Jump to content

Superuser

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Carambola (talk | contribs) at 20:30, 22 November 2006. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

On many computer operating systems, superuser is the term used for the special user account that is controlled by the system administrator.

Many older operating systems on computers intended for personal and home use, including MS-DOS and Windows 95, are not multi-user operating systems, and there is no distinguished superuser account. Effectively any user of the system has administrator privileges. Separation of administrative privileges from normal user privileges makes an operating system more resistant to viruses and other malicious software, and the lack of this separation in these operating systems has been cited as one major reason why these operating systems are less secure.

Unix and Unix-like

In Unix-style computer operating systems, root is the conventional name of the user who has all rights or permissions in all modes (single- or multi-user). Alternative names include baron in BeOS and avatar on some Unix variants. BSD often provides a toor ("root" backwards) account in addition to a root account. The root user can do many things an ordinary user cannot, such as changing the ownership of files and binding to ports numbered below 1024.

Generally, it is not good practice for anyone to use root as their normal user account, because simple typographical errors can cause major damage to the system. It is recommended to create a normal user account instead and then use the su command to switch when necessary. Some use the sudo utility instead, which allows a measure of graduated access.

Many operating systems, such as Mac OS X, allow administrator accounts which provide greater access while shielding the user from most of the pitfalls of full root access. In some cases, the root account is disabled by default, and must be specifically enabled.

Software defects which allow a user to "gain root" (to execute with superuser privileges code supplied by that user) are a major security issue, and the fixing of such software is a major part of maintaining a secure system. One common way of gaining root is to cause a buffer overflow in a program already running with superuser privileges. This is often subsided in modern operating systems by running critical services, such as httpd, under an unique limited account.

If a person "has root access", it means that they are able to act as the administrator of that computer. "Having root" (ie, being the administrator of the system) is commonly associated with a so-called "feeling of power", to rule and divide, mostly by less experienced users. Many experienced Unix system administrators regard this as unimportant, with the argument that "it's only meant for maintaining the system". Nevertheless, boasting about having root access is quite common on the Internet.

Windows NT

In Windows NT and later systems derived from it (Windows 2000, Windows XP, Windows Server 2003 and Windows Vista), there may or may not be a superuser. By default, there is a superuser named Administrator, although it is not an exact analogue of the Unix root superuser account. Administrator does not have all the privileges of root because some superuser privileges are assigned to the Local System account in Windows NT.

To run a program as a superuser in Windows XP and probably later versions of Windows, use the command runas. See Microsoft's documentation for runas for more details.

See also

Retrieved from "https://en.wikipedia.org/w/index.php?title=Superuser&oldid=89514030"