[ Team LiB ] Previous Section Next Section

Understanding Superuser Status

The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. The user name for this account is root. Note that the terms root and superuser have the same meaning and are used interchangeably in this book. You must be root to perform many system administration tasks, such as mounting and unmounting file systems, changing ownership or permissions for a file or directory you do not own, backing up and restoring file systems, creating device files, and shutting down the system.

You can become superuser in one of two ways.

  • When logged in as another user, by typing the su (switch user) command and then typing the root password.

  • From a login prompt, by typing root and then typing the root password.

When you have superuser privileges, the shell provides a special # (pound sign) prompt to remind you that you have extra access to the system. The system keeps a log that records each time the su command is used and who uses it. You can keep track of who is using the superuser account with the su command by consulting the /var/adm/sulog log file. This log does not track direct root logins.

Become superuser only when it is required, and avoid doing your routine work as superuser. Occasionally, you may need to log out of your user account and log in again as root. When a task in this book requires you to log in as root, you are instructed to do so. You should switch user (su) to root, perform the required tasks, and exit superuser status when the tasks are complete.

Because unauthorized access to root can be a serious security breach, always add a password to the root account. For enhanced security, change the root password frequently.

NOTE. The default shell for root is the Bourne shell. See Chapter 4, "Understanding Shells," for more information on shells.


Becoming Superuser (su)

Become superuser only when you need to perform a task that requires root permissions. Use the following steps to become superuser.

  1. At the shell prompt ($ or %), type su and press Return. You are prompted for the superuser (root) password if one has been set up.

  2. Type the superuser password and press Return. If you enter the password correctly, you have superuser (root) access to the system and the root shell prompt (#) is displayed in this terminal window.


oak% su
Password:
#

NOTE. If you want to use root's environment variables, type su and press Return.


Exiting Superuser Status

To exit superuser status, simply type exit and press Return. The shell prompt is redisplayed.


# exit
oak%



Logging In as Root

For you to log in as root, ensure that the system is at a login prompt.

  1. At a login prompt, type root and press Return. You are prompted for the root password.

  2. Type the root password and press Return. If you enter the password correctly, you have superuser (root) access to the system, and the root prompt (#) is displayed in all open terminal windows.

    
    
    login: root
    Password:
    
    
    

graphics/new.gif

With the Role-Based Access Control (RBAC) security feature, starting with the Solaris 8 Operating Environment, you can assign a subset of superuser privileges to a role and assign one or more users to that role. See Chapter 6, "Administering Rights and Roles," for more information. If you are a member of a role that assigns a subset of superuser privileges, you log in by using the su command with the role name and the password assigned to that role.

    [ Team LiB ] Previous Section Next Section