System Admin  «Prev  Next»
Lesson 4 The superuser and root privileges
Objective Use the su Command to obtain Root Privileges

Use the su Command to obtain Root Privileges

All UNIX systems have a special user account that has absolute power over all aspects of system operation. By convention, this account is usually named root. The root account has the power to override all the access permissions built into the system. If something can be done on the system, the root account can do it. The password for the root account is called the root password. Having the powers of the root account is called having root privileges.
Because the root account has universal privileges, it can be dangerous. For example, if an unauthorized individual obtains access to the root account, the system is completely compromised. The greatest threat to the system, however, is the system administrator armed with the root password. The access control mechanisms of any operating system are the best defense against errors. When these access controls are missing, common errors can have serious consequences. For these reasons, you should use the root account only when necessary, and you should be extra alert whenever you possess root privileges.

Two methods for root privileges

You can obtain root privileges via two methods:
  1. Log in as root from the console.
  2. Log in as a normal user, then assert root privileges using the su command.

Unless you specially configure your machine, you will not be able to log in remotely using the first method.
Obtaining Using Root Privileges
If you are a non-root user, you can use the su command to gain access to the account of another user, as long as you know the password of that user.

Becoming Superuser

On a Unix system, the superuser refers to a privileged account with unrestricted access to all files and commands. The username of this account is root. Many administrative tasks and their associated commands require superuser status. There are two ways to become the superuser. The first is to log in as root directly. The second way is to execute the command su while logged in to another user account. The su command may be used to change the current account of a user to that of a different user after entering the proper password. It takes the username corresponding to the desired account as its argument; root is the default when no argument is provided. After you enter the su command (without arguments), the system prompts you for the root password. If you type the password correctly, you will get the normal root account prompt (by default, a number sign: #), indicating that you have successfully become superuser and that the rules normally restricting file access and command execution do not apply. For example:
$ su
Password: Not echoed
#

If you type the password incorrectly, you get an error message and return to the normal command prompt.You may exit from the superuser account with exit or Ctrl-D. You may suspend the shell and place it in the background with the suspend command; you can return to it later using fg. When you run su, the new shell inherits the environment from your current shell environment rather than creating the environment that root would get after logging in. However, you can simulate an actual root login session with the following command form:
$ su -
Unlike some other operating systems, the Unix superuser has all privileges all the time: access to all files, commands, etc. Therefore, it is entirely too easy for a superuser to crash the system, destroy important files, and create havoc inadvertently. For this reason, people who know the superuser password (including the system administrator) should not do their routine work as superuser. Only use superuser status when it is needed.

On Redhat Enterprise Linux you can enter
$sudo su