Few things inspire the human conscience, very few. One of those things is power. The ability to own and control, without restrictions – what you want done, shall be done. Few things offer such power, quite a few. One of those things is a well built Linux Operating system and it does so by allowing you to be a superuser. In this article, we explore the meaning of such power, what you can do with it and why it even exists. This article shall demystify those boogie-man stories that are present about root.
In computing, there are roles that are set to be performed by specific users (accounts) and are restricted only to such accounts. Consider a family house analogy: the parents in such a household are allowed to go anywhere they want within the house, even without permission. The children of such a household are limited to some areas, some they may access with permission while others, they are restricted to go to, even with permission. For example, a safe with all the dirty little secrets is out off bounds to the kids. This analogy shall serve to explain the superuser concept.
The superuser account in computing is a user account with special permissions to administrate. Based on the operating system, the superuser account may go under different names but the common are administrator for Windows OS,s and root for Unix & Linux OS’s. In order to determine the superuser account, Linux and Unix use an identifier known as a user identifier (UID). The account that has the least UID (zero) is the superuser regardless of the name given to the account – mostly, root.
How does a Superuser account differ from a Normal account?
Most of the operating systems that we use implement a role based security model that ideally restricts access and functions based on the user who logged on to the system. For example, if you work in an enterprise dealing with computer security, a receptionist would have very different privileges as compare to a network security officer.
So, what can you do with it – the Superuser account…
To make it real simple and plain; a superuser had all rights and permissions to files and programs in single and multi-user models. In simpler terms, there is virtually nothing such a user cannot do, including corrupting the file system and rendering the operating system inoperable. Besides that, the superuser can do more reasonable tasks that include;
1. Changing file permissions and ownership.
2. Binding to a certain range of network ports.
3. Modify the root directory.
4. Change the ID of the init process
Sure, but what about Windows Administrator account?
The administrator account is the equivalent of root in Unix & Linux and such a user has the ability to do quite a lot on a Windows machine. In Windows XP and systems that preceded it, there was always an existent hidden admin account, with a blank password regardless of the existence of a administrator account. With eminent security problems, this model was thrown out of the window with the introduction of User Account Control (UAC) in later systems.
In Windows Vista, 7, 8 and 10, the UAC feature does a wonderful job insulating the computer from threats especially because the default user account is an administrator account. Once disabled, UAC protection non-existence causes pitfalls that are present with all root accounts and resilience to such pitfalls disappears in whim.
That said, you are now in the know about a superuser.