17.4.2 Using sudo
Alternatively, you can also use sudo (superuser “do”) to execute some tasks which
normally are for roots only. With sudo, administrators can grant certain users root
privileges for some commands. Depending on the system conguration, users can
then run root commands by entering their normal password only. Due to a timestamp
function, users are only granted a “ticket” for a restricted period of time after having
entered their password. The ticket usually expires after a few minutes. In openSUSE,
sudo requires the root password by default (if not congured otherwise by your
system administrator).
For users, sudo is convenient as it prevents you from switching accounts twice (to
root and back again). To change the ownership of a le using sudo, only one command
is necessary instead of three:
sudo chown wilber kde_quick.xml
After you have entered the password which you are prompted for, the command is
executed. If you enter a second root command shortly after that, you are not
prompted for the password again, because your ticket is still valid. After a certain
amount of time, the ticket automatically expires and the password is required again.
This also prevents unauthorized persons from gaining root privileges in case a user
forgets to switch back to his normal user account again and leaves a root shell open.
17.5 File Access Permissions
In Linux, objects such as les or folders or processes generally belong to the user
who created or initiated them. There are some exceptions to this rule. For more in-
formation about the exceptions, refer to Chapter 9, Access Control Lists in Linux
(↑Security Guide). The group which is associated with a le or a folder depends on
the primary group the user belongs to when creating the object.
When you create a new le or directory, initial access permissions for this object are
set according to a predened scheme. As an owner of a le or directory, you can
change the access permissions for this object. For example, you can protect les
holding sensitive data against read access by other users and you can authorize the
members of your group or other users to write, read, or execute several of your les
where appropriate. As root, you can also change the ownership of les or folders.
17.5.1 Permissions for User, Group and Others
Three permission sets are dened for each le object on a Linux system. These sets
include the read, write, and execute permissions for each of three types of users—the
owner, the group, and other users.
The following example shows the output of an ls -l command in a shell. This com-
mand lists the contents of a directory and shows the details for each le and folder
in that directory.
200 Start-Up
