You've been logging in as an ordinary user at your server, yet you're probably aware that "root" is the power user on a Linux system. This administrative or "superuser" account, is all powerful - and a typo in a command could potentially cripple your server. As a sysadmin you're typically working on systems that are both important and remote, so avoiding such mistakes is A Very Good Idea.
On many production systems all sysadmins login as “root”, but it’s now common Best Practice to discourage or disallow login directly by "root" - and instead to give specified trusted users the permission to run root-only commands via the sudo command.
This is the way that your server has been set-up, with your “ordinary” login given the ability to run any root-only command - but only if you precede it with sudo, and re-confirm your identity with your password.
Note that you will be prompted for your password - this is to confirm your identity (i.e. that a co-worker hasn't jumped on your machine while you're getting a coffee). Generally you'll not be prompted for this if you use sudo again within the next 15 minutes.
- Use the links in the "Resources" section below to understand how sudo works
- Use ls -l to check the permissions of /etc/shadow - notice that only root has any access. Can you use cat, less or nano to view it?
- This file is where the hashed passwords are kept. It is a prime target for intruders - who aim to grab it and use offline password crackers to discover the passwords.
- Now try with sudo, e.g. sudo less /etc/shadow
- Test running the reboot command, and then via sudo (ie sudo reboot)
Once you've reconnected back:
- Use the uptime command to confirm that your server did actually fully restart
- Test fully “becoming root” by the command sudo -i (note the change to your prompt)
- Type exit or logout to get back to your own normal “support” login.*
- Uses less to view the file /var/log/auth.log, where any use of sudo is logged
- You could "filter" this by typing: grep "sudo" /var/log/auth.log
As a Linux sysadmin you may be working on client or custom systems where you have little control, and many of these will default to doing everything as root. You need to be able to safely work on such systems - where your only protection is to double check before pressing Enter.
On the other hand, for any systems where you have full control, setting up a "normal" account for yourself (and any co-admins) with permission to run sudo is recommended. While this is standard with Ubuntu, it's also easy to configure with other popular server distros such as Debian, CentOS and RHEL.