WatchPoint Security Blog

Fast Facts Regarding Linux Root User

Written by Chris Hartwig | March 11, 2016

If you are new to Linux you may have a few questions about the root user and its intended use. It’s imperative that you understand when you should or shouldn’t use the root account and the dangers of using the root account like a Windows administrator. The two operating systems are quite different and the potential for damaging your system using the root account in Linux is much greater.

When should I use root?

Root Privileges refers to the rights of the root user over the file system and all commands. These include rights to modify the system and grant and revoke access permissions. Root is the only account having write permissions in the root directory. Root has default access to all command and files on a Linux OS.

You shouldn’t use root unless absolutely necessary. It is very easy to damage a Unix-like system when using it as root. Much easier than on other OS’s that compensate for a lack of robust permissions systems through other methods of protection. The root user has maximum flexibility to configure the system and there is no safety net for the root user in the event of an error such as deleting a critical system file. Avoid using the root account except when absolutely necessary, even by experienced system admins. Instead you should use commands such as su, kdesu and sudo that provide users with root privileges only as needed and without requiring a new login.

 Processes and root user

All processes started by the root user have root privileges. Attackers will often exploit errors in application programming and use that to exploit and obtain control of a system when a program is run with root privileges.

 How to use su, kdesu and sudo.

su – is the switch user command. You can use this command to switch to a different user. You will be promoted for that user’s password in order to make the switch. If you type su without any other option; Linux will switch to the root account.

$ su csmith
password:
cmith@sandy:~$

 kdesu –is a graphical front end for the su command. The default user for kdesu is root, therefore, if no user name is specified in the command, root's password will be requested by this dialog box.

kdesu [-u username] [options] command

 sudo – allows you to run any command as the root user. You just have to append sudo to the beginning of the command. In order to install programs you will run a command similar to this.

sudo apt-get install {package-name} – installs packages with root privileges

sudo apt-get remove {package-name} – removes packages with root privileges

sudo apt-get update {package-name} – updates packages with root privileges

 

A few Good Things to Know

/ = root directory

/root = root users home directory

/home = location of user home directories other than root

 

Linux uses UID’s to keep track of users.

Root is always 0.

 Use the echo command to display UID of current user.

Syntax: Echo $UID

 

 /etc/passwd is the configuration for user data and includes a listing of all UID’s

Syntax to view: cat /etc/passwd | less

The output of the /etc/passwd is piped to the less command to allow it to be read one screen at a time.