su – how to become a super user. avoid using root
If you’re like most people new to Unix, you do everything as root. You
shouldn’t. I know I don’t follow my own advice, but I’m trying to improve.
Create
yourself another account. Use that instead of root. Unless you really need
root. You can always invoke su to become a super user. That way,
you don’t have to log out and back in every time you need the power.
wheel
Only users in the wheel group can run su. The group can be
specified when creating a user via adduser. To add a user manuall, just
put the name of the user at the end of the line in /etc/group. For
example:
wheel:*:0:root,marc
This adds the user marc to the wheel group.
su
To become super user, you do this:
bash-2.02$ su Password: su-2.02#
At the password prompt, supply the root password.
Note that you might also want to use either the -l or the -m
options. Respectively, these options will simulate a full login or leave the
environment unmodified. see man
su for details.
For the paranoid: instead of just typing "su", type the
full path, to improve the chances that you’re running the
executable that you think: "/usr/bin/su". This goes hand-
in-hand with the advice to NEVER put ‘.’ ("dot", the current
directory) in your path.
Use sudo instead. This lets you do a number of things that su doesn’t. For one thing, you can configure it to let you in without a password. That’s less secure, but still protects you from accidental damage when you don’t type it and should make you less tempted to be root all the time. For another, you don’t have to give yourself completely unrestricted access this way. You can configure it to let you play with network devices, or only some network devices, without giving away other privileges like binding to low ports.
Check out "man sudo" and "man sudoers" for more details.