Root in Linux: what it is, what it's for, and how to use it safely

Informatec Digital » Resources » Root in Linux: what it is, what it's for, and how to use it safely

If you're coming from Windows (consult user accounts in WindowsIf you land on Linux, the famous root user might sound like gibberish, but it's actually the key piece that separates a stable and secure system from a complete disaster. Root is the "absolute boss" of the system, the one who can install, delete, break, and fix practically anything without asking permission.

Understanding the purpose of root in Linux, how it relates to sudo and su, and its associated risks It is essential for managing your equipment, whether it's a home laptop or a production serverIn this article you will see, in considerable detail and in easy-to-understand language, what root is, how it is used in different distributions (especially in Ubuntu), what dangers it has and what best practices should be followed to avoid rendering your machine unusable.

What is the root user in Linux and what makes it special?

In any GNU/Linux system there is a user with full privileges called root, also known as superuserThis user has UID 0 and is not subject to the usual file and process permission restrictions: they can read, modify or delete any file, install or uninstall software, change system settings, manage other users and touch critical services.

If you compare it to Windows, root would be the equivalent of Administrator, but with even more powerBecause in Linux the permissions model is more refined and the separation between users and services is much stricter. While a normal user is limited in what they can do in paths like /etc, /usr, /var o /bootRoot access lets you in everywhere without asking for permission.

In addition to regular users and root, Linux defines "system users" or service accounts (Daemons) with very limited permissions are used to run web servers, databases, or other daemons. This means that even if a service is compromised, the attacker does not automatically gain full access to the machine… unless they manage to escalate privileges to root.

By default, a standard user cannot install system programs, modify global configuration files, or create directories in sensitive areas.To perform any of these tasks, you will need to elevate privileges using tools such as sudo o suwhich are precisely the usual mechanisms for "invoking" the superuser in a controlled manner.

In many modern distributions, especially Ubuntu and its derivatives, direct root login is disabled.Instead, during installation a normal user is created who belongs to the administrators group (for example, sudo o admin) and the command is used sudo to perform administrative actions by requesting your own password, not the root password.

Difference between normal users, root, and the sudo group

Linux implements a permissions system based on users and groupsBroadly speaking, we can distinguish three main types of accounts that you will encounter on a daily basis when talking about root:

Regular usersThese are the accounts of the people who use the system. They have a home They can install programs in their own directory, run desktop applications, save documents, etc. However, They cannot perform system administrative tasks how to install global packages, modify configurations in /etc or manage other users, unless they use sudo o su.

Root user: is the superuser with absolute control. It is not subject to permission restrictions except those imposed by the kernel itself or advanced security mechanisms.It can literally "do and undo as it pleases," from deleting the root directory to changing permissions on any file. That's precisely why it's not recommended for everyday tasks.

Administrator users (sudoers): are normal users who belong to a special group (usually sudo o admin) and They have permission to execute commands as root using sudoFor example, to add a user to the group sudo You can use something like this:
sudo usermod -aG sudo nombreusuario

Once a user is part of the sudo group, they can execute privileged commands by prefixing sudoThe system will ask for your password (not the root password), and if it's correct, it will execute the command with superuser privileges. This provides a good balance between security and convenience.

What is root in practice and what is it used for?

Beyond theory, the root user is the identity that the system uses to make any deep changesYou can continue working with your normal user account and only use root when necessary. Let's look at some of the main uses.

Install or uninstall system softwarePackage managers (such as) apt, dnf o pacmanThey need to write to protected paths, so They always run with root privilegesA typical example would be:
sudo apt install vlc

Edit system configuration filesMost system services and programs are configured through text files in directories such as /etcTo open them with an editor and save them, you need elevated privileges. For example:
sudo nano /etc/hosts

Change the root password or other user passwordsOperations such as changing the superuser's own password, or that of another account, involve accessing the system's password database. A typical command would be:
sudo passwd root

Execute potentially dangerous commands. tools like rm (delete), chmod (change permissions), chown (change owner) or mkfs (formatting) can do a lot of damage if misused. The system requires root permissions for operations that affect critical files or devices. to prevent a normal user from accidentally destroying the system.

Manage the startup, shutdown, and restart of the machine. Commands like reboot, poweroff or advanced handling of systemctl about system services They also require superuser privileges. For more information on systemd and its service management You can consult the specialized documentation. Otherwise, any user could restart a production server whenever they wanted.

In practice, if something fails with a "permission denied" error in Linux, it's quite likely you need to run it with root privileges. using sudo or temporarily switching to superuser with su.

sudo and su commands: when to use each one

Once you understand that root is the "owner" of the system, it's time to understand how to obtain those privileges from your normal user account.The two classic tools for this are sudo y suwhich do not do exactly the same thing, although many people mix them up.

sudo (“superuser do”) is used to execute a single command with the permissions of another user, usually root.You don't switch sessions, you don't become root "for everything"; only that specific command is executed with elevated privileges. For example:
sudo apt install gparted

Every time you use sudo The system will ask for your password (if you haven't entered it recently).After a few minutes of inactivity, the sudo "ticket" expires and you will have to authenticate again, which adds an important layer of security.

su (“switch user”) changes your user identity within the same sessionIf you use it without arguments, you will become root (it will ask for the root password) and all subsequent commands will be executed with those privileges until you exit. exit. For example: uterine
su
Contraseña:
whoami # devuelve 'root'

You can also use su nombreusuario to switch from one user to anotherprovided you know the password for the destination account. This will completely change the environment to that of the new user (variables, homeetc.) it is recommended to use su - o su - nombreusuario.

In general, it is considered safer and more advisable to use sudo for specific commands and resort to su only when you really need a prolonged root session (for example, in recovery tasks or complex maintenance).

Particularities of root in Ubuntu and derivative distributions

Ubuntu and many distributions based on it follow a fairly clear security philosophy: the root user exists, but is blocked from direct login.This means that after a standard installation you cannot log in as root in either the terminal or the graphical environment using a password, because it does not have one assigned.

Instead, Ubuntu opts for the intensive use of sudoDuring the installation process, an administrator user is created who belongs to the group sudoFrom there, any administrative task is done with:
sudo comando

If you need a "full" root shell in Ubuntu, you have several secure options.:
sudo -i # Open a root login session
sudo su - # Switch to root with login environment

Both methods leave you as root in that terminal until you exit with exitYou'll see that the prompt usually changes and ends in # instead of $This is a classic sign that you have superuser privileges. It's important to keep this in mind to avoid executing dangerous commands where they shouldn't be.

Although not recommended, you can enable the root user in Ubuntu by assigning it a password. with:
sudo passwd root
After entering and confirming the new password, root will be "unlocked" and it will be possible, for example, to use su without prior sudo or even allowing direct login via TTY or SSH (something highly discouraged on exposed servers).

Real risks of using root carelessly

Working as root without knowing exactly what you're doing is like driving a truck in reverse on a highway: it might go well, but if you lose focus for a second, the mess is epic.Linux is designed to be quite secure by default, but as soon as you elevate privileges, many protections disappear.

The first major risk is accidentally deleting or corrupting the file systemCommands such as:
rm -rf /
rm -rf /*
or even more subtle constructions such as:
rm -rf "$directorio"/*
They can destroy the entire system in a matter of seconds if they are run as root and the path is not what you think.Sometimes all it takes is an empty variable, a misplaced slash, or a misplaced tab key to turn a seemingly innocent command into a catastrophe.

The second major danger is installing malicious software with full privilegesDownloading and running scripts from the internet as root without looking at the code is like giving the keys to your house to a stranger. A malicious script can install rootkitsKeyloggers or backdoors, modifying the kernel, spying on everything you do and staying hidden for a long time.

It is also relatively easy to compromise system security by tampering with critical file permissions.For example, if you run something like:
chmod 000 /etc -R
or you change the permissions of /boot or /etc/passwd without knowing what you're doing, You can render the machine unbootable or make user authentication impossible.In many cases, the only solution is to use a LiveCD or even reinstall.

From a security standpoint, always operating as root turns that account into a "single point of failure"If an attacker gains root access (through brute force, phishing, malware, etc.), they have complete control: they can encrypt disks, steal data, join a botnet, or use your server to attack third parties. To mitigate these risks, you should delve deeper into techniques for hardening with SELinux and other protection mechanisms.

Furthermore, intensive use of root makes traceability difficult.When commands are executed with sudoThe system records who launched them and when, whereas if everything is done as root it is not clear who is behind each action, which complicates audits and problem diagnoses.

Show asterisks when typing the sudo password

By default, when you enter your sudo password in many distributions (such as Ubuntu) you don't see any dots or asterisks.This was intended as a security measure to prevent anyone from deducing the length of your password just by looking at the screen, but in practice it's quite inconvenient: you type and nothing seems to happen.

For some time now, sudo has allowed the activation of a behavior called pwfeedbackIt displays an asterisk for each character you type. It doesn't reveal your password, but it confirms that the keyboard is responding and helps you detect typos.

To activate it, you need to edit the sudo configuration using the secure tool visudoThis validates the syntax before saving to prevent you from losing sudo privileges due to a silly mistake. The steps would be:

1. Open sudo settings:
sudo visudo

2. Add the line:
Defaults pwfeedback

3. Save and exit the editor

From that moment on, every time you enter your sudo password, asterisks will appear.If at any point you want to revert to the original behavior, simply remove that line using `return`. visudo.

Disable or block the root account

In environments where several people have access to the same computer, the root password can end up being shared more than usual.If too many people know that key, it's only a matter of time before someone makes (or suffers) a mess. A very reasonable solution is to disable the root account and work only with sudo.

When you lock the root account, you prevent users from logging in directly as that user. and you also prevent it from being used su To gain root access with your password. However, Authorized users will still be able to use sudo to execute privileged orders.

To lock the root account in many distros, simply run:
sudo passwd -l root

This command "freezes" the root password so that it cannot be usedIf you need to reactivate it later, you'll have to set a new password with something like:
sudo passwd root

Recover or change your root password if you have lost it

If you've forgotten your root password or locked your account and need to recover it, all is not lost.Linux offers several ways to reset it, usually by booting the system in a special mode or using a LiveCD.

A very common option is to do it from GRUB, using recovery modeMany distributions have an "Advanced options" entry where you can choose a "Recovery mode". Selecting it loads a limited environment with rescue options.

If you choose the option to obtain a root console in recovery modeThe standard flow is usually:

1. Mount the file system with write permissions:
mount -o rw,remount /

2. Set a new password for root:
passwd root

3. Synchronize data and restart to apply the changes:
sync
reboot

The other main option is to boot from a LiveCD or LiveUSB of a Linux distribution (for example, Ubuntu in "Try without installing" mode) and work on the installed system from outside.

In a typical scenario with LiveCD, the steps would be:

1. Open a terminal and obtain a temporary root shell:
sudo su

2. Identify the partition that contains your Linux system with something like:
fdisk -l

3. Mount that partition in a working directory (example using /dev/sda1):
mkdir /mnt/recover
mount /dev/sda1 /mnt/recover

4. Change the system root to the directory mounted with chroot:
chroot /mnt/recover

5. From there, use passwd root to set a new password and, after logging out and restarting, you will be able to log back in normally.

The /etc/sudoers file and how to fine-tune root permissions

One of the most powerful (and delicate) aspects of root management is the file /etc/sudoers, where it is defined who can use sudoThis is where you can customize elevated privilege access in detail, specifying where and to execute which commands.

Very important: never edit /etc/sudoers directly with any editorAlways use:
sudo visudo
because this tool Check the syntax before savingAn error in this file can prevent you from using sudo, and with visudo You minimize that risk.

Typical content of /etc/sudoers a clean Ubuntu includes lines similar to:
root ALL=(ALL:ALL) ALL
%sudo ALL=(ALL:ALL) ALL

The first indicates that the root user can execute any command on any host as any user and group.The second one does the same but for all users in the group. sudoIn this way, anyone in that group has total power via sudo.

For more advanced configurations, sudoers allows you to define aliases for users, commands, and execution groups., For example:

User_Alias ADMINES = pepe, perico, andres
Cmnd_Alias POWER = /sbin/shutdown, /sbin/halt, /sbin/reboot, /sbin/restart
Runas_Alias WEB = www-data, apache

With these definitions you could, for example, give ADMINES permission to shut down or restart the system without a password with a rule like:
ADMINES ALL = NOPASSWD: POWER

Labels like NOPASSWD They allow you to execute certain commands with sudo without having to type the password.This is very useful in automated scripts, integrations with other systems, or personal computers where you are the only user.

As a curiosity, there is an option called insults that, if you add it to the lines DefaultsIt makes sudo "insult" you in English every time you enter the wrong password.It doesn't improve safety, but at least it puts a smile on your face in the middle of work.

Using root to manage files and permissions from the terminal

In practice, much of the use of root is focused on managing files and permissions through the terminal.With superuser privileges you can move around the entire file system and modify whatever you need, always taking extreme precautions.

Some basic commands become especially sensitive when used as root. are:

ls: lists files and directories. As root you will even see files that other users cannot list.

cp y mvTo copy and move files or directories, use `sudo`. For example, you can use `sudo` to move a font from... Descargas to /usr/share/fonts/ so that it is available to the entire system.

rm: deletes files and folders. In combination with -r y -f It is extremely dangerous if you use it as root without properly checking the path.

chmod y chownThese settings change permissions and ownership. They are essential for granting access to files to specific users, but misuse can render the system insecure or unusable.

A typical example of using root to install a system source would be:

sudo cp ~/Descargas/Underdog.ttf /usr/share/fonts/
sudo chmod 644 /usr/share/fonts/Underdog.ttf

Mode 644 It indicates that the owner (root) can read and write, while the group and other users can only read., enough for the font to work but without allowing accidental changes.

Best practices when working with root, sudo, and su

Operating with superuser privileges is not something to be taken lightly.There are a number of guidelines that, if you internalize them, will save you a lot of trouble:

Minimize the time you spend as root. Uses sudo comando Whenever possible, avoid opening a persistent root session. The less time you spend with full privileges, the less likely you are to make a mistake.

Avoid at all costs running scripts from dubious sources with sudoIf you download a script from the internet and the first thing you see is "run this with sudo," open it with a text editor and read it carefully. If you don't understand what it does, don't run it.

Use testing environments (virtual machines, containers) to experimentIf you're going to be messing with sensitive configurations, testing aggressive commands, or running unclear scripts, do it first on a system you can safely break into. You can find guides on secure virtualization at [link to guides]. virtual machines and containers.

Configure sudo granularly when there are multiple administratorsIt's not the same for a user who only needs to restart a service as for someone who needs full control. Use /etc/sudoers to limit what each person can do.

Monitor authentication logs (/var/log/auth.log o journalctlThis allows you to see who is using sudo, from where, and with what commands. It's a simple way to detect unusual behavior or privilege abuse.

Do not browse the internet, open attachments, or run desktop applications as root.If a graphical application is compromised while you are running it as a superuser, the attacker hits the jackpot.

In short, root in Linux is an extremely powerful tool that must be treated with care.Understanding what sudo is for, when to use sudo or su, how to recover or lock the account, and how to adjust sudoers will allow you to manage your system safely and confidently, taking full advantage of the flexibility of GNU/Linux without risking your life every time you open the terminal.