[ubuntu-uk] Difference between Admin and Root?

Neil Greenwood neil.greenwood.lug at gmail.com
Mon Oct 22 21:35:39 BST 2007


On 22/10/2007, Mac <Ammonius.Grammaticus at googlemail.com> wrote:
> I have a single-user system, and - while playing / investigating - I
> tried changing my user password.  I was interested to notice that this,
> rather than root's password was then the one required by 'sudo...'.
>
> I suppose I'd sort of expected that 'sudo' would require the root
> password, and that when needing to act as root (e.g. to use aptitude)
> I'd been typing the root password, which just happened to be the same as
> the first user on the system, but wouldn't be if that user changed
> his/her password.

'su' needs the root password, 'sudo' needs the user's password. This
is the security advantage with the 'sudo' command.

> So what's the difference, if any, between a user invoking his/her
> 'Admin' rights with the 'sudo' command, and what root can do?

The /etc/sudoers file. This can limit the commands that the user can
run with Admin rights. Root can do anything (unless you have something
like SELinux).

> Would it be possible / wise (for reasons of security) to remove the
> admin rights of the first user on the system, leaving root as the only
> user with such rights?  (I'm inclined to think not, having set up a
> second user without admin rights on another system, and noticing that a
> number of 'administrative' menu options did not then appear in the menus.)

No it's not a good idea. It's better to use the 'sudo' command from an
Admin user, rather than logging in as root.

Hope this helps.

Hwyl,
Neil.



More information about the ubuntu-uk mailing list