Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
In the previous movie I told you that the root user is disabled on Mac OS X by default. That's okay. We don't need it to be enabled. Because as admin users on the Mac, we can do everything that the root user can do. We just have to do it by using the sudo command. That stands for substitute user and do. Some people mistakenly think that it stands for superuser do, because the root user is a superuser. But what it's actually doing is substituting in a different user identity and I'll show you how you can pick a different user besides root in a moment. But sudo is a command that runs other commands.
So it's essentially like prefixing a line with sudo when you wanted to do it as root. So just as an example, sudo ls -la. The command is exactly like we would normally type. We're just saying, hey, don't do this as Kevin, do this as root. Let me show you what happens. We hit Return. It comes up and it wants a password. Now that's not root's password, because root is disabled, what it wants is in this case it wants my password, Kevin's password again. What it wants to do is make sure that we really aren't admin before we do admin like things.
It's a security precaution. So I am going to type in my main user password that I use to log into this system, and now it does what I asked to do. Obviously this is something that I could have done without being root, but that should just give you a feel for how we prefix our normal commands with sudo and get the same results. We got to a peek at this earlier when we were changing ownership permissions, right? We had to do sudo and then chown lynda and then let's say unix_files/ownership.txt, and then that changes the ownership permissions. Now notice when I typed it the second time it did not ask me for a password again.
That's because this password authentication stays valid for a little while. So that we potentially could be entering several commands. It would be a pain if every single thing that we did, we had to keep entering that password. So it remembers it and it stays valid for about five minutes. That can be configured on different Unix machines. But it's typically five minutes. Incidentally, you can type sudo -k, and that will expire it right now. So that then when we try and do something again, let's change this back to Kevin, now it's going to ask me for my password again. Okay, so let me just clear the screen and let me just give you a couple of more examples to show how this work.
So let's say I have whom, Right? I am Kevin. Let's do ls -la and let's try and take a look at Lynda's pictures. It's on here and I don't have permission to access it, so it comes up and says permission denied. If I now do the same command with sudo in front of it, Users/lynda/Pictures, now it's going to make me into root before doing it, and remember the root has the ability to do absolutely anything on here, including look at Lynda's pictures. So using sudo I can now see what's in there. Now as I said at the beginning of the movie, root is not the only user you can become. Let me just show you if you do sudo whoami.
It comes up and says, "Oh, I am root." If we use sudo and we use -u, and then the username that we want a substitute, now whoami, we become lynda. So we are substituting the user identity before we execute the command. So now we could do the same sort of thing, we say all right, well, as Lynda, I'd like to now open this file or look at this directory. So we can become a different user and take on their privileges and their role just as easily as we can take on root. Most of the time you'll just use sudo without any options, because what you essentially are saying is I don't have enough privileges to do what I want right now, like changing ownership.
So therefore, I'm temporarily become root to accomplish what I'm trying to accomplish. Not everyone can do sudo. Only admins, and that's something that you set up in the Account Preferences, System Preferences under Accounts, and you can see it says Admin underneath, right? If you make someone who's not an admin account, they won't have the ability to sudo. That is what an admin is. Now let me show you why that's true in Unix terms. In Unix there's something called a sudoers file.
So that is stored in cat/etc/sudoers, that's where it lives, and this is a file that keeps track of the configuration for sudo and especially who ought to be allowed to execute this command. Because we don't want let everyone do it. Otherwise again, what's the point in having privileges. So only admins on the system get these special privileges. We can't view that file, because we wouldn't want everyone to be able to view it unless we put sudo in front of it. As you can see the security is very well thought-out.
So now let's take a look at it as sudo. There is all sorts of default settings and everything, but the most important thing are these lines right here. You don't need to ever change these yourself. The system preferences are going to handle this for you. What these lines are telling you is that the root user ought to have the ability to do everything. That's what those three ALLs mean. The group admin also ought to be able to do it. So what it does is it adds you to the group admin and once you're part of the group admin, well, then you have the same privileges that root does.
You have the ability to become root. Now again, you don't ever need to actually edit this sudoers file, but I just want you to see what's happening, because on other Unix systems this is the way that you manage who has sudo access, is via the suedoers file. The Mac manages it for you. The Mac gives you this nice convenient interface and it just drops you into the admin group and once you are part of the admin group, well, then you're automatically added to the sudoers file.
Get unlimited access to all courses for just $25/month.Become a member
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.
Your file was successfully uploaded.