The root user is the most powerful entity in the Linux universe with limitless powers, for better or worse. Create a user? Got it. Annihilate a file system? Whoops, got that too.
The Origin Story
The root user is the Linux superuser. They can, quite literally, do anything. Nothing is restricted or off-limits for
root . Whether they’re a superhero or a supervillain depends on the human user who takes on the mantle of the system administrator. Mistakes made by the root user can be catastrophic, so the root account should be used exclusively for administrative purposes.
The concept of the root user was inherited from Unix, which had a root user as its administrative superuser. But where the name “root” comes from isn’t known for sure. Some people think that it came from the Multics operating system, which pre-dates Unix.
Ken Thompson and Dennis Ritchie, two of the most important architects and authors of Unix, had both previously worked on the Multics. Multics had a filesystem that started at a point called the root directory or “/”, and all other directories and subdirectories branched downward and outward from the root like an inverted tree. It’s the same sort of tree structure adopted by Unix. So, maybe Unix adopted the root user from Multics, too?
Searching through the Multics technical documentation uncovers a multitude of references to root logical volumes, root physical volumes, root cards, and the root directory. But there’s no mention of a root user account or a user called “root.”
Another theory is that in the early days of Unix, the home folder of the superuser was the root “/” of the filesystem. The superuser needed a name. The term “root user” had been used in place of an official name, but the term stuck and became the official name.
That seems more likely, but nobody seems to be able to say for sure how the root user got its name.
The sudo Command
On any operating system, it is best practice to reserve the superuser for administrative purposes only and to use a regular user account the rest of the time. In fact, most modern Linux distributions won’t let you log in as the root user.
Of course, this is Linux, so you can configure it to allow the root user to log in. But the less time you spend logged in as
root, the better. Besides protecting yourself from disasters arising from typos, if you can’t log in as
root, no one else can. Anyone gaining unauthorized access to your system will not be able to log in as
root, limiting what damage they can do.
But if logging in as
root is disabled, how do you administer your Linux computer? Well, that’s what the
sudo command is for. It doesn’t require the root user to log in. It temporarily bestows
root‘s powers on you. It’s like picking up Thor’s hammer Mjolnir and being temporarily granted Thor’s powers. But you can only pick up the hammer if you’re worthy. Likewise, it’s not just anyone who can use the
sudo command. The
sudo command only bestows
root‘s powers on you if you’ve been found worthy and added to the sudoers list.
There’s another command similar to
sudo, you authenticate using your own password. With
su, you authenticate using the root user’s password. This is significant in two ways. Firstly, it means that you need to assign a password to the root user to use
su. By default, the root user has no password, and this helps with security. If
root doesn’t have a password, you can’t log in as
Secondly, if you do set a root password, everyone who is going to use the
su command needs to know the password. And sharing passwords is a security no-no, and for the root password, even more so. Any of the people who know the root password can tell someone else. If you need to change the root password, you need to communicate the new password to all the people who need to know it.
It’s much more secure to use the sudoers list to restrict who can use
sudo, and let each privileged person use their individual passwords to authenticate.
The “/etc/shadow” file contains the username of each account on your Linux computer, along with other pieces of information, including each account’s encrypted password, when the password was last changed, and when the password expires. Because it contains sensitive information, it can only be read by
If we try to use the
wc command to read the lines, words, and characters in the shadow file, we’ll be denied permission.
If we’re in the sudoers list and we use the same command with
sudo at the start of the line, we’ll be prompted for our password, and the command will be executed for us. If you’re the only user on your Linux computer, you’ll automatically be added to the sudoers list when the system is installed.
sudo wc /etc/shadow
Because we’re running the command as root, the
wc command is executed. Nobody denies root.
sudo command used to mean “superuser do.” It was enhanced to allow you to run a command as any user, so it was renamed “substitute user do.” The command is actually executed as though the other user ran it. If you don’t specify a username,
sudo defaults to using
root. If you wish to use a different user, use the
-u (user) option.
We can see that the commands are executed as another user by using the
sudo -u mary whoami
Running as root without Using su
The snag with
sudo is that you have to use “sudo” at the start of every command. If you’re just typing one or two commands, that’s no big deal. If you have a longer sequence of commands to execute, it can become tiresome. It might be tiresome, but it does act as a useful safety catch for
root‘s powers, and you have to consciously take the safety off each and every time.
There’s a way to effectively “log in” as
root that doesn’t use
su and doesn’t require the root user to have a password.
Warning: Be careful when you’re using this method. Every command that you issue will be happily executed, no questions asked—even if it’s destructive.
sudo to run a Bash shell opens a new shell with
root as the user.
Note that the command prompt changes. The final character of the prompt is now a hash “#” instead of a dollar character “$.”
How the body of the command prompt is displayed varies from distribution to distribution. In Ubuntu, we’re informed that the user is
rootand shown the name of the computer and the current working directory. The color of the prompt is changed, too.
root, we can execute commands that would normally require the use of
To exit from the root user’s shell, hit “Ctrl+D” or type “exit” and hit “Enter.”
Less Superman, More Clark Kent
If you’re in the sudoers list, you have superpowers over your Linux system. Just remember, Superman spends more time as his mild-mannered alter-ego than he does in his red cape.
Use your regular user account as much as possible. Only change into
root when you really need to.