Superuser: Difference between revisions
Yuron [PHRhYmxlIGNsYXNzPSJ0d3BvcHVwIj48dHI+PHRkIGNsYXNzPSJ0d3BvcHVwLWVudHJ5dGl0bGUiPkdyb3Vwczo8L3RkPjx0ZD51c2VyPGJyIC8+YnVyZWF1Y3JhdDxiciAvPmludGVyZmFjZS1hZG1pbjxiciAvPnN5c29wPGJyIC8+PC90ZD48L3RyPjwvdGFibGU+] (talk | contribs) m (1 revision imported) |
W81054ch [PHRhYmxlIGNsYXNzPSJ0d3BvcHVwIj48dHI+PHRkIGNsYXNzPSJ0d3BvcHVwLWVudHJ5dGl0bGUiPkdyb3Vwczo8L3RkPjx0ZD51c2VyPGJyIC8+YnVyZWF1Y3JhdDxiciAvPmludGVyZmFjZS1hZG1pbjxiciAvPnN5c29wPGJyIC8+PC90ZD48L3RyPjwvdGFibGU+] (talk | contribs) m (1 revision imported) |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
{{#set: Priority=2 | Summary=A computer <b>operator</b> with greater (software defined) access privileges than ordinary users.}}<!-- | {{#set: Priority=2 | Summary=A computer <b>operator</b> with greater (software defined) access privileges than ordinary users.}}<!-- | ||
-->{{#invoke:Dependencies|add|User,3|Security,3}} | -->{{#invoke:Dependencies|add|User,3|Security,3}} | ||
Known by different names in different systems the | Known by different names in different systems the | ||
[https://en.wikipedia.org/wiki/Superuser <strong>superuser</strong>] (<strong>root</strong>, <strong>admin</strong>, <strong>administrator</strong>) is able to obtain privileges not available to ordinary users. These typically include running processes in [[ | [https://en.wikipedia.org/wiki/Superuser <strong>superuser</strong>] (<strong>root</strong>, <strong>admin</strong>, <strong>administrator</strong>) is able to obtain privileges not available to ordinary users. These typically include running processes in [[Processor Privilege|privileged]] mode(s) and the ability to modify features such as [[File Attributes|file permissions]]. | ||
to modify features such as [[ | |||
One user identifier (UID) is used to identify the | One user identifier (UID) is used to identify the “superuser”. A superuser can ‘become’ any other user, reset password entries etc. | ||
“superuser”. A superuser can ‘become’ any | |||
other user, reset password entries etc. | |||
Because the superuser can do anything – possibly inadvertently – it | Because the superuser can do anything – possibly inadvertently – it is not usually a good idea to assume this privilege except when necessary. | ||
is not usually a good idea to assume this privilege except when | |||
necessary. | |||
Note that superuser is <strong>not</strong> the same as a [[ | Note that superuser is <strong>not</strong> the same as a [[Processor Privilege|privileged mode in the <em>hardware</em>]]: it is a <em>software</em> privilege. A superuser’s applications will normally run (most of the time) in an <em>unprivileged</em> (“user”) hardware mode. When servicing exceptions, such as [[System_Calls|system calls]], the hardware privilege will be raised (to allow access to [[Peripheral devices|hardware peripherals]], [[Memory Protection|protected memory]] etc. but the process will still be <em>owned</em> by its original user. | ||
exceptions, such as [[System_Calls|system calls]], the hardware privilege will be raised (to allow access to [[Peripheral devices|hardware peripherals]], [[ | |||
[[Image:admin_privilege.png|link=|alt=Administrator privilege]] | [[Image:admin_privilege.png|link=|alt=Administrator privilege]] | ||
In practice there need not be much difference between the superuser | In practice there need not be much difference between the superuser and other user privileges. For example, the Unix superuser | ||
and other user privileges. For example, the Unix superuser | (“root”) can allow or forbid access to a particular hardware port because (s)he <em>owns</em> the corresponding ‘file’ (in <code>/dev/</code>) and can thus change the ‘file permissions’; other users cannot. There are a few calls which are only allowed by root though – perhaps most notably the abilities to <em>change</em> UID and change the ownership of a file/resource. | ||
(“root”) can allow or forbid access to a particular | |||
hardware port because (s)he <em>owns</em> the corresponding | |||
‘file’ (in <code>/dev/</code>) and can thus change the ‘file | |||
permissions’; other users cannot. There are a few calls which | |||
are only allowed by root though – perhaps most notably the abilities | |||
to <em>change</em> UID and change the ownership of a file/resource. | |||
---- | ---- | ||
{{PageGraph}} | {{PageGraph}} | ||
{{Category|User}} | {{Category|User}} |
Latest revision as of 10:03, 5 August 2019
Depends on | User • Security |
---|
Known by different names in different systems the superuser (root, admin, administrator) is able to obtain privileges not available to ordinary users. These typically include running processes in privileged mode(s) and the ability to modify features such as file permissions.
One user identifier (UID) is used to identify the “superuser”. A superuser can ‘become’ any other user, reset password entries etc.
Because the superuser can do anything – possibly inadvertently – it is not usually a good idea to assume this privilege except when necessary.
Note that superuser is not the same as a privileged mode in the hardware: it is a software privilege. A superuser’s applications will normally run (most of the time) in an unprivileged (“user”) hardware mode. When servicing exceptions, such as system calls, the hardware privilege will be raised (to allow access to hardware peripherals, protected memory etc. but the process will still be owned by its original user.
In practice there need not be much difference between the superuser and other user privileges. For example, the Unix superuser
(“root”) can allow or forbid access to a particular hardware port because (s)he owns the corresponding ‘file’ (in /dev/
) and can thus change the ‘file permissions’; other users cannot. There are a few calls which are only allowed by root though – perhaps most notably the abilities to change UID and change the ownership of a file/resource.