Superuser
Encyclopedia
On many computer operating system
s, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor.
Normal work on such a system is done using ordinary user accounts, and because these do not have the ability to make system-wide changes any viruses
and other malware
- or simple user errors - do not have the ability to adversly affect a whole system. In organizations, administrative privileges are often reserved for authorized experienced individuals.
-style computer operating systems, root is the conventional name of the user who has all rights or permissions (to all files and programs) in all modes (single- or multi-user). Alternative names include baron in BeOS
and avatar on some Unix variants. BSD often provides a toor (“root” backwards) account in addition to a root account. Regardless of the name, the superuser always has user ID 0. The root user can do many things an ordinary user cannot, such as changing the ownership of files and binding to network ports
numbered below 1024. The name "root" may have originated because
of a Unix system and this directory was originally considered to be root's home directory
.
The first process bootstrapped in a Unix-like system, usually called init
, runs with root privileges. It spawns all other processes directly or indirectly, which inherit their parents' privileges. Only a process running as root is allowed to change its user ID to that of another user; once it's done so, there is no way back. Doing so is sometimes called dropping root privileges and is often done as a security measure to limit the damage from possible contamination of the process. Another case is login
and other programs that ask users for credentials and in case of successful authentication
allow them to run programs with privileges of their accounts.
It is never good practice for anyone (including system administrators) to use root as their normal user account, since simple typographical errors in entering commands can cause major damage to the system. It is advisable to create a normal user account instead and then use the su command to switch when necessary. The sudo
utility can also be used instead to allow a measure of graduated access.
Many operating systems, such as Mac OS X
and some Linux
distributions, allow administrator accounts which provide greater access while shielding the user from most of the pitfalls of full root access. In some cases, the root account is disabled by default, and must be specifically enabled. In a few systems, such as Plan 9
, there is no superuser at all.
Software defects which allow a user to “gain root
” (to execute with superuser privileges code supplied by that user) are a major computer security
issue, and the fixing of such software is a major part of maintaining a secure system. One common way of gaining root is to cause a buffer overflow
in a program already running with superuser privileges. This is often avoided in modern operating systems by running critical services, such as httpd
, under a unique limited account.
and later systems derived from it (such as Windows 2000
, Windows XP
, Windows Server 2003
, and Windows Vista
/7), there must be at least one administrator account (Windows XP and earlier) or is able to elevate privileges to superuser (Windows Vista/7 via User Account Control
). In Windows XP and earlier systems, there is a built-in administrator account that remains hidden when a user administrator-equivalent account exists. This built-in administrator account is created with a blank password. This poses security risks, so the built-in administrator account is disabled by default in Windows Vista and later systems due to the introduction of User Account Control (UAC).
A Windows administrator account is not an exact analogue of the Unix
root account - some privileges are assigned to the "Local System account". The purpose of the administrator account is to allow making system-wide changes to the computer (with the exception of privileges limited to Local System).
The built-in administrator account and a user administrator account have the same level of privileges. The default user account created in Windows systems is an administrator account. Unlike Mac OS X, Linux, and Windows Vista/7 administrator accounts, administrator accounts in Windows systems without UAC do not insulate the system from most of the pitfalls of full root access. One of these pitfalls includes decreased resilience to malware infections. In Microsoft Windows 2000, Windows XP Professional, and Windows Server 2003, administrator accounts can be insulated from more of the these pitfalls by changing the account from the administrator group to the power user group in the user account properties but this solution is not as effective as using newer Windows systems with UAC.
In Windows Vista/7 administrator accounts, a prompt will appear to authenticate running a process with elevated privileges. No user credentials are required to authenticate the UAC prompt in administrator accounts but authenticating the UAC prompt requires entering the username and password of an administrator in standard user accounts. In Windows XP (and earlier systems) administrator accounts, authentication is not required to run a process with elevated privileges and this poses another security risk that lead to the development of UAC. Users can set a process to run with elevated privileges from standard accounts by setting the process to "run as administrator" or using the "runas" command and authenticating the prompt with credentials (username and password) of an administrator account. Much of the benefit of authenticating from a standard account is negated if the administrator account's credentials being used has a blank password (as in the built-in administrator account in Windows XP and earlier systems).
and Windows 9x
, do not have the concept of multiple accounts and thus have no separate administrative account; anyone using the system has full privileges. The lack of this separation in these operating systems has been cited as one major source of their insecurity.
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor.
Normal work on such a system is done using ordinary user accounts, and because these do not have the ability to make system-wide changes any viruses
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
and other malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
- or simple user errors - do not have the ability to adversly affect a whole system. In organizations, administrative privileges are often reserved for authorized experienced individuals.
Unix and Unix-like
In UnixUnix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
-style computer operating systems, root is the conventional name of the user who has all rights or permissions (to all files and programs) in all modes (single- or multi-user). Alternative names include baron in BeOS
BeOS
BeOS is an operating system for personal computers which began development by Be Inc. in 1991. It was first written to run on BeBox hardware. BeOS was optimized for digital media work and was written to take advantage of modern hardware facilities such as symmetric multiprocessing by utilizing...
and avatar on some Unix variants. BSD often provides a toor (“root” backwards) account in addition to a root account. Regardless of the name, the superuser always has user ID 0. The root user can do many things an ordinary user cannot, such as changing the ownership of files and binding to network ports
TCP and UDP port
In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. A port is associated with an IP address of the host, as well as the type of protocol used for communication...
numbered below 1024. The name "root" may have originated because
root is the only user account with permission to modify the root directoryRoot directory
In computer file systems, the root directory is the first or top-most directory in a hierarchy. It can be likened to the root of a tree — the starting point where all branches originate.-Metaphor:...
of a Unix system and this directory was originally considered to be root's home directory
Home directory
A Home directory is a file system directory on a multi-user operating system containing files for a given user of the system. The specifics of the home directory is defined by the operating system involved; for example, Windows systems between 2000 and 2003 keep home directories in a folder...
.
The first process bootstrapped in a Unix-like system, usually called init
Init
init is a program for Unix-based computer operating systems that spawns all other processes. It runs as a daemon and typically has PID 1. The boot loader starts the kernel and the kernel starts init...
, runs with root privileges. It spawns all other processes directly or indirectly, which inherit their parents' privileges. Only a process running as root is allowed to change its user ID to that of another user; once it's done so, there is no way back. Doing so is sometimes called dropping root privileges and is often done as a security measure to limit the damage from possible contamination of the process. Another case is login
Login
Login is the method whereby a user obtains access to a computer system.Login may also refer to:*Magazines:** LOGiN, published by Enterbrain** ;login:, published by USENIX* Login, Carmarthenshire, an hamlet in Carmarthenshire...
and other programs that ask users for credentials and in case of successful authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
allow them to run programs with privileges of their accounts.
It is never good practice for anyone (including system administrators) to use root as their normal user account, since simple typographical errors in entering commands can cause major damage to the system. It is advisable to create a normal user account instead and then use the su command to switch when necessary. The sudo
Sudo
sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user...
utility can also be used instead to allow a measure of graduated access.
Many operating systems, such as Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
and some Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
distributions, allow administrator accounts which provide greater access while shielding the user from most of the pitfalls of full root access. In some cases, the root account is disabled by default, and must be specifically enabled. In a few systems, such as Plan 9
Plan 9 from Bell Labs
Plan 9 from Bell Labs is a distributed operating system. It was developed primarily for research purposes as the successor to Unix by the Computing Sciences Research Center at Bell Labs between the mid-1980s and 2002...
, there is no superuser at all.
Software defects which allow a user to “gain root
Privilege escalation
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user...
” (to execute with superuser privileges code supplied by that user) are a major computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
issue, and the fixing of such software is a major part of maintaining a secure system. One common way of gaining root is to cause a buffer overflow
Buffer overflow
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
in a program already running with superuser privileges. This is often avoided in modern operating systems by running critical services, such as httpd
Httpd
httpd stands for Hypertext Transfer Protocol Daemon .The implied meaning can be:* Apache HTTP Server* Canopy HTTPd HTTP server* CERN HTTPd HTTP server* Lighttpd HTTP server* NCSA HTTPd HTTP server...
, under a unique limited account.
Windows NT
In Windows NTWindows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
and later systems derived from it (such as Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
, Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
, Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
, and Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
/7), there must be at least one administrator account (Windows XP and earlier) or is able to elevate privileges to superuser (Windows Vista/7 via User Account Control
User Account Control
User Account Control is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7 and Windows Server 2008 R2...
). In Windows XP and earlier systems, there is a built-in administrator account that remains hidden when a user administrator-equivalent account exists. This built-in administrator account is created with a blank password. This poses security risks, so the built-in administrator account is disabled by default in Windows Vista and later systems due to the introduction of User Account Control (UAC).
A Windows administrator account is not an exact analogue of the Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
root account - some privileges are assigned to the "Local System account". The purpose of the administrator account is to allow making system-wide changes to the computer (with the exception of privileges limited to Local System).
The built-in administrator account and a user administrator account have the same level of privileges. The default user account created in Windows systems is an administrator account. Unlike Mac OS X, Linux, and Windows Vista/7 administrator accounts, administrator accounts in Windows systems without UAC do not insulate the system from most of the pitfalls of full root access. One of these pitfalls includes decreased resilience to malware infections. In Microsoft Windows 2000, Windows XP Professional, and Windows Server 2003, administrator accounts can be insulated from more of the these pitfalls by changing the account from the administrator group to the power user group in the user account properties but this solution is not as effective as using newer Windows systems with UAC.
In Windows Vista/7 administrator accounts, a prompt will appear to authenticate running a process with elevated privileges. No user credentials are required to authenticate the UAC prompt in administrator accounts but authenticating the UAC prompt requires entering the username and password of an administrator in standard user accounts. In Windows XP (and earlier systems) administrator accounts, authentication is not required to run a process with elevated privileges and this poses another security risk that lead to the development of UAC. Users can set a process to run with elevated privileges from standard accounts by setting the process to "run as administrator" or using the "runas" command and authenticating the prompt with credentials (username and password) of an administrator account. Much of the benefit of authenticating from a standard account is negated if the administrator account's credentials being used has a blank password (as in the built-in administrator account in Windows XP and earlier systems).
Older personal systems
Many older operating systems on computers intended for personal and home use, including MS-DOSMS-DOS
MS-DOS is an operating system for x86-based personal computers. It was the most commonly used member of the DOS family of operating systems, and was the main operating system for IBM PC compatible personal computers during the 1980s to the mid 1990s, until it was gradually superseded by operating...
and Windows 9x
Windows 9x
Windows 9x is a generic term referring to a series of Microsoft Windows computer operating systems produced since 1995, which were based on the original and later modified Windows 95 kernel...
, do not have the concept of multiple accounts and thus have no separate administrative account; anyone using the system has full privileges. The lack of this separation in these operating systems has been cited as one major source of their insecurity.
External links
- root Definition - by The Linux Information Project (LINFO)
- An Introduction to Mac OS X Security
- Discussion on origin of Charlie Root at pipermail