The Full Wiki

Superuser: Wikis


Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.


From Wikipedia, the free encyclopedia

On many computer operating systems, the superuser, or root, is a special user account used for system administration.

Many older operating systems on computers intended for personal and home use, including MS-DOS and Windows 9x, do not have the concept of multiple accounts and thus have no separate administrative account; anyone using the system has full privileges. Separation of administrative privileges from normal user privileges makes an operating system more resistant to viruses and other malware, and the lack of this separation in these operating systems has been cited as one major source of their insecurity.[1]However, requiring a user to validate his superuser status for simple administrative functions can inconvenience the administrator as he is required to repeatedly enter his login information.


Unix and Unix-like

In Unix-style computer operating systems, root is the conventional name of the user who has all rights or permissions (to all files and programs) in all modes (single- or multi-user). Alternative names include baron in BeOS and avatar on some Unix variants. BSD often provides a toor (“root” backwards) account in addition to a root account for better usability while performing administrative tasks. Regardless of the name, the superuser always has zero user ID. The root user can do many things an ordinary user cannot, such as changing the ownership of files and binding to network ports numbered below 1024. The etymology of the term may be that root is the only user account with permission to modify the root directory of a Unix system.[2]

The first process bootstrapped in a Unix-like system, usually called init, runs with root privileges. It spawns all other processes directly or indirectly, which inherit their parents' privileges. Only a process running as root is allowed to change its user ID to that of another user; once it's done so, there is no way back. Doing so is sometimes called dropping root privileges and is often done as a security measure to limit the damage from possible contamination of the process. Another case is login and other programs that ask users for credentials and in case of successful authentication allow them to run programs with privileges of their accounts.

It is never good practice for anyone to use root as their normal user account, since simple typographical errors in entering commands can cause major damage to the system. It is advisable to create a normal user account instead and then use the su command to switch when necessary. The sudo utility can also be used instead to allow a measure of graduated access.

Many operating systems, such as Mac OS X and some Linux distributions, allow administrator accounts which provide greater access while shielding the user from most of the pitfalls of full root access. In some cases, the root account is disabled by default, and must be specifically enabled. In a few systems, such as Plan 9, there is no superuser at all.

Software defects which allow a user to “gain root” (to execute with superuser privileges code supplied by that user) are a major computer security issue, and the fixing of such software is a major part of maintaining a secure system. One common way of gaining root is to cause a buffer overflow in a program already running with superuser privileges. This is often avoided in modern operating systems by running critical services, such as httpd, under a unique limited account.

Rooting of Android OS

There is a community of open-source enthusiasts that build and share Android-based firmware with a number of customizations and additional features, such as FLAC lossless audio support and the ability to store downloaded applications on the microSD card.[3] The community refers to this process as rooting the device. Rooting lets users load modified firmwares allowing users of older phones to use applications available only on newer releases.[4]

Those firmware packages are updated frequently, incorporate elements of Android functionality that haven't yet been officially released within a carrier-sanctioned firmware, and tend to have fewer limitations. CyanogenMod is one such firmware.

On 24 September 2009, Google issued a cease and desist letter[5] to the modder Cyanogen, citing issues with the re-distribution of Google's closed-source applications[6] within the custom firmware. Even though Android OS is open source, phones come packaged with closed-source Google applications for functionality such as the application store and GPS navigation. Google has asserted that these applications can only be provided through approved distribution channels by licensed distributors. Cyanogen has complied with Google's wishes and is continuing to distribute his mod without the proprietary software. He has provided a method to back up licensed Google applications during the mod's install process and restore them when it is complete.[7]

Windows NT

In Windows NT and later systems derived from it (Windows 2000, Windows XP, Windows Server 2003 and Windows Vista), there may or may not be a superuser. By default, there is a superuser named Administrator, although it is not an exact analogue of the Unix root superuser account. Administrator does not have all the privileges of root because some superuser privileges are assigned to the Local System account in Windows NT. The user may gain access to the Local System account by making Task Scheduler start a command prompt. Since Task Scheduler starts programs as Local System, the user can run any program as Local System. However, this may be regarded as a vulnerability.

In Windows Vista or later, you can use User Account Control to run a process with elevated privileges (for example, by right-clicking (Windows 2000 users must hold the SHIFT key while right-clicking) on the program and selecting Run as administrator). In earlier version of Windows, the command runas fulfils this task (see Microsoft's documentation for runas for more details).

Novell NetWare

In Novell NetWare, the superuser was called "supervisor", later "admin".

See also


External links

Got something to say? Make a comment.
Your name
Your email address