What is root in Linux, how does it work, and how to use it safely?

If you've just landed on GNU/Linux from Windows or macOS, one of the first things you should understand is how permissions work and who really controls the systemThat “supreme leader” is called root And if you don't know it well, it's easy to make a huge mistake with just one command.

The basic idea is simple: in Linux, not all users can do everything. There are regular accounts with limitations and a special account with absolute powers. Throughout this article, we'll see What exactly is the root user in Linux, what is it used for, how to use it wisely, and what are the risks of using it carelessly?in addition to reviewing the commands in detail sudo y su, root password management and some practical tricks.

What is root in Linux and what types of users are there?

In any Unix-like system, including GNU/Linux, the user root is the superuser who can do and undo whatever he wants: read, modify or delete any file, install or remove software, change permissions, format disks or turn off the computer whenever you want.

To understand why root exists, it is helpful to distinguish between types of accounts that coexist in a typical Linux systemBroadly speaking, we find three categories: normal users, the root user itself, and special system users used by services and daemons.

The Normal user accounts are intended for everyday useThey can browse, program, edit documents, play games… They have restricted access to critical parts of the system, cannot install packages globally, or write to directories such as: / Etc, / Usr o / var without increasing privileges.

At the other extreme is root, which would be equivalent to the administrator in Windows, but with even more freedom of actionThere is almost nothing forbidden for this user: they can change system files, mess with the boot process, modify permissions and owners of whatever they want, and even delete the entire file system with a single poorly executed command.

In between there is a less visible category: the so-called system or service users (daemon)These are accounts without interactive sessions, with very limited permissions, used to make services such as web servers, databases, or system daemons work more securely.

How permissions and the sudo group work

By design, Linux takes privilege separation very seriously: A normal user cannot modify the system without explicitly requesting permission.This might be a bit of a shock if you're coming from a system where your account is always administrator.

To allow a regular user to perform administrative tasks from time to time, there is a special group sudoAny account belonging to this group can execute specific commands with root privileges using the sudo command.

Adding a user to the appropriate group is very simple: just run something like sudo usermod -aG sudo usernameFrom then on, that user becomes a "sudoer" and will be able to elevate permissions when needed.

The expected behavior is that, when executing, for example sudo apt-get update, the system requests the that user's password (not the root one) and, if it is correct and you are authorized, run the command with administrator privileges.

This mechanism allows that It is not necessary to log in as root for maintenance tasksIn fact, in many modern distributions it is the recommended way and even the only way supported by default to operate with elevated privileges.

What is root and what is it used for in practice

When we talk about the root user, we are talking about the account that It concentrates all administrative privileges over the systemIt is indispensable for many tasks, but its direct use should be limited because a mistake with this account is usually irreversible.

The good news is that you almost never need to log in directly as root: You can request temporary privileges using sudo or suRun whatever you need and go back to working as a normal user.

In everyday use, the most common uses of root (directly or indirectly) are, among others, the following:

• Software Installation and RemovalAny package manager (apt, dnf, pacman, etc.) needs superuser permissions to install, update, or delete programs at the system level.
• Editing critical configuration files: files like / Etc / hosts, / etc / fstab, / Etc / passwd or service configurations can only be modified with elevated privileges.
• Changing system account passwords, including the root password: commands like passwd root They require special permissions to update the password database.
• Execution of potentially destructive commands: tools such as rm, chmod, chown o mkfs They can destroy the system if misused; that's why they demand privileges to operate on sensitive routes.
• System management actionsRestarting, shutting down, managing services, mounting and unmounting partitions, managing users and groups... all of this requires superuser permissions.

Whenever an action returns a message of "permission denied"There is a high probability that, by running the same command with sudo or as root, the operation will be performed without problems… another thing is whether it should be done or whether it is safe.

sudo command: run as root while still being yourself

The command sudo It is, nowadays, the recommended way to execute a specific command with superuser privileges While maintaining your normal user identity. It's like borrowing root access for a few seconds.

Its basic use consists of Add the word sudo before the command you want to run with elevated privilegesFor example, if you want to install a program from the repositories on a Debian-based distribution, you would type something like sudo apt install gparted.

By doing so, the system will ask you your own user password (if you belong to the sudoers group). You will not be asked for the root password, which is a significant advantage from a security standpoint, because nobody needs to know the system's master password.

Once you enter the password and it is validated, Only that command is executed with root privileges, and then you revert to the same restrictions as always.In other words, you don't become root; you simply execute a command "on its behalf".

In addition, sudo incorporates a “time of grace”For a few minutes after successful use, it usually allows you to run more commands with `sudo` without being prompted for your password again. This is convenient, although some consider it a small security vulnerability because if someone gains control of your session during that interval, they could execute dangerous commands without needing your password.

su command: switch user (and become root)

The command su It comes from “substitute user” and is intended for Switch between accounts from the terminal without logging out of the current sessionWhat it does is open a new shell as another user.

If you simply run su Without arguments, the system assumes by default that you want become rootIn that case, it will ask for the root account password and, if it is correct, you will then have a superuser prompt.

You can use it to switch to any other user by typing your usernameIn that case, you will be asked for the password for that specific user, and if you enter it correctly, You will retain their identity, but you will continue with the previous user's environment. unless you pass certain options.

To "enter as if you had logged in graphically" with that user (i.e., to load their environment, variables, home directory, etc.), it is recommended to use his - o your – username. The option - (equivalent to -l o -login) forces a login shell.

While you are under his, All commands you execute will be done with the identity of the user you have switched to.To return to your original account, simply type exit, which will return you to the previous shell.

Obtain a root session and compare it with sudo

Although it's not the safest method, there are situations where it can be useful. work for a while with a root shellFor example, in very intensive administration or recovery tasks.

In distributions where the root account is enabled, simply run his - and provide the root password. From that point on, you'll see that the prompt usually changes and The symbol $ is replaced by the symbol #, a clear visual clue that you're playing in "anything goes" mode.

In systems like Ubuntu, where root is locked by default, it is more common to use sudo -iThis command provides you with a login shell as root using your own password (if you are authorized on sudoers), without having to remember a different password.

The fundamental difference with "normal" sudo is that `sudo -i` puts you in a persistent root session.You can chain commands together without preceding each one with `sudo`, until you type exit and return to your user account.

In terms of safety, it is more reasonable use sudo for specific commands and reserve the root shell only for very specific cases. The more time you spend as root, the easier it is to accidentally launch something dangerous.

The /etc/sudoers file and advanced sudo settings

Behind the magic of sudo is the file / Etc / sudoers, where it is defined who can use sudo, from where, and to execute which commandsIt's a sensitive file: editing it incorrectly can leave you without the ability to elevate privileges.

Therefore, it is strongly recommended to use the command visudo to modify it. This tool Open /etc/sudoers in your preferred editor and validate the syntax before saving.If you've made a mistake, it will warn you and prevent a corrupted file from being left behind.

In a typical system, you'll see lines like root ALL=(ALL:ALL) ALL, which indicate that root can execute any command, as can any user and group, from any host.Entries for special groups such as %sudo o %admin, which enable their members to use sudo.

The file supports User aliases, commands, and execution contextsThis is very useful for avoiding having to write huge lists every time. For example, you can group several users into one User_Alias and several dangerous commands in a Commander Alias and then define rules such as "this group of people can issue this set of orders".

There are also labels like NOPASSWD o NOEXEC which are used to adjust the behavior of sudo. The best known is NOPASSWD, which It allows you to run certain commands with sudo without being prompted for a password., useful in automations or scripts where there is no one to type the password.

Allow root commands without requiring a password

In some very specific scenarios it may be of interest Allow a user to execute one or more commands with root privileges without entering a passwordFor example: turning off the computer with a button, reloading a kernel module from a script, or running a scheduled task.

To do this, a command alias is usually created in / Etc / sudoers and is accompanied by the label NOPASSWD:A classic example would be something like this. myuser ALL=NOPASSWD: /sbin/shutdown, /sbin/rebootwhich authorizes that user to shut down or restart the system without sudo asking for the password.

You can also define User aliases (User_Alias) and command aliases (Cmnd_Alias) to simplify: for example, grouping multiple administrative users into GROUP and multiple power management commands into POWER, and then setting GROUP ALL = NOPASSWD: POWER.

The key is in Don't go crazy giving NOPASSWD to everythingIdeally, it should be limited to the strictly necessary commands and, if possible, to certain hosts or specific networks using host aliases.

A fun fact: adding the option insults to the line of Defaults In sudoers you can make it sudo I'll give you a "polite insult" in English when you enter the wrong passwordIt doesn't improve safety, but it certainly makes the experience more entertaining.

Risks of using root carelessly

Having the superuser access is essential, but Using root carelessly is the fastest way to ruin your systemLinux is designed to be robust, but if you run everything as root, blindly delete files, or change permissions without knowing, there are no miracles.

One of the best-known dangers is the accidental deletion of critical parts of the file system. Commands like rm-rf / o rm -rf /* They are lethal if launched as root: in a matter of seconds you can be left without an operating system.

Sometimes the problem isn't even an obviously dangerous command, but the effect of a poorly expanded variableFor example, if you write something like rm -rf "$directory"/* And if the variable is empty due to a bug in your script, you could end up deleting a location you didn't intend to.

Another serious risk is running as root. scripts or installers downloaded from the Internet without checkingIf the content is malicious, an attacker can install rootkits, backdoors, or spyware with full access, burrow into the system, and hide at the kernel level.

You also have to be careful when Modify permissions on sensitive paths with chmod or chownA command like chmod 000 /etc/ or a massive change in / Boot or in the bootloader (GRUB) it can leave the system in a state where it won't even boot, forcing you to resort to rescue means.

For these reasons, whenever you work with sudo, using su or root is a good idea Double-check the command, verify the path with ls before using rmAnd if you have any doubts, don't do anything until you're sure of what's going to happen.

Why do many distros disable root by default?

Distributions like Ubuntu and other derivatives opt for block the root account from the very beginning and delegate all administration to sudo. It's a design decision aimed at reducing risk, especially for novice users.

This means that, although root exists internally, You cannot log in with that account because it does not have a valid password.Instead, the user created during installation is automatically added to the sudo group.

This poses no problem for everyday life: You can install programs, update the system, or edit settings using sudo when needed.This prevents people from logging in as root and working permanently with unlimited permissions.

However, if for some reason you need to have a root password, You can enable the account by setting a password for it with `sudo passwd root`.From that moment on, you can switch to root with `su` or even log in graphically with that account (something not recommended).

If later you prefer to return to the original safe behavior, you can always Lock the account again with sudo passwd -dl rootThis will prevent its direct use, even though sudo will still work for authorized users.

Temporarily disable the root account

In environments where several people are using the same machine, it can happen that the root password ends up circulating from hand to handThis opens the door to unwanted changes or uncontrolled software installations.

One way to mitigate this is Block the root account using sudo passwd -l rootThis command disables the root password and It prevents you from logging in as root or performing root actions., keeping the system operational for those in the appropriate group.

When you block root in this way, anyone who wants to perform administrative tasks will have to Use sudo with your own user keyThis leaves a better trail and reduces the need to share a master password.

If at any point you need to use root again with its password, you can simply set a new password with sudo passwd rootThis reactivates the account and allows you to work with it again as before.

This approach is especially useful in shared computers, classrooms, or small servers where it's not desirable for just anyone to be able to become root without controlHowever, it is advisable to maintain a flexible management mechanism.

Recover or obtain the root password

It may be the case that You may have disabled the root account or simply not remember your passwordFortunately, most Linux distributions offer recovery methods from the boot manager itself or with the help of a LiveCD.

One common way is to take advantage of the menu of GRUBWhen you start the computer, you can access the Advanced Options and select the mode Recovery ModeFrom there, there is usually an entrance root which opens a superuser console with the system mounted in read-only mode.

To change your password you will need trace back to the root directory with write permissions using something like mount -o rw,remount /Then all you have to do is launch passwd rootenter a new password and finish with sync y reboot to save changes and restart.

If this method doesn't work or you prefer another option, you can always resort to a LiveCD or LiveUSB of any distribution (for example, Ubuntu). You boot from the middle, choose the "try without installing" option, and open a terminal.

In that terminal, you first become root temporarily with sudo suThen you use fdisk -l all with Identify the partition where the Linux you want to repair is installed. (for example, /dev/sda1), and you create a mount point like mkdir /mnt/recover followed by mount /dev/sda1 /mnt/recover.

Then you execute chroot /mnt/recover all with “enter” that system as if it were your own and finally you throw passwd root To set a new superuser password. Upon exiting and restarting, the system will boot with the newly configured password.

Daily management with root: example of files, permissions and basic commands

Beyond pure theory, the root user's presence is most noticeable when working in system directories and maintenance operationsIf you want to, for example, move a downloaded font to a global font directory, you'll need those privileges.

Imagine you have a file called Underdog (in ZIP format and also as a folder) in your folder of Downloads and you want to place it in / usr / share / fonts /Since this is a protected route, you will need to use sudo cp o sudo mv to copy or move these files and folders to the destination.

Similarly, for update the system from the terminal You'll throw something like sudo apt update followed by sudo apt upgrade On Debian-based distributions, without sudo, the package manager will return permission errors when you try to open its state files.

When navigating system paths, it's very useful to master commands like ls, cp, mv, rm, chmod or chownls lists contents, cp and mv copy or move, rm deletes, chmod adjusts permissions numerically (for example, 644 so the owner can read and write and the rest can only read) and chown changes the owner.

Operations such as Change the owner of a file to your normal user with chown They can save you from constantly using sudo. Typically, you'd run something like sudo chown debian:debian file so that from then on “debian” can manipulate that file without escalating privileges.

In short, a good understanding of what root is, how sudo and su interact, how to configure /etc/sudoers, and the dangers of abusing superuser privileges will allow you to Get the most out of Linux without risking your system with every commandUsed wisely, the superuser is a powerful tool for managing servers and personal computers; used carelessly, it's the fastest way to end up reinstalling from scratch.