Unix, the 'grand daddy' of Linux, has always been a MultiUser OperatingSystem. Because computers were very expensive, slow, and time on the typewriter was limited, people would write their programs and leave them running while the next user typed in theirs.
All users on a Unix system are the same, except one. That user is called the SuperUser and has complete control of the system. This user can kill any of the running processes and access all of the files (including the device files, so root is the one who configures the hardware), as opposed to ordinary users who can only mess with their own processes and files. Many other OperatingSystems have a similar notion of one or more super-privileged accounts. On Unix the SuperUser is called root [1] (think of a tree here), because this account alone has sufficient permissions to manipulate the files and directories involved in the creation of new user accounts. (You can change that of course, but you really don't want to.) If you are logged in as a regular user and you want to "become root", you use the command su(1) (which stands for switch user and can change you to any user).
Don't overuse the power of root! Working as root may be tempting since none of those pesky access restrictions boggle your mind, but it's very dangerous for exactly that reason. You accidentally rm(1) any part of the system and then it's gone. Someone who chances on your keyboard can get at anything on your computer. Any bugs in software can destroy your entire system. Nothing is safe from your touch.
- Does everything run as the SuperUser?
- No, that's a very silly idea. Programs can start as the SuperUser, get access to whatever they need to (perhaps a certain Port), and then relinquish their privileges. Most good programs are written this way. If your mail server ran as root, and there was a bug in it, you could crack root access by sending mail to a computer! (That is how the CodeRed worm worked.)
- If the super-user is the only person that can write to the sound card/some piece of hardware, how come I can too?
- The super user can 'grant access' to certain devices. For example, in most Linux distributions, /dev/dsp (the sound card, dsp stands for Digital Signal Processor) is set up so that it is owned by root but belongs to the group audio, both of which have write access. Adding users to the audio group then allows them to access the soundcard.
- Changing to root whenever I want to do any administration is too hard! or
RedHat/MacOSX asks me for the root password whenever I try and do any configuration, can I have the same thing?
- There is a program called sudo(1) that lets you perform tasks as root. You type sudo program-name, it optionally prompts you for password, and away you go. You can configure this so that you can perform certain super user tasks (anything using the hardware: ejecting a CD is a good example). sudo(1) is very powerful - you can allow specific users to do specific tasks under accounts other than their own, with or without being asked for permission. Take a good look at this very cool tool!
- I never had to worry about this in Windows 9x!
- That's right. Everyone is the super-user all the time in Windows 98. And indeed, if you want, you can log in as root for everything to Linux. Hopefully the above page has explained why you wouldn't want to do this. This is a choice that Linux offers you. This access model was introduced as standard in Windows NT and continues into Windows XP today.
[1] Extra for experts: the Linux SuperUser is defined by having UID 0, not by being named root. If you're particularly security conscious you can rename your superuser to anything you want, and your system will just keep on ticking. However, this is only SecurityByObscurity, so you should always have a strong and frequently changed password on your SuperUser account.
CategoryBeginners