Becoming root with sudo

This month were going to take a closer look at taking control of MacOS X by becoming a super user. The underpinnings of MacOS X are after all UNIX, so you should be aware of the power a super user wields.
The root account is a “super user” account built into every UNIX system, which you may remember is a multi-user environment. Other systems such as AppleShare IP or Windows Servers had highly privileged administrator accounts, however on a UNIX system the level of access that root has have seems to have no limits.
There are many processes and files are “owned” by root. We’ve looked at “permissions“ in past articles, and you may remember that permissions control what you can do and see. Keep in mind that the all-powerful root account must be treated with respect and root access should be limited to a small group of users. There is no way to stop the root account from altering any file on the system.
You have already experienced becoming a super user while using the Aqua GUI. Whenever you try to install an application or an update, you will have been asked to enter you username and password. Although you’ve already logged in, the “Authentication Manager” is challenging you to prove that you’re an administrator. This is one of the ways that Apple allows users to administrate their own machine.
The “sudo” application is included so you can become a super user on the command line. If you try to run an application or see the contents of a file or folder that belongs to root, you will get an error like “permission denied”.
I’ll tell you a secret – Built into MacOS X is the Apache Web Server. Unlike “Personal Web Sharing”, your Mac can become a fully functional web server. In order to enable it you’ll have to edit a file while becoming a super user.
Let’s start by opening the Terminal application. (Applications => Utilities => Terminal) At that command prompt (%), we’ll change directories to “etc”.
% cd /etc
“etc” is a system directory that contains, among other things, configuration files. The mystery here is that one of the files in “etc” enables the Apache Web Server. Last month I showed you the “fgrep” program, which allows us to find text strings inside files. We’ll look for “WEB” in “etc”. Type this:
% sudo fgrep “WEB” *
Password:
Unlike last month, this time we’re going to precede the “fgrep” with “sudo” so that we’re running the application as a super user. “sudo” , or “super-user do” allows us to assume a high level of authority to search through the files. The first time you use “sudo”, you’ll get a short lecture about respecting others and most importantly “Think before you type.”
If UNIX were like a car, it would be a tank . You can start the tank, put it gear and it will drive forward. Even if parts fell off, it would continue. If you, the driver, fell off – It would continue to drive forward! So, think before you type.
After you enter your password (and hit “Return”) your program will run, and you will see something like this:
fgrep: cups: Is a directory
hostconfig:WEBSERVER=-NO-
fgrep: httpd: Is a directory
…
Ah ha! The file we’re looking for is “hostconfig”. In order to activate the Apache Web Server we’ll change the “NO” to “YES”. Let’s use the “ed” program (you can use “pico” or “vi” if you prefer) but we’ll have to precede the command with “sudo” again. If we don’t start with “sudo”, we won’t have permission to save the file.
First let’s backup the file. Type “sudo cp hostconfig hostconfig.backup” to copy (cp) the original. Just in case! You can also use “ls” to confirm that you made a copy… Then we’ll edit the file with “sudo ed hostconfig”
Begin by printing the file to screen with “1,$p” which will print (p) the file from line “1” to the end ($).
1,$p
AFPSERVER=-YES-
WEBSERVER=-NO-
APPLETALK_HOSTNAME=”Tims G4″
…
Type “/WEB”, to jump to the line that contains the string “WEB”. Next type, “s/NO/YES/p” to substitute (s) “NO” with “YES”, and then print (p) the line.
/WEB
WEBSERVER=-YES-
s/NO/YES/p
At any time, you can type “f” to confirm the name of the file you’re editing. You should also use “1,$p” to confirm your changes before you save the file by writing and quit. Type “w” to write the file and “q” to quit.
You have now enabled the Apache Web Server. Open your browser, and enter “localhost” or “127.0.0.1” in the URL and you will get the default Apache page. This was possible because you became a super user with “sudo”. Now you can put on your “HTML” hat and start writing your web site.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.