1
00:00:06,810 --> 00:00:09,480
- All right. If you are
going to work with Linux,

2
00:00:09,480 --> 00:00:13,500
it's important to know
about the use of privileges.

3
00:00:13,500 --> 00:00:15,660
In Linux, there is the
ordinary user account

4
00:00:15,660 --> 00:00:17,764
with limited possibilities.

5
00:00:17,764 --> 00:00:20,340
And there is the root account,

6
00:00:20,340 --> 00:00:23,970
or we should say the
administrator level user account,

7
00:00:23,970 --> 00:00:27,000
which does have access to more privileges.

8
00:00:27,000 --> 00:00:28,530
So how does that work?

9
00:00:28,530 --> 00:00:30,870
Well, it starts with the user root.

10
00:00:30,870 --> 00:00:32,700
In the old days of Linux,

11
00:00:32,700 --> 00:00:35,820
there was the root user and
there was the ordinary user,

12
00:00:35,820 --> 00:00:39,180
and the root user is
unrestricted, and still is.

13
00:00:39,180 --> 00:00:40,440
And for that reason,

14
00:00:40,440 --> 00:00:44,310
you should not be working
as a root user directly.

15
00:00:44,310 --> 00:00:47,730
Modern Linux distributions
are even disabling

16
00:00:47,730 --> 00:00:48,690
the root account.

17
00:00:48,690 --> 00:00:51,030
Well, disabling is a strong word.

18
00:00:51,030 --> 00:00:52,950
They don't set a password
for the root account

19
00:00:52,950 --> 00:00:56,013
so that you cannot log
in as the root user.

20
00:00:57,087 --> 00:00:59,820
On Ubuntu, a root user
doesn't get a password

21
00:00:59,820 --> 00:01:03,210
and there's no option to
change that while installing

22
00:01:03,210 --> 00:01:06,231
and on recent versions
of Red Hat family Linux,

23
00:01:06,231 --> 00:01:08,910
you can choose whether or
not you want to be able

24
00:01:08,910 --> 00:01:10,380
to work as root.

25
00:01:10,380 --> 00:01:12,993
But working as root is not a smart idea.

26
00:01:13,980 --> 00:01:16,050
You better use sudo.

27
00:01:16,050 --> 00:01:19,770
In order to use sudo,
you need to have a user

28
00:01:19,770 --> 00:01:22,530
that is a member of the
group "wheel" on Red Hat

29
00:01:22,530 --> 00:01:24,360
or "sudo" on Ubuntu.

30
00:01:24,360 --> 00:01:26,580
And if you are a member
of one of these groups,

31
00:01:26,580 --> 00:01:28,410
then you can use sudo to run commands

32
00:01:28,410 --> 00:01:30,243
with administrative privileges.

33
00:01:31,260 --> 00:01:33,650
Alternatively, you can use su -.

34
00:01:34,644 --> 00:01:37,290
Su - is a generic command that allows you

35
00:01:37,290 --> 00:01:39,450
to open a shell as another user.

36
00:01:39,450 --> 00:01:42,420
And that is very convenient
if you need to configure setup

37
00:01:42,420 --> 00:01:43,623
for other users.

38
00:01:44,460 --> 00:01:47,310
Always use su with the minus command

39
00:01:47,310 --> 00:01:48,930
because that ensures full access

40
00:01:48,930 --> 00:01:51,420
to the target user environment.

41
00:01:51,420 --> 00:01:52,680
The minus makes sure

42
00:01:52,680 --> 00:01:55,830
that the new shell is
started as a login shell.

43
00:01:55,830 --> 00:01:57,900
And in that login shell,
you have full access

44
00:01:57,900 --> 00:02:02,040
to the variables that
make the user environment.

45
00:02:02,040 --> 00:02:04,953
And without a minus, that
is not going to happen.

46
00:02:05,820 --> 00:02:09,090
If you use su - without any arguments,

47
00:02:09,090 --> 00:02:12,300
then your current shell is
trying to open a root shell.

48
00:02:12,300 --> 00:02:14,820
Obviously, that is only going to work

49
00:02:14,820 --> 00:02:17,550
if your root user is enabled,

50
00:02:17,550 --> 00:02:19,800
that means that you are
going to be prompted

51
00:02:19,800 --> 00:02:22,440
for a password, and the
password that you enter

52
00:02:22,440 --> 00:02:23,940
is the root password.

53
00:02:23,940 --> 00:02:26,010
And well, you can guess
what is going to happen

54
00:02:26,010 --> 00:02:29,660
if root doesn't have a password,
then you cannot use su -.

55
00:02:30,960 --> 00:02:34,650
When you use su - with
a username as argument,

56
00:02:34,650 --> 00:02:36,630
a user shell is opened,

57
00:02:36,630 --> 00:02:39,780
a user shell for that
specific user account.

58
00:02:39,780 --> 00:02:41,370
Now let's talk about sudo.

59
00:02:41,370 --> 00:02:43,307
What exactly is sudo?

60
00:02:43,307 --> 00:02:45,688
Sudo on Linux is the default mechanism

61
00:02:45,688 --> 00:02:50,400
to allow you to run commands
with enhanced privileges.

62
00:02:50,400 --> 00:02:52,675
It allows authorized users to run tasks

63
00:02:52,675 --> 00:02:55,350
with escalated privileges.

64
00:02:55,350 --> 00:02:58,350
And if you want to use it, use
sudo followed by the command

65
00:02:58,350 --> 00:03:02,160
that you want to run, like sudo ls /root.

66
00:03:02,160 --> 00:03:05,520
I really like sudo ls
/root because it's simple

67
00:03:05,520 --> 00:03:08,370
and it shows whether
or not sudo is working

68
00:03:08,370 --> 00:03:09,363
for your account.

69
00:03:10,620 --> 00:03:13,830
But do remember, in order
to be able to use sudo,

70
00:03:13,830 --> 00:03:16,590
the user who is using
sudo must be a member

71
00:03:16,590 --> 00:03:19,722
of the sudo group, which
is "wheel" on Red Hat

72
00:03:19,722 --> 00:03:21,783
or "sudo" on Ubuntu.

73
00:03:23,040 --> 00:03:24,273
Let's go check this out.

74
00:03:26,550 --> 00:03:29,283
So here we are on the Ubuntu environment.

75
00:03:32,310 --> 00:03:36,870
And I'm using sudo ls /root.

76
00:03:36,870 --> 00:03:38,790
Why is this such a good command?

77
00:03:38,790 --> 00:03:41,947
Well, "sudo" is opening a sudo shell,

78
00:03:41,947 --> 00:03:44,850
"ls" is listing files,

79
00:03:44,850 --> 00:03:47,340
and /root is the home
directory of the root user.

80
00:03:47,340 --> 00:03:49,980
So if I'm using sudo ls /root

81
00:03:49,980 --> 00:03:54,480
then I can verify that I
have permissions to do so.

82
00:03:54,480 --> 00:03:55,860
It's prompting for a password,

83
00:03:55,860 --> 00:03:57,660
so I'm entering my password.

84
00:03:57,660 --> 00:03:58,680
And there we go.

85
00:03:58,680 --> 00:04:01,320
We see the contents of the home directory

86
00:04:01,320 --> 00:04:03,630
of the root user, just containing one file

87
00:04:03,630 --> 00:04:04,860
with the name "snap".

88
00:04:04,860 --> 00:04:09,300
But this proves the point
that sudo is working

89
00:04:09,300 --> 00:04:11,250
for this user account.

90
00:04:11,250 --> 00:04:13,250
Let's also do this on the CentOS system.

91
00:04:15,930 --> 00:04:20,770
So likewise, if I'm using sudo ls /root

92
00:04:21,750 --> 00:04:25,410
then you see a message and we
need to enter the password.

93
00:04:25,410 --> 00:04:26,243
That is the password

94
00:04:26,243 --> 00:04:29,220
for the current sudo enabled user account.

95
00:04:29,220 --> 00:04:30,053
And there we go.

96
00:04:30,053 --> 00:04:32,460
And you can see on the CentOS system,

97
00:04:32,460 --> 00:04:36,510
there is one file with the
name "anaconda-ks.cfg".

98
00:04:36,510 --> 00:04:41,040
So that means that with
sudo, I have full access.

99
00:04:41,040 --> 00:04:42,097
And in case you are wondering,

100
00:04:42,097 --> 00:04:45,420
"what is happening if
I just type ls /root?"

101
00:04:45,420 --> 00:04:47,700
Well then I'm getting "permission denied"

102
00:04:47,700 --> 00:04:51,000
because just ls /root
is running this command

103
00:04:51,000 --> 00:04:52,290
as an ordinary user.

104
00:04:52,290 --> 00:04:53,250
And as you can see,

105
00:04:53,250 --> 00:04:56,523
the ordinary user does not
have sufficient privileges.