path: root/en_US.ISO8859-1/books/handbook/users/chapter.xml
diff options
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/users/chapter.xml')
1 files changed, 45 insertions, 0 deletions
diff --git a/en_US.ISO8859-1/books/handbook/users/chapter.xml b/en_US.ISO8859-1/books/handbook/users/chapter.xml
index c6be01a81e..4ac3616b48 100644
--- a/en_US.ISO8859-1/books/handbook/users/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/users/chapter.xml
@@ -1034,4 +1034,49 @@ uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)</screen>
<filename>/etc/group</filename>, refer to &man.pw.8; and
+ <sect1 id="users-becomesuper">
+ <title>Becoming Superuser</title>
+ <para>There are several ways to do things as the superuser. The
+ worst way is to log in as <username>root</username> directly.
+ Usually very little activity requires <username>root</username>
+ so logging off and logging in as <username>root</username>,
+ performing tasks, then logging off and on again as a normal user
+ is a waste of time.</para>
+ <para>A better way is to use &man.su.1; without providing a login
+ but using <literal>-</literal> to inherit the root environment.
+ Not providing a login will imply super user. For this to work
+ the login that must be in the <groupname>wheel</groupname> group.
+ An example of a typical software installation would involve the
+ administrator unpacking the software as a normal user and then
+ elevating their privileges for the build and installation of
+ the software.</para>
+ <example>
+ <title>Install a Program As The Superuser</title>
+ <screen>&prompt.user; <userinput>configure</userinput>
+&prompt.user; <userinput>make</userinput>
+&prompt.user; <userinput>su -</userinput>
+&prompt.root; <userinput>make install</userinput>
+&prompt.root; <userinput>exit</userinput>
+ </example>
+ <para>Note in this example the transition to
+ <username>root</username> is less painful than logging off
+ and back on twice.</para>
+ <para>Using &man.su.1; works well for single systems or small
+ networks with just one system administrator. For more complex
+ environments (or even for these simple environments)
+ <command>sudo</command> should be used. It is provided as a port,
+ <filename role="package">security/sudo</filename>. It allows for
+ things like activity logging, granting users the ability to only
+ run certain commands as the superuser, and several other
+ options.</para>
+ </sect1>