Check out a free preview of the full Complete Intro to Linux and the Command-Line course:
The "Superuser" Lesson is part of the full, Complete Intro to Linux and the Command-Line course featured in this preview video. Here's what you'd learn in this lesson:

Brian demonstrates how superuser commands grant access to the root user role, and explains best practice to create other users.

Get Unlimited Access Now

Transcript from the "Superuser" Lesson

[00:00:00]
>> Let's say it was really important that I'm here in the root directory and I really wanted to make that high folder. How would I do it? Well, the owner user that can do it is the super user. The super user is also the other name for the root user.

[00:00:14] So you'll hear me use those two interchangeably. So the way that I could do that is I could come in and say sudo, which is basically doing super user, do mkdir hi. So now because I ran sudo, this basically which means like temporarily for one command switch me into super user, do something and then come back.

[00:00:49] So now you can see in here I have this high directory. And you can see the user that did it was wherever that went here, root. So just to kind of prove my point, if I say sudo, who am I. What do you think it's going to say root, right.

[00:01:13] Because for that one command, I'm root, but now if I run, who am I Again, I'm going to be Ubuntu. So that's what sudo does is it switches use quickly into root You do one thing and then you're out. That's because Ubuntu has super user privileges. That means that Ubuntu can run things as root.

[00:01:33] But not everything is run as root by default, which is kind of that safeguard. When I tried that RM dash RF it wouldn't have let me do that because Ubuntu was not privileged to do despite the fact that Ubuntu could if I had done it as sudo does that make sense?

[00:01:48] Cool. So that's why you don't just always run as root, don't just hang out as root. That's a terrible idea because you're gonna make mistakes, and not being the root user will save you from some of those dumb mistakes that you're gonna do. Cuz it is possible, I can say sudo switch users, and look who I am now.

[00:02:14] I am the root user now. I have all power. That's a terrible idea. So don't hang out as the super user. So in order to do that, you can just say exit. And that will get you out of your session as the root user I would also like to point out that Sudo is a very adorable dog.

[00:02:37] That's actually Sarah Dresner is doc. [LAUGH] I asked her if I could put a picture of Sudo in here. Because the dog is hilarious, and it also if you go over to her house, it's funny to hear her say sudo sit because like tons, like super user, tell the dog to sit out makes me laugh.

[00:02:59] And that's from Yes, Sara dresner who's another teacher in front of masters she does the view courses and she's really awesome. This is another one makes me laugh, make me a sandwich. What make it yourself Sudo? Make me a sandwich, okay? That's another XKCD that's another famous one.

[00:03:17] Okay, so Let's go ahead and yeah, it's a bit like Simon says, right? It won't do until you tell it's Simon says, delete the root directory, right? Let's make a new user just to show you kind of how it's done. Like, the reason why I would create a new user is like I said, if I was gonna do like.

[00:03:39] A some sort of like job, or like a task that was gonna run like every day. And that task was very scoped to like it works on this one folder and does this one thing and then it finishes. I would make a new user just for that task that could only accomplish that task and can do literally nothing else.

[00:03:56] That would be a good reason to make a new user. So Ubuntu can't make any new users but root cans we have to switch to root. The other thing I was gonna mention about Ubuntu is normally when you do sudo. So if I say sudo echo hi. Which there's no reason to do sudo there, right?

[00:04:20] Normally it asks you to enter your password when you enter sudo. Multipass is a password list root user so it actually doesn't make you do it. But normally you have to enter it. So I'll show you that here in just a second. But if that's why ,that's why that feels weird if that feels weird to you.

[00:04:36] All right, so we're going to do sudo user add brian or you can put whatever you want there. I'm just going to put brian. Okay, and that created a brand new user and I'm going to do sudo passwd, which is gonna allow me to set the user for the, the password for Brian.

[00:04:57] And it's gonna make me enter a new password I'm going to put something very simple that you need to remember asdf, asdf, which is the only password that I ever use. Now I'm gonna say switch users which is what su does to brian, is gonna make me enter my password.

[00:05:13] And now I am brian, who am I? Brian. So, that's about it that all you need to do to enter as brian actually don't I think I'm in a different shell right now. No, I don't know. But the reason why the prompt there is something like that. We haven't set up a bunch of stuff like the login shell and all that kind of stuff.

[00:05:45] But that's how you create a new user. And then you would go about adding like them to be in the right permission, still this kind of stuff. And actually, if I say sudo echo hi. If I say asdf it's gonna say, brian is not authorized to do sudo this incident will be reported.

[00:06:05] That's the line that always made me laugh. And then I actually found an XKCD about it. It says right there, Rob is not in the sudos file. This incident will be reported. Hey, who does the sudos report incidents to is like? I never looked, and it's reporting it to Santa Claus.

[00:06:23] [LAUGH] I don't know made me laugh So I actually looked it up where it goes. There's actually like a mailbox because there's like a, Internal mail system on Linux and it gets reported to like an admin in their mailbox and someone tried to do a sudo that they could do.

[00:06:40] I've literally in the history of all of my schooling, and all of my learning to code, and all my production work at companies, no one has ever mentioned this file at all so don't worry if it says that this incident will be reported. That was very intimidating the first time I saw in the computer lab though.

[00:07:01] Okay so, brian can't suit up but what if we want to make it so brian could sudo? Well that can be done so I'm going to exit out of this session with brian. So I'm gonna go back to Ubuntu because a boon to does have sudo privileges but it's just that brian doesn't.

[00:07:25] So we have to. Use groups. So groups are another construct within Linux that allow you to add privileges to entire groups of users. This is useful because like imagine you run a server and that server has 100 users on it. And you have 50 admins and 50 non admins.

[00:07:54] And let's say you wanted to add a new privilege to the admins that they are now able to read to this one directory. You would either have to go. And now that privilege individually 50 times each user, or if you use groups, you could just add at once to one set of group or one group.

[00:08:10] And then everyone inside of that group would get all the privileges. So it just makes it easier to add and manage all those people. So, there's a bunch of reasons. Like you could create like a readers group and the readers group has access to read all the files, but I can't write to it and they could have another writers group.

[00:08:28] And they can write to it that maybe not read from it, I don't know. But you can kind of manage all the privileges individually that way. So, If you wanna add brian to that group, what we can do is we can run this command right here. User mode.

[00:08:47] And let's actually just put it in right here, And so you do sudo, User mod and you can do dash dash append dash dash groups. Or you can just do dash a capital G for the shorthand, sudo Brian. So what this is going to do this s going to add a new group to brian.

[00:09:16] And he's going to be added to the pseudo group and the sudo group is allowed to sudo. So now if I say sudos or if I say switch users to brian, I enter that password and so now Who am I? Here and I say sudo. Who am I?

[00:09:37] I have to enter my password. So by adding brian to that sudo group, brian is now able to do sudo things. That makes sense. So you can create your own groups. Honestly, if you ask me, how often do I create my own groups? The answer that question would be never, like I almost never do it because I don't manage flocks of Ubuntu servers or anything like that.

[00:10:05] But I have had to add people to the sudo users before. So that is why I show you how to do that.