Why do I need to type my password to perform admin tasks?

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
killer de bug

Why do I need to type my password to perform admin tasks?

Post by killer de bug »

The Linux Mint moderation/admin team is happy to offer this introduction on user rights under Linux. The target audience is primarily beginners but an advanced section is available at the end and may attract more advanced users.


People may wonder why they have to type their password in order to be allowed to perform simple tasks like installing new software or applying updates. As we will see, this simple behavior is one of the most powerful safety features of Linux.


Part 1: the basics

Normal users versus root user

When you log in to your system, you are by default logged in as a normal user. With this account, users run with reduced permissions. They have access to their own files, but can't edit system files, or install new software. Said in a different way, normal users are not authorized to perform any system operations.

A second user is present on a Linux installation: the root user. This user is essentially equivalent to an administrator account on Windows. The root user has maximum permissions and can do anything to the system.


I honestly don't see how it enhances my security

Well, let's imagine that a random person gained access to your computer. This person cannot install anything on your system or modify any system settings or edit any system files.
In a similar way, when you launch your web browser, it is launched with minimal rights. Therefore, your web browser cannot modify system files and you are protected against a malicious script trying to install something on your system. (You can enhance your browser security with sand-boxing. (Please refer to this tutorial.)
Another example, Thunderbird is also launched with minimal privileges. In the event that you open a poisonous attachment, the script will not be able to impact your system files.
In short, this way of handling users and authorization makes virus infection difficult under Linux.


Ok, I see! Is it for this reason that I have been told not to run my system as root?

Exactly! By respecting this behavior, you are protecting your system. You protect it against attacks from others but also against yourself. If you have the full power to edit everything, you have also the power of destroying your system by deleting the wrong file. With great power comes great responsibility.


Ok, Ok. But if I have no rights, how do I install stuff?

In order to perform an admin task (editing a system file, installing software...), you have to temporarily acquire admin permissions. As a beginner, you are probably interested in using GUI tools like Mint Software, Mint Update, Mint Sources... for these operations. All these tools will allow you to acquire admin permissions with your password. When you launch them, a pop-up window will be displayed requesting your password (figure 1). If the password you provide is correct, the program will open with admin permission and allow you to install new libraries, or to modify system files.
2.png
Figure 1: A GUI prompt for your password in order to acquire admin privileges.

In case you want to modify a system file, please note that Nemo has a contextual option allowing you to open a folder as root (figure 2). Please note that when you open a folder as root, you are in a position to modify or delete any, or all, files in your system. Please be careful!
GuiPrompt
Figure 2: "Open as Root" located in the contextual menu can open a system folder with full write rights.

By default, Linux Mint remembers the password for fifteen minutes and won’t ask for a password again until the fifteen minutes are up or until you close the application where you typed the password (Update Manager, Terminal, Software center...).



We hope this short explanation has answered your questions and that you are now in a position to understand why the password requests you encounter increase the security of your system, and are not just a trivial annoyance..
If you want to learn more about the command involved in acquiring admin rights, we invite you to continue reading. Otherwise, see you around on the forum.




Part 2: how does it work in the back-end?

In order to provide admin rights to a normal user, two commands are involved: su and sudo. Despite achieving the same result, these two commands are slightly different and the next sections will provide more details about them.


sudo
allows you to run commands with root privileges. with root privileges for you. When you try to execute a sudo command, the system asks for your current user account’s password. If the password provided is correct, and if you are registered in the sudo group, the command is executed with root privileges.
By default, the first Linux Mint user created during installation is registered in the sudo group and can therefore use the sudo command.

su
The su command allows you to switch to a new user. It can be used to acquire root privileges but you can use it to switch to any user account. For example, by executing "su bob" in a terminal, you’ll be prompted to enter Bob’s password and the shell will switch to Bob’s user account.
To log in as root in a terminal you can type one of these 3 commands: su root su - or su

Change note for Mint 18.2 and newer wrote:
Linux Mint 18.2 What's New - Section 'System Improvements' wrote:The root account is now locked by default. You can use sudo with your own password to become root with "sudo -i".
This change applies to all Linux Mint versions from 18.2 onwards.
As a consequence, by default su root su - and su can no longer be used to switch to the root id. You would have to unlock the root account in order to get back the old behaviour. Use sudo - instead.
For more information on the RootSudo approach, please, read the Ubuntu article on
RootSudo

If you provide the root password, you will see a change in the prompt: #
You now are running as root. You can install anything, edit everything, and of course, destroy everything. Be careful. You can type several commands without entering a password again. By default, on Linux Mint, the root password is the same as the password of the first user created (password chosen during the installation).
If you want to log out, ctrl + D will return you to a normal prompt: $
Once you’re done running commands in the root shell, you should type exit to leave the root shell and go back to limited-privileges mode. If you don't do this, you may destroy your system with your next command. :wink:

Using sudo, you can also log in as root with your normal user password. Type in

Code: Select all

sudo -i
Similarly, using su, you can execute only one command before going back to normal user privileges:

Code: Select all

su -c 'your command here'
This time the password prompt is requesting root's password.


Using graphical applications:
Please note that in order to avoid corrupting your system, you should ALWAYS use gksudo (or kdesudo if you are using KDE). For example in order to edit your sources.list file, you would type in:

Code: Select all

gksudo gedit /etc/apt/sources.list

Last question! Is it better to use sudo or su?

Well, this is only a matter of personal preference. Sudo is very versatile and should suffice for almost every need.
If I may offer my personal opinion, I would say that sudo is better for beginners. Here are 3 simple reasons:
- It avoids the temptation to log in as root in the login screen.
- When you type a command with sudo, you are requested a password. This gives you a second chance to check your command and avoid a disaster.
- sudo logs you out immediately. If you want to perform a new operation with root privileges, you have to type sudo again. This is also, in my opinion, safer for beginners. A user logged as root in a terminal can destroy a system easily.



Thanks to austin.texas for reviewing and correcting the mistakes!
Last edited by karlchen on Sat Sep 14, 2019 4:39 am, edited 1 time in total.
Reason: Added "Change note for Mint 18.2 and newer" related to "su" command
Habitual

Re: Why do I need to type my password to perform admin tasks?

Post by Habitual »

Thank you!

Now lock it and sticky it. :)
Locked

Return to “Beginner Questions”