Chapter 6. Gaining Privileges
rootuser is potentially dangerous and can lead to widespread damage to the system and data. This chapter covers ways to gain administrative privileges using the
setuidprograms such as
sudo. These programs allow specific users to perform tasks which would normally be available only to the
rootuser while maintaining a higher level of control and system security.
6.1. Configuring Administrative Access Using the su Utility
sucommand, they are prompted for the
rootpassword and, after authentication, are given a
sucommand, the user is the
rootuser and has absolute administrative access to the system. Note that this access is still subject to the restrictions imposed by SELinux, if it is enabled. In addition, once a user has become
root, it is possible for them to use the
sucommand to change to any other user on the system without being prompted for a password.
usermod -a -G wheelusername
- Press the Super key to enter the Activities Overview, type
Usersand then press Enter. The Users settings tool appears. The Super key appears in a variety of guises, depending on the keyboard and other hardware, but often as either the Windows or Command key, and typically to the left of the Spacebar.
- To enable making changes, click thebutton, and enter a valid administrator password.
- Click a user icon in the left column to display the user's properties in the right pane.
- Change thefrom
Administrator. This will add the user to the
wheelgroup, it is advisable to only allow these specific users to use the
sucommand. To do this, edit the Pluggable Authentication Module (PAM) configuration file for
/etc/pam.d/su. Open this file in a text editor and uncomment the following line by removing the
#auth required pam_wheel.so use_uid
wheelcan switch to another user using the
rootuser is part of the
wheelgroup by default.