Table of Contents
RHEL 7 systems are built to serve multiple users for a variety of needs and are very good at doing so simultaneously with little trouble. As you can imagine, this means that there must be some fairly stable and robust means of keeping those activities separate from one another and organized for efficient and reliable operation. In addition to the way the file system is designed to organize files according to their purpose and sensitivity, all Unix/Linux systems have the ability to create users and groups to further isolate their respective accesses and functions.
As a system administrator, you will be required to transition between privileged and non-privileged user accounts many times in your daily routine. In this section, we will learn how to switch users to obtain a new shell with the privileges of other user accounts.
Who Am I?
There are two basic divisions in Linux user account types: Privileged (Superuser) and Non-Privileged (everyone else). When you log into a Linux box as the root user, you have complete control over everything the machine does, as well as all information stored in it.
In RHEL 7’s default shell, bash, it is immediately apparent whether you are logged in as the superuser based simply on the style of prompt you see. When you are logged in as root, your prompt will end with a hashmark, like this:
When logged in as a mere mortal, the prompt will end with a $.
To get more information about your current user account, such as user and group IDs, use the id command:
For more information about the account, including expiration dates, etc. you can use the chage command:
$ chage -l <username>
Switching Users with the su Command
When you installed your lab’s RHEL server, I told you to create a regular user named RHCE. Up to this point, however, we have been working mostly in the root user environment. To switch the current user to RHCE, use the su command as follows:
# su - RHCE
Notice that because you were already logged in as root, no password was requested when you switched to the RHCE user shell. This is a very powerful capability of the root user and one that should be treated responsibly. For with great power comes great responsibility, as someone somewhere once said to somebody.
When you use the su command as a regular user, you will be required to provide the appropriate password each time you change to another user’s shell.
Temporary Superuser Access with sudo
Another thing we did when we installed our lab server is we made our first regular user an administrator. When we did that, the installation process, known as Anaconda, added that user to a special file called the “sudoers” file (/etc/sudoers). In doing so, the system granted RHCE the ability to temporarily gain administrator level accesses for the purpose of performing functions typically reserved to root. So now RHCE can do admin tasks without knowing the root password. and with this facility, not only can RHCE do admin things while the root password stays safe, but the system can keep more helpful records of who is doing those things than in an environment where everyone logs straight in using root’s credentials. To take advantage of this new capability, use the sudo command as follows:
$ sudo <command>
When invoked, sudo will request the current user’s password and run the given command on successful authentication. As you can imagine, there are limitless ways to configure and utilize this ability. For now however, it is sufficient to use the above commands as they’ve been demonstrated to achieve our goals. If you are interested in learning more about these utilities, check out (these books).<<PreviousNext>>