Root versus everybody else
The world can be a harsh place, and sometimes it’s dangerous to run a command. For example, fdisk can wipe the partitions of a disk or otherwise modify hardware. iptables can open a network port and let an attacker exploit a vulnerability. Even using an innocuous echo command to send a value to the wrong place on a filesystem can change the operating system’s configuration in subtle and terrible ways.
To guard against this, the Unix-like environment that your command-line interface is running in has some built-in guardrails. There is a “superuser” called root in every Unix system. As a result, the basic security model is as follows:
- First, there is
root. This user is the equivalent of the system administrator on other systems and is the user with the highest number of permissions.rootcan do almost anything. - Then, there’s everybody else. Non-root users have limited permissions – they can...
