Root account

from Wikipedia, the free encyclopedia

The root account or superuser account is the user account that must be created when an operating system is installed and that has extensive access rights .

This account is not intended for everyday use of the system, but only for special administrative tasks because it involves extensive risks.

Unixoid systems

On Unixoid systems, each user account is associated with a number: the so-called "UID" ( User ID ). The first user account on each system has the UID  0 and has all rights over the resources of the system on historical Unix systems . Because this account to install the computer is necessary and therefore, all files and directories emerge from this account, you can here from a "root" (English. Root ) speak. After installation is complete, you can account for this administration ( Administration to use the system). To work as root , you can either log in accordingly or use the command on the Unix shell to change your identity. su

Modern Unix systems such as B. Solaris implement fine-grained rights systems. Obtaining UID 0 on such systems does  not necessarily mean that all rights are obtained.

The user with root rights is the only user who has unrestricted rights on a Unix computer, which is particularly useful when it comes to file management ( file rights, etc.) and the use of system resources ( memory , devices ). The root is also given a special position in the management of the kernel and process control : The root can change all processes at will and thus restart the computer, for example . With a kernel that supports dynamically loadable modules , root can act indirectly with the kernel space on the next level.

Should a malicious cracker find out the password of the root user, the root user is completely compromised. In order to hide their own presence from the system administrator following a successful attack, attackers use so-called rootkits .

Typically, the user's root prompt differs from the others by a final hash (#) instead of a dollar sign ($). In this case, system administrators speak of a root prompt.


When installing macOS , an account is created for the system administrator with the name root and one for the admin with a user-definable name. With macOS Server , both accounts receive the same password, while with normal macOS the root account does not receive a password and is locked. The admin is not only denied some things that are possible for root , but also vice versa.

Debian and Ubuntu

When installing Debian , direct use of the root account can also be prevented. Under the Debian-based Ubuntu there is not even the option to proceed differently with the normal installation. For security reasons, the admin user group does not have any further permissions than running sudo . In this way, its members can temporarily obtain superuser rights. Usually sudo is called automatically as soon as the superuser rights are required. However, it is sudo passwdpossible at any time using the command to permanently activate the root account by assigning it a valid password.


toor is the backward word for root and represents an alternative root account, especially on BSD derivatives. The account also has the UID 0, but differs from the root account through a different configuration, primarily a different shell.

Usually one account (usually root) has a large shell (like bash or zsh) while the other account (usually toor) has only a minimal shell. The point is to have an account ready with system administration capabilities, even if the standard shell of one account can no longer be started (for example if the partition on which the shell is located cannot be mounted). "toor" is also the password for the root account in the well-known BackTrack distributions and now also in Kali Linux .


While MS-DOS and the original Windows up to the Millennium Edition (DOS line up to Windows 9x ) only allowed a single user account, which inevitably had all authorizations, the Windows NT line supports several user accounts with different authorizations. The root account here has the user name Administrator . However, there is another user account with higher rights than those of the administrator. This is called SYSTEM , but is not normally used to administer the computer. The user account with the name Administrator is not visible on the logon screen in Windows XP by default, but can still be used by opening the classic logon dialog, either via the settings or by pressing the  +  + key combination , also known as the " bracket grip " twice , on the Login screen appears. Under Windows Server 2008 R2 there is also a user account with the name Administrator , which must be set up when the system is started for the first time after installation and which also has the highest privileges with Windows Server 2012 Standard / Datacenter . StrgAltEntf

See also

Web links

supporting documents

  1. The superuser account . FreeBSD Foundation ( Archived from the original on July 28, 2014. Retrieved May 7, 2017.
  2. ^ Mac OS X: Password Does Not Work As Expected After a Change . Apple . October 8, 2008. Retrieved April 24, 2011.
  3. Ubuntu User Management . Retrieved July 20, 2014.