Previous Table of Contents Next

Understanding Superuser Status

The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. The user name for this account is root. Note that the terms root and superuser have the same meaning and are used interchangeably in this book. You must be root to perform many system administration tasks, such as mounting and unmounting file systems, changing ownership or permissions for a file or directory you do not own, backing up and restoring file systems, creating device files, and shutting down the system.

You can become superuser in two ways:

  When logged in as another user, by typing the su (switch user) command with no arguments, and then typing the root password
  From a login prompt, by typing root and then typing the root password

When you have superuser privileges, the shell provides a special # ( pound sign) prompt to remind you that you have extra access to the system. The system keeps a log that records each time the su command is used and who uses it. You can keep track of who is using the superuser account by consulting the log file /var/adm/sulog.

You should only become superuser when it is required and avoid doing routine work as superuser. Occasionally, you may need to log out of your user account and log in again as root. When a task requires you to log in as root, you will be instructed to do so. You should switch user (su) to root, perform the required tasks, and exit superuser status when the tasks are complete.

Because unauthorized access to root can be a serious security breach, always add a password to the root account. For enhanced security, change the root password frequently.

NOTE:  The default shell for root is the Bourne shell. See Chapter 8 for more information.

Becoming Superuser (su)

You should become superuser only when you need to perform a task that requires root permissions. Here's how to become superuser:

1.  At the shell prompt ($ or %), type su and press Return. You are prompted for the superuser (root) password, if one has been set up.
2.  Type the superuser password and press Return. If you enter the password correctly, you have superuser (root) access to the system and the root prompt (#) is displayed:
oak% su

If you want to use root's environment variables, type su - and press Return.

Exiting Superuser Status

To exit superuser status, simply type exit and press Return. The shell prompt is redisplayed:

# exit

Logging In as Root

To log in as root, you must be at a login prompt:

1.  At a login prompt, type root and press Return. You are prompted for the root password.
2.  Type the root password and press Return. If you enter the password correctly, you have superuser (root) access to the system, and the root prompt (#) is displayed:
login: root

Communicating with Users

An important part of your job as a system administrator is communicating with users to let them know that a task you are performing will affect their ability to use a system. Always let users know when you are about to perform a task that will affect them, such as rebooting a system, installing new software, or changing the environment in some way.

You can communicate with users by personal visit or phone, but the most common way is by using the system to:

  Display a system-specific message at login using the message of the day.
  Send a message directly to an individual user's terminal using the write command.
  Send a message to all users on a system using the wall command.
  Send a message to all users on a network using the rwall command.
  Send a message to an individual or a group of users by electronic mail.

Displaying System-Specific Messages at Login

Each time a user logs in to a system, the message of the day in the file /etc/motd is displayed. The message is not displayed to users who are already logged in and are using the system. Use motd to give users information specific to the system which someone logging in would want to know. This information might include which operating system release is installed, changes to system software, the name of the newly installed (or deleted) third-party software, or a list of scheduled downtimes.

Be sure to keep the motd file current. If motd displays outdated messages, users may begin to ignore all the messages, thereby missing out on critical information when it is presented. Keep the message short: If the message is longer than a screenful of information, users won't be able to read the beginning.

Root should own the /etc /motd file and be the only user who has write permission to it:

oak% ls -l /etc/motd
-rw-r--r--   1 root     sys      49 Jan  1  1970 /etc/motd

NOTE:  When the system software is installed, several files, including /etc/motd, have a time stamp of "Jan 1 1970." This date is the beginning of UNIX time. When you edit these files, the time stamp is updated.

Creating a Message of the Day

Follow these steps to create a message of the day:

1.  Become superuser.
2.  Use an editor such as vi to edit the /etc/motd file.
3.  Delete any obsolete messages and type the new one.
4.  Save the changes. The message is changed and is displayed the next time a user logs in to the system.

Sending a Message to an Individual User

You can send a message to the terminal of an individual user using the write command. When using a windowing system such as CDE or OpenWindows, each window is considered a separate login. If the user is logged in more than once, the message is directed to the console window.

Previous Table of Contents Next