Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Superuser
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Unix and Unix-like== In [[Unix-like]] computer OSes (such as [[Linux]]), ''root'' is the conventional name of the user who has all rights or permissions (to all files and programs) in all modes (single- or multi-user). Alternative names include ''baron'' in [[BeOS]] and ''avatar'' on some Unix variants.<ref>[http://www.catb.org/jargon/html/A/avatar.html The Jargon File (version 4.4.7)] {{Webarchive |url=https://web.archive.org/web/20210418133727/http://www.catb.org/jargon/html/A/avatar.html |date=2021-04-18 }}, catb.org</ref> [[Berkeley Software Distribution|BSD]] often provides a [[toor_(Unix)|''toor'']] ("root" written backward) account in addition to a root account.<ref>[http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#TOOR-ACCOUNT "What is this UID 0 toor account?"] {{Webarchive |url=https://web.archive.org/web/20201222112811/http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#TOOR-ACCOUNT |date=2020-12-22 }}, freebsd.org</ref> Regardless of the name, the superuser always has a [[user ID]] of 0. The root user can do many things an ordinary user cannot, such as changing the ownership of files and binding to network [[TCP and UDP port|ports]] numbered below 1024. The name ''root'' may have originated because ''root'' is the only user account with permission to modify the [[root directory]] of a Unix system. This directory was originally considered to be root's [[home directory]],<ref>{{cite web |url=http://www.linfo.org/root.html |title=What is root? - definition by The Linux Information Project |publisher=LINFO |access-date=2012-08-07 |archive-date=2021-05-08 |archive-url=https://web.archive.org/web/20210508093525/http://www.linfo.org/root.html |url-status=live }}</ref> but the UNIX [[Filesystem Hierarchy Standard]] now recommends that root's home be at {{mono|/root}}.''<ref>{{cite web|url=http://www.pathname.com/fhs/pub/fhs-2.3.html#ROOTHOMEDIRECTORYFORTHEROOTUSER|title=/root : Home directory for the root user (optional)|access-date=2015-05-11|archive-date=2005-05-25|archive-url=https://web.archive.org/web/20050525054323/http://www.pathname.com/fhs/pub/fhs-2.3.html.#ROOTHOMEDIRECTORYFORTHEROOTUSER|url-status=live}}</ref>'' The first process [[Bootstrapping|bootstrap]]ped in a [[Unix-like]] system, usually called {{mono|[[init]]}}, runs with root privileges. It spawns all other processes directly or indirectly, which inherit their parents' privileges. Only a process running as root is allowed to change its user ID to that of another user; once it has done so, there is no way back. Doing so is sometimes called ''dropping root privileges'' and is often done as a security measure to limit the damage from possible contamination of the process. Another case is {{mono|[[login]]}} and other programs that ask users for credentials and in case of successful [[authentication]] allow them to run programs with privileges of their accounts. It is often recommended that ''root'' is never used as a normal user account,<ref name="rootsudo"/><ref>{{cite web|url=https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-wstation-privileges.html|title=4.4. Administrative Controls|work=redhat.com|access-date=16 September 2015|archive-date=5 June 2015|archive-url=https://web.archive.org/web/20150605195254/https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-wstation-privileges.html|url-status=live}}</ref> since simple [[typo|typographical errors]] in entering commands can cause major damage to the system. Instead, a normal user account should be used, and then either the {{mono|[[su (computing)|su]]}} (substitute user) or {{mono|[[sudo]]}} (substitute user do) command is used. The {{mono|su}} approach requires the user to know the root password, while the {{mono|sudo}} method requires that the user be set up with the power to run "as root" within the {{mono|/etc/sudoers}} file, typically indirectly by being made a member of the ''wheel'',<ref>{{cite web|url=https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/2/html/Getting_Started_Guide/ch02s03.html|title=2.3. Configuring sudo Access|work=redhat.com|access-date=16 September 2015|archive-url=https://web.archive.org/web/20191222091333/https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/2/html/Getting_Started_Guide/ch02s03.html|archive-date=2019-12-22|url-status=dead}}</ref> ''adm'',<ref>{{cite web|url=http://www.linuxquestions.org/questions/linux-newbie-8/difference-adm-root-536387/|title=difference adm - root|access-date=1 August 2016|archive-date=5 November 2016|archive-url=https://web.archive.org/web/20161105173905/http://www.linuxquestions.org/questions/linux-newbie-8/difference-adm-root-536387/|url-status=live}}</ref> ''admin'', or ''sudo'' group. For a number of reasons, the {{mono|sudo}} approach is now generally preferred β for example it leaves an [[audit trail]] of who has used the command and what administrative operations they performed.<ref>{{cite book|author=Brian Wotring|title=Host Integrity Monitoring Using Osiris and Samhain|url=https://books.google.com/books?id=CGE2synNNSEC&pg=PA32|year=2005|publisher=Elsevier|ISBN=978-0-08-048894-3|page=32|access-date=2018-12-17|archive-date=2024-05-24|archive-url=https://web.archive.org/web/20240524182836/https://books.google.com/books?id=CGE2synNNSEC&pg=PA32#v=onepage&q&f=false|url-status=live}}</ref> Some OSes, such as [[macOS]] and some [[Linux]] distributions (most notably [[Ubuntu (operating system)|Ubuntu]]<ref name="rootsudo">{{cite web|url=https://help.ubuntu.com/community/RootSudo|title=Rootsudo|work=ubuntu.com|access-date=16 September 2015|archive-date=5 November 2011|archive-url=https://web.archive.org/web/20111105004600/https://help.ubuntu.com/community/RootSudo|url-status=live}}</ref>), automatically give the initial user created the ability to run as root via {{mono|[[sudo]]}} β but this is configured to ask them for their password before doing administrative actions. In some cases the actual ''root'' account is disabled by default, so it can't be directly used.<ref name="rootsudo"/> In mobile platform-oriented OSs such as [[Apple iOS]] and [[Android (operating system)|Android]], superuser access is inaccessible by design, but generally the security system can be [[Exploit (computer security)|exploited]] in order to obtain it.{{cn|date=June 2022}} In a few systems, such as [[Plan 9 from Bell Labs|Plan 9]], there is no superuser at all.<ref>{{Citation |last1=Cox |first1=Russ |title=Security in Plan 9 |url=http://plan9.bell-labs.com/sys/doc/auth.html |archive-url=https://web.archive.org/web/20180711193251/http://plan9.bell-labs.com/sys/doc/auth.html |publisher=[[Bell Labs]] |archive-date=11 July 2018 |last2=Grosse2 |first2=Eric |last3=Pike |first3=Rob |last4=Presotto |first4=Dave |last5=Quinlan |first5=Sean |author-link3=Rob Pike |url-status=dead}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)