A particular user can also be given administrative permissions for particular tasks without being
given the root password. For example, a system administrator can add a user to particular groups,
NOTE
139
Learning Basic Administration 4
such as modem, disk, users, cdrom, ftp, mail, or www, and then open group permission to use
those services. Or, an administrator can add a user to the wheel group and add entries to the
/etc/sudoers file to allow that user to use the sudo command to run individual commands as
root. (See the description of sudo later in this chapter.)
The wheel group does not exist in all distributions. In Ubuntu, for example, wheel is not
created automatically.
A fairly new feature being added to some Linux distributions used in highly secure environments is
Security Enhanced Linux (SELinux). With SELinux, instead of one all-powerful root user account,
multiple roles can be defined to protect selected files and services. In that way, for example, if
someone cracks your Web server, he does not automatically have access to your mail server, user
passwords, or other services running on the computer.
Exploring Administrative Commands,
Configuration Files, and Log Files
You can expect to find many commands, configuration files, and log files in the same places in the
file system, regardless of which Linux distribution you are using.
Pages:
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336