation) to the admin group,
accordingly, this user has the right to have root - superuser rights
How to log in as root user in Ubuntu
By default, in the Ubuntu operating system, the root account is not enabled during installation, so the user is not prompted to create a root password. Instead, a regular user account is created, but with sudo privileges. That is, to execute any commands with root privileges, you must run them together with the sudo command. This is not always convenient! Now I will tell you how to go under Root in Ubuntu or give the user root rights. There are several options and we will consider each of them!
Note: Before you include the root user in Ubuntu, you must understand the danger of this for an inexperienced user. By executing commands on his behalf, you can easily and simply literally for several commands bring the operating system to a non-working state.
In any Linux-system, there is always one privileged user - root. This user has the right to perform any action, delete any files and change any parameters. It’s almost impossible to somehow restrict root’s freedom of action. On the other hand, all other users of the system usually do not have most of the necessary rights, for example, the rights to install programs, since this is an administrative operation, only root has rights to it. Another common operation, available only to the superuser, is copying and changing files in system folders, where a regular user does not have access.
Previously, this problem was solved quite simply: when you had the root password, you could log into the system under his account or temporarily get his rights using the su command. Then perform all necessary operations and return back as a regular user. In principle, such a scheme works well, but it has many significant drawbacks, in particular, it is impossible in any way (more precisely, it is very difficult) to restrict administrative privileges to only a certain range of tasks.
Therefore, in modern Linux distributions, instead of the root account for administration, the sudo utility is used.
In Ubuntu, by default, the root account is generally disabled, i.e. you cannot get root by any means without turning it on. root is exactly what is disabled, i.e. it is present in the system, it is just impossible to go under it. If you want to return the ability to use root, see the section on enabling root account below.
Giving root rights to the user
The first and simplest option allows you not to constantly enter the sudo command each time you enter a command that must be run in privileged mode. To switch to full root mode, enter the following command:
After that, you will enter the privileged superuser mode Ubuntu.
There is a second option:
In this case, the home directory will not change to / root, but the user will remain. As a rule, this option is more convenient.
How to enable root in Ubuntu
You can always enable the root root account in Ubuntu by setting a password for it using the passwd command. But to run the passwd command for the root account, you need sudo privileges.
We can enable the root Ubuntu account by setting a password for it using the passwd command. But to run the passwd command for the root account, you need sudo privileges.
Open a Ubuntu terminal and run the command to verify that you are a member of the administrators group:
If you have the appropriate rights, then you can set the root password with the following command:
First, the system will ask you to enter your own password to confirm that you have sudo rights.
After that, the passwd command will prompt you to enter a new password for the root account. This is done twice. Now you can log in as root with the command:
Then a request for a password will follow - enter the password for root.
How to root as Ubuntu Desktop GUI
If you want to log in as the root user, not in the console, but on the Ubuntu graphical desktop, then you need to follow a few additional steps after turning on the root user:
Open the file /etc/gdm3/custom.conf. Here you will need to add AllowRoot = true in the [security] block. Like this:
Then open the file /etc/pam.d/gdm-password and find the line like this:
Comment it out by placing the # sign in front of it:
Next, restart your computer. When it restarts and appears on the login screen, click on the link “Not in the list?”. All that remains is to enter root in the username field and specify the password for the superuser. That's all!
What is sudo
sudo is a utility that provides root privileges for performing administrative operations in accordance with its settings. It allows you to easily control access to important applications in the system. By default, when installing Ubuntu, the first user (the one that is created during installation) is given full rights to use sudo. Those. in fact, the first user has the same leeway as root. However, this behavior of sudo is easy to change, see the section on setting up sudo below.
Where is sudo used?
sudo is always used when you start something from the System Administration menu. For example, when you start Synaptic, you will be asked to enter your password. Synaptic is an installed software management program, so to run it you need administrator rights, which you get through sudo by entering your password.
However, not all programs that require administrative privileges automatically run through sudo. Typically, you must run programs with administrator privileges manually.
Running graphical programs with administrator privileges
To run graphical programs with administrator rights, you can use the program launch dialog, called by default by the Alt + F2 key combination.
Suppose we need to run the Nautilus file manager with administrator privileges in order to somehow change the contents of system folders through the graphical interface. To do this, enter the command in the application launch dialog
Instead of gksudo, you can substitute gksu, in addition, KDE users must write kdesu instead of gksudo. You will be asked to enter your password, and if you have the necessary rights, Nautilus will start as administrator. You can launch any graphic software with administrator rights by simply writing in the start dialog
Running programs with administrator rights in the terminal
To run a command with administrator rights in the terminal, simply type sudo in front of it:
You will be asked to enter your password. Be careful password when entering no way not displayed, this is normal and done for security reasons, just type to the end and press Enter. After entering the password, the specified command will be executed as root.
The system remembers the entered password for some time (keeps the sudo session open). Therefore, subsequent sudo runs may not require a password. For guaranteed termination of the sudo session, type in the terminal
In addition, there are often errors related to channels in Linux. When executing a command
with root privileges only cat will execute, therefore the file result.txt may not sign up. You must either write sudo before each command, or temporarily switch to superuser.
Obtaining superuser privileges to execute several commands
Sometimes it becomes necessary to execute several commands with administrator privileges in a row. In this case, you can temporarily become the superuser of one of the following commands:
After that, you will enter superuser mode (with restrictions imposed through the sudo settings), as indicated by the # symbol at the end of the command prompt. These action commands are similar to su, however: - sudo -s - does not change the home directory to / root, the home directory of the caller is the home directory sudo -swhich is usually very convenient. - sudo -i - also change the home directory to / root.
To exit back to normal user mode, type exit or just press Ctrl + D.
Ubuntu 11.10 and later
Starting with version 11.10, the lightdm login manager was installed, and dealing with root login is a bit more complicated.
1. Set the root password. Enter in the terminal:
2. Turn on the item "Enter login". Enter in the terminal:
At the end of the file, add:
3. Reboot lightdm. Enter in the terminal:
That's all, the “Login” item will appear on the login screen. In the login field, enter “root”, in the password field - the password that we set at the first stage.
To lock back the root account, you need to roll back the changes in the lightdm settings, and also lock the root account with the command in the terminal:
Setting up sudo and permissions to execute various commands
sudo allows you to enable or disable users to run a specific set of programs. All settings related to access rights are stored in a file / etc / sudoers . This is not an ordinary file. To edit it is necessary (for security reasons) use the command
By default, it says that all members of the group admin have full access to sudo, as the line says
You can read more about the syntax and customization options for this file by running
Allow user to execute command without entering password
In order for the system not to request a password for certain commands, it is necessary in sudoers after the line # Cmnd alias specification add a line where, through a comma, list the desired commands with the full path (the command path can be found by executing which command_name:
And add a line to the end of the file
Password validity period
Perhaps you want to change the amount of time that sudo works without entering a password. This is easily achieved by adding the following to / etc / sudoers (visudo):
Here is sudo for user foo valid without the need to enter a password for 20 minutes. If you want sudo to always require a password, set timestamp_timeout to 0.
sudo does not ask for a password
sudo without a password is a monstrous security hole for anyone who is allowed to do anything. If you resolved this intentionally - urgently return back as it was.
However, in some cases, sudo suddenly ceases to require a password on its own. If you make visudo, you can see something like this line that the user did not seem to add:
Most likely, this catastrophic line was added when installing a program such as Connect Manager from MTS or Megafon. In this case, you need to change it to a line that allows only this Connect Manager with root privileges to run, something like this:
There are other solutions to the problem, a short discussion here.