7.4.2 Using sudo
Alternatively, you can also use sudo (superuser “do”) to execute some tasks which
normally are for roots only. With sudo, administrators can grant certain users root
privileges for some commands. Depending on the system conguration, users can
then run root commands by entering their normal password only. Due to a timestamp
function, users are only granted a “ticket” for a restricted period of time after having
entered their password. The ticket usually expires after a few minutes. In openSUSE,
sudo requires the root password by default (if not congured otherwise by your
system administrator).
For users, sudo is convenient as it prevents you from switching accounts twice (to
root and back again). To change the ownership of a le using sudo, only one command
is necessary instead of three:
sudo chown wilber kde_quick.xml
After you have entered the password which you are prompted for, the command is
executed. If you enter a second root command shortly after that, you are not
prompted for the password again, because your ticket is still valid. After a certain
amount of time, the ticket automatically expires and the password is required again.
This also prevents unauthorized persons from gaining root privileges in case a user
forgets to switch back to his normal user account again and leaves a root shell open.
7.5 Modifying File Permissions
In Linux, objects such as les or folder or processes generally belong to the user who
created or initiated them. The group which is associated with a le or a folder depends
on the primary group the user belongs to when creating the object. When you create
a new le or directory, initial access permissions for this object are set according to
a predened scheme. For further details refer to Section 6.3, “File Access Permissions”
(page 81).
As the owner of a le or directory (and, of course, as root), you can change the access
permissions to this object.
To change object attributes like access permissions of a le or folder, use the chmod
command followed by the following parameters:
• the users for which to change the permissions,
• the type of access permission you want to remove, set or add and
• the les or folders for which you want to change permissions separated by
spaces.
The users for which you can change le access permissions fall into the following
categories: the owner of the le (user, u), the group that own the le (group, g) and
the other users (others, o). You can add, remove or set one or more of the following
permissions: read, write or execute.
94 Start-Up