 In the previous demos I introduced the basic concepts of permissions in a Linux operating system and gave some examples illustrating how we can, the different users can access files and directories depending upon the read, write and execute permissions. In this demo I want to show the difference between the different types of users. That is that they're considered normal users and users with administrator privileges and the commands that we can use to switch between users and elevate our privileges to the administrator user. Firstly, although we've seen it briefly, there's a command called SU which allows us to switch users. I'm currently logged in as the user instructor. SU allows me to switch to another user. I know on this system there's a user called Smith, SU followed by the username, Enter. Now it prompts me for the password of Mr Smith. Now it turns out on this demo I know the password. I type it in and now I'm logged in as Mr Smith. If I CD, I'm currently in the home directory of Mr Smith slash home slash Smith. So I'm logged in as this user now. So SU allows us to switch between users. If I want to revert back to the previous user, just exit and now I'm back to being logged in as the instructor user. Of course this is only useful if you know the password of a different user. In most multi-user operating systems you do not know another user's password. So how can we get privileges above our normal user status? In many Unix systems, our Linux-based systems now, there's the concept of SUDO, where it allows an administrator user to execute commands that a normal user cannot. For example, our current user cannot access the directory of Dr Tanarak because the permissions on that directory, if we try to LS slash home slash Tanarak, it indicates permission denied. If we look more closely, we see for the directory Tanarak, the permissions for users other than Tanarak, they cannot read, write or execute. So users other than Tanarak cannot view the contents of that directory, permission denied. Can someone access that directory other than Dr Tanarak? Well, on a Unix-based system, there's what's called the root user or the super user or an administrator user. And this root user has permissions to do anything. They can view, edit and execute any files or directories on the file system. So what we'd like to do is to elevate our privileges for the current user, the instructor to the root user or the super user. And the common way to do that is to, if you have permissions, use the command SUDO, super user do. That is, we want to execute a command, in this case LS slash home slash Tanarak, previously we didn't have the permissions to view that directory. We proceed this command with the special command SUDO, with the idea is that we want to do this command as the super user. And now it prompts for the password of instructor. I'm currently logged in as the user instructor, but SUDO is prompting for my password just to check. I'll enter in the password, I am the user instructor, I know their password. And that executes the LS slash home slash Tanarak command. It simply shows the file, there's only one file in that directory called examples.desktop. What happened there? In the setup of this demo system, the user instructor has administrator privileges. When the operating system was installed, I set the instructor user to be the user with administrator privileges. So when the command SUDO executes, it checks whether the instructor user has the right privileges. And this system, they set up, they do have the privileges to be administrator. It prompted for the password, and since the password was entered correctly, it then executes the command, which was LS slash home slash Tanarak, as the super user on this system, which allows them to see the contents of that directory. So proceeding a command with SUDO allows us to perform some command with elevated privileges. Normally when you install a Ubuntu Linux based system, the original user you create has the admin privileges, so they can do anything with a proceed the command with SUDO and enter their password. I can proceed any command with SUDO. Let's look at another user's directory. There's nothing in that directory, not the best of examples. But note that it doesn't prompt for the password the second time. Since we entered it not long ago, the operating system keeps track that, okay, we've entered that in the last few minutes. We don't have to prompt and enter the password a second time. If we log out and log in, we will be prompted again. So we can switch between users. If we know that user's password using SU, we can execute any command and with all possible permissions by proceeding that command with the special command SUDO. And that will work so long as the current user we're logged in as, for example, instructor has been configured to be an administrator user on the system. By default, the group to be in to have administrator access is the admin group. And the instructor user is part of the admin group. If now I want to switch to another user, what I can do is use SUDO and SU, SUDO to execute as the administrator user, the command SU, which is switch user, and followed by the user name. I want to switch to user Smith. If I didn't have Mr. Smith's password, but I was an administrator user, like the instructor is, I'm not prompted for Smith's password. So I don't need to know his password because I have SUDO privileges, I can immediately switch to the login of Mr. Smith. So an administrator user, also called a root user or a super user, can execute commands if they proceed that command with SUDO so long as that user has permissions. In this case, they're part of the admin group. We're logged in as Mr. Smith. Let's try and execute some command, LS, the directory of Dr. Tanarak. So Mr. Smith is executing the command LS slash home slash Tanarak using the SUDO command. This is prompting for Mr. Smith's password. That's SUDO's prompting for it. I know Mr. Smith's password, I type it in, I press enter, ah, Mr. Smith does not have permission to execute this command as SUDO, and it gives some error message or some warning message saying that they are not in the file that sets up the permissions, the SUDO's file, and this incident will be monitored, recorded and reported. So Mr. Smith doesn't have the permissions to execute this command as SUDO. In another demo, at a later date, I'll demonstrate how to set up SUDO and give permissions to different users. So in summary, SU to switch between users, if we know the user's password, if we're an administrator user, then we can proceed a command with SUDO and that allows us to do anything, irrespective of the permissions on that file or directory.