We've been doing a series on Ubuntu Linux, in which I have explained how to get DVDs and other video formats playing, and set up Evolution, the email and groupware program. Now, we’ll look at user privileges and network connections.

When you install and set up Ubuntu, you may notice there’s no need to enter a root (super-user) password. When we’ve performed administration tasks through the graphical tools the desktop has asked for our user password, and when we’ve performed similar tasks at the command line we’ve run the ‘sudo’ command and had to provide the same.

Ubuntu does not permit access to the root account by default. There are many reasons for this, primarily security. Using the root account can be dangerous; a wrong command can wipe your hard drive.

Running as root also removes all the system’s file security; you can overwrite and change any file. Trojan virus developers would be happy if people used root blindly more often, but luckily it’s rarely necessary.

Ubuntu implements sudo for super-user access, a program that temporarily provides full access to a restricted set of users. To gain that access, the user must enter their own password as if they were logging into the desktop.

This is what’s happening when you click to update the system, for example – in the background sudo is authenticating you for super-user access, and a window pops up to do that.

At the command line, if you prefix any command with ‘sudo’ you will run that command as root.

For example, ‘rm file.txt’ will attempt to delete a file as your user, while ‘sudo rm file.txt’ will attempt to remove the file as if you had first logged in as root. Super-user access is required for any modifications to the system; be it configuring the network or installing the latest security updates.

To prevent you having to enter your password too often, the access is made available for a certain period of time. Once you enter your password at the prompt, you can run another command with sudo without entering your password, so long as it’s in the same terminal window.

Not every user has access to sudo. When you install the system, the user you initially add is given sudo privileges; this is necessary since there’s no access to root directly, so there would be no way otherwise to perform administration tasks. You can add and remove sudo access for others by using the user manager.

User management

Ubuntu provides a graphical tool for manipulating users. Select ‘Users and Groups’ from the administration menu and click ‘add’, or ‘properties’ with a user selected. A window pops up ( see screen 1 ) where you can fill in or change the user’s details.

At the top you will see three tabs. The Advanced tab lets you select a user profile. These are fairly basic, but future versions of Ubuntu should allow precise desktop setups for different kinds of users.

In the third tab you can control a user’s privileges ( see screen 2 ). By using Unix groups, Ubuntu lets you control who can access what. For example, the ‘audio’ group provides access to the computer’s sound hardware, so access is granted by being a member of that group.

That’s what happens behind the scenes, but the graphical user tool simplifies this by presenting a list of privileges you can tick. A standard user has access to everything except sudo: tick or untick the ‘Executing system administration tasks’ option to grant or remove access to sudo.

As the administrator of your computer you will want access, but other users shouldn’t. Create these users without this privilege and apart from this they’ll be able to use the computer fully. For the ultra-cautious, you may want to create a day-to-day user for yourself without sudo access, though this will mean having to log in as another user to perform tasks such as updating the system.

It is possible to provide normal root access in Ubuntu, but I’d recommend against it. By using sudo you only use super-user privileges when necessary, which is a good habit to get into.

No standard tasks require the use of a root login; however, if you’re executing a long series of commands as root, you may wish to gain temporary access to a root shell. This can be done using sudo – just run the following:

$ sudo -s

Enter your password and the shell will now be logged in as root. This is identical to using ‘su -’ on a traditional Linux system, but this method doesn’t require a super-user password. If you still wish to enable the root account for direct login you must set a password – run ‘sudo passwd root’ to do this.