What is the root user in Linux and how to use it safely?

If you've been using Linux for a short time, sooner or later you'll have come across the famous root user, the superuser who can do and undo things in the system with virtually no limitsIt's that mysterious account that appears in tutorials, the one that allows you to install packages, tweak delicate settings, or fix a system that won't boot... but that can also wreck your machine with a single mistyped command.

In most modern distributions, especially Ubuntu and its derivatives, it's no longer common to log in directly as root. Instead, the preferred method is to use a different user. Use commands like sudo and su to gain administrator privileges only when necessaryThis reduces risks and leaves a trace in the system logs. Even so, a good understanding of what root is, how it differs from sudo and su, when to use them, how to deactivate the account, and how to recover the password is essential if you want to navigate Linux with ease.

What is the root user in Linux and why is it so special?

In any Unix-like system (Linux, BSD, macOS, etc.) there is a single superuser with a very clear role: root is the account with UID 0 and absolute authority over all files, processes, and system resourcesThere are no conventional permission restrictions; if root wants to read, modify, or delete something, it will.

From this account you can Install and uninstall programs, update the system, edit configuration files in /etc, manage services, create and delete users, format disks, or change critical permissionsIt is the equivalent of the Windows “Administrator” user, but with even more ability to access the inner workings of the system without restrictions.

For this reason, many distributions like Ubuntu opt for Do not allow direct root login after installationInstead, a normal account (belonging to the administrators group) is created and sudo is used to perform specific administrative tasks, reducing exposure to risk.

In other distributions, such as Debian in its classic configuration, it is common to define a password for root during installation, so that The superuser can be used directly in the console or for some very specific tasks.although the system itself also encourages the use of sudo.

In addition to root and "human" users, Linux also uses system users of the service type (daemon), with very limited permissionsThese special users run processes such as web servers, databases, or system daemons, so that a security flaw in a service does not automatically give absolute control of the system, as would happen if everything ran under root.

Types of users in Linux and how to find out who you are

Although in practical terms it may seem that there are many types of accounts, at the permissions level the division is very clear: root on one side and “the rest” on the otherAny user who does not have UID 0 is, technically, a non-privileged user, although they may have certain extra permissions thanks to sudo.

The usual work accounts are normal users with limited permissions on the file systemThey can manage their personal files, run applications, use the network and, if they are in the appropriate group, invoke sudo to gain additional privileges for specific tasks.

The root superuser is the global administration accountIt's not intended for daily use, but rather for maintenance, advanced configuration, or recovery operations. Therefore, many distributions make direct access to this account a bit more complicated, to avoid surprises for novice users and limit the impact of human error.

If you ever have any doubt about which user you are working as in a terminal, you can look at the Shell prompt: when it ends in $ you are using a normal account, and when it ends in # you are under rootYou can also run the command whoami or check the numeric identifier with the -uIf you get “root” or “0”, you are in superuser mode.

Additionally, the prompt usually shows the username, the computer name, the current directory, and the $ or # symbolFor example, something like alumno@equipo:/home/alumno$ indicates a normal user, while root@equipo:/root# It reflects a direct administration session.

root, sudo and su: what each one does and when to use them

In everyday use, we don't usually type the root password all the time. Instead, most modern distributions opt for Temporarily elevate privileges from a normal account using tools like sudo and suAlthough they are sometimes used interchangeably in conversations, they fulfill different roles and it is important to differentiate them clearly.

The command sudo (super user do) allows an authorized user to execute a specific command with permissions of another user, usually rootBy doing so, it records what has been executed, who launched it and when, leaving a record in the system's security logs.

For its part, your (substitute user) is intended for change user identity within the same terminal sessionIf you invoke it without parameters, it will usually try to switch to root (asking for the password). If you provide a username, you will switch to that account, with its permissions and environment.

How sudo works and why it's so important

In systems like Ubuntu, belonging to the group sudo (or “admin” in older versions) means that this account can execute commands as root by entering your own user passwordwithout needing to know the superuser password. The rules that control what each person can do are defined in the file / Etc / sudoers, which is edited securely with the command visudo.

To use it, simply place the word before it. sudo before the command that requires elevated privilegesFor example, package installation is usually done like this:

sudo apt install vlc

In this case, apt runs as root, writes to system directories like /usr or /var and logs changes to the package database, even though you are still logged in with your normal user. Once the order is completed, you will automatically revert to your normal permissions..

Additionally, sudo implements a small “time of grace”After entering your password, you can run `sudo` again for a few minutes without being prompted for it. This speeds up administration, but also introduces a small vulnerability if someone accesses your computer during that time. If you want to tighten this policy, you can set the grace period to zero by editing `sudoers` with:

Defaults:ALL timestamp_timeout=0

Thus, Every time you use sudo you will have to authenticate again, somewhat more tedious but safer in sensitive or multi-user environments.

The `su` command and the complete switch to another account

The command "su", on the other hand, It doesn't execute a single command, but instead opens a new shell under the identity of another userIf it is invoked "without force":

su

The system assumes you want to switch to root, and therefore It will ask you for the superuser password.If the login is successful, you will see the prompt symbol change to #, and from that moment on, any command you execute will be performed with root privileges until you log out. exit.

You can also specify a specific user:

su nombreusuario

This comes in very handy when you manage services that run with their own accounts (e.g., postgres, www-data, etc.) and you need to operate like them without closing your main sessionAgain, when finished, using exit returns you to the previous user.

On systems where root is locked or has no password (like many Ubuntu installations), you won't be able to switch directly to that account with `su`. In those cases, the usual approach is chain sweat and his, For example:

sudo su o sudo -i

With these commands, you enter your user password (not the root password) and obtain an administrative shell with an environment similar to a direct root login. This is very convenient if you're going to perform several actions in a row, but also more dangerous, so it's advisable to log out of the root session as soon as you're finished.

When does it make sense to use root, sudo, or su?

The theory is fine, but in day-to-day life what matters is which tool to use in each specific situation to work quickly without risking the systemAs a general rule, whenever possible, use sudo for specific commands and avoid persistent root shells; if you want to delve deeper into When and why to avoid sweat, check out that guide.

For example, for install or update software In Debian or Ubuntu-based distributions, the usual practice is:

sudo apt update
sudo apt upgrade
sudo apt install gparted

In these scenarios, logging in as root permanently doesn't add much. You gain some convenience, but you multiply the risks of deleting or modifying something you shouldn't..

You will also use sudo when edit system configuration files, For example:

sudo nano /etc/hosts
sudo nano /etc/ssh/sshd_config

This way, only the editor runs with superuser permissions, and when you close it, you return to your normal privilege level.

In contrast, `su` (or `sudo -i`) can be useful when You're going to chain together many administrative operations Adding `sudo` before each command would be a nuisance. For example, when performing complex maintenance tasks, managing multiple accounts, working with partitions, etc. Even so, it's good practice to limit the time you spend in that mode and exit as soon as you're finished.

A very practical operational detail is that, if you're unsure whether you're root or not, you can run whoami o the -uIf you get "root" or "0", it's time to be extremely cautious before typing anything destructive.

Show asterisks when typing the password with sudo

By default, many distributions (including Ubuntu) They don't display any characters when you type the password into the consoleNo periods or asterisks. This is done to avoid revealing the key length, although in practice many users find it inconvenient because they have no visual confirmation that they are typing.

For some time now, sudo has offered an option called pwfeedback This allows asterisks to be displayed on the screen when the password is entered. Some recent Ubuntu releases have started enabling this, but you can activate it yourself on any system by modifying the sudo configuration:

1. Open the secure configuration editor with:

sudo visudo

2. Inside the file that opens (usually /etc/sudoers), add a line like this:

Defaults pwfeedback

3. Save and close. From that moment on, Each character you type when entering the sudo password will be represented by an asterisk.If later you prefer to return to the classic behavior (without visual echo), simply remove that line and save the file again with Visudo.

This customization does not affect sudo's cryptographic security, but it does It can improve usability for those who prefer to have visual confirmation of what they type.especially on keyboards without backlighting or when typing from remote terminals.

Real risks of using root carelessly

The root account is as powerful as it is dangerous. Linux is designed with layers of protection to make it difficult for a normal user to accidentally break the system, but When you increase privileges, those barriers disappear and any oversight can turn into a disaster..

A first serious risk is the accidental deletion of essential files or directories. Commands like rm -rf / o rm -rf /* They are famous precisely because, if executed as root, they can erase virtually all the contents of the file system in seconds. But it's not necessary to go to that extreme: simply mistype the path or leave a variable empty, for example:

rm -rf $directorio/*

If `$directory` isn't defined as you expected, the command might point to a completely different location than you intended. As root, the system won't give you too much trouble, and once the command is completed, Recovery is usually very difficult or simply impossible. without backups or forensic tools.

Another important danger is execution of malicious software or scripts with full privilegesDownloading an installer from an unknown website and running it with sudo or from a root shell gives that code absolute control: it can install rootkits, backdoors, keyloggers, modify the kernel, or hide deep within the system. Often, by the time the problem is discovered, the attacker has already been inside for some time.

You also have to be careful when modify critical file permissions with chmod or chownAn order like chmod 000 /etc Improper manipulation of /boot, the GRUB bootloader, or /etc/passwd can render the system unable to boot. In such cases, even booting from a LiveCD does not guarantee a straightforward repair; in production environments, professional recovery services may be required.

Finally, from an auditing perspective, logging in directly as root eliminates a lot of traceability. When you use sudo, each command is recorded along with the user who executed it.If everything is done as root without using sudo, the logs will only say that "root did something", but not who was behind the keyboard, which complicates investigations and compliance with security regulations.

Enable, disable, and lock the root account

Depending on your distribution, the root account may be Enabled with a password, locked, or simply without a key assignedIn Ubuntu-like systems, root is usually disabled for direct login, while in other distributions a password is defined during installation.

If the root account is locked on your machine, you can enable it from a user with sudo privileges by running:

sudo passwd root

The system will first ask for your user password, and then for you to enter and confirm the new root password. From that moment on, The account will be activated and you will be able to log in as a superuser in virtual terminals or, in some cases, even in the graphical interfaceAlthough the latter is highly inadvisable.

If you decide you no longer want root access to be available, you can re-lock the account with:

sudo passwd -l root

The -l parameter blocks access by associating an invalid password, so that You cannot log in as root, either with `su` or on the login screen.However, authorized users will still be able to use sudo to administer the system, so you won't be left without ways to perform maintenance tasks.

Some distributions also offer the option to disable and reactivate root with combinations such as sudo passwd -dl root o sudo passwd -u root to unlock it. In any case, The general recommendation is to keep root locked and always work with sudo except in very specific cases, such as rescue or recovery environments for severely damaged systems.

Recover or change the root password

It may happen that whether you've lost your root password, disabled it, or simply need to redefine it on a server whose original configuration is now forgotten. Linux offers several ways to do this, depending on whether the system boots or if you need to use an external device.

If your machine still reaches the GRUB boot manager, a very common option is to take advantage of the recovery modeBy selecting this variant in the advanced menu, the system starts a reduced environment and offers you an option to obtain a console with superuser privileges.

Once inside that shell, the first thing to do is Remount the file system with write permissionssince it is often in read-only mode:

mount -o rw,remount /

Then, you can run the standard command to set a new password:

passwd root

Enter the new key twice, and to ensure the changes are written to disk, use:

sync
reboot

When rebooting, The root account will have the password you just set.so you can use it where necessary (ideally, sparingly and with caution).

If the system doesn't even start, you can resort to a LiveCD or LiveUSB from a Linux distributionFor example, Ubuntu. Boot from that medium, choose the "Try" option without installing, and open a terminal. Typically, you first become root in the live environment with:

sudo su

Next, you need to locate the partition where the system to be repaired is installed, using something like:

fdisk -l

Once you identify the correct device (for example, /dev/sda1), mount it in a working folder:

mkdir /mnt/recover
mount /dev/sda1 /mnt/recover

The next step is to “change the root” of the environment to the mounted partitionso that passwd acts on the installed system and not on the live environment:

chroot /mnt/recover

From there you can run:

passwd root

to set a new password. After exiting the chroot and restarting, The original system will start with the updated superuser credentials.It is a very powerful maneuver for rescuing locked machines, but it also highlights why it is vital to protect physical access and booting from external media on critical servers.

Root access in Ubuntu and security policies

Ubuntu and many of its derivatives (Xubuntu, Kubuntu, Linux Mint, etc.) have built their security model on a very clear idea: root exists, but it is almost always used indirectly through sudoThis has several practical and safety advantages.

In a standard installation, No password is defined for rootThis prevents users from logging in directly with this account on both TTY terminals and the graphical environment. Instead, the first user created during installation is added to the sudo group, and all administrative work is performed by elevating privileges from that account.

This approach reduces the attack surface It protects against brute-force attacks on the root account (for example, via SSH) and minimizes the chances of human error having catastrophic consequences, as it forces the administrator to think every time they use sudo.

In very specific contexts (laboratories, rescue environments, highly isolated machines), it may be justified. assign a password to root with sudo passwd root and allow direct login, but it's best to consider this a temporary measure. Once the problem is resolved, it's better to re-lock the account and continue working with sudo.

Additionally, for tasks that require a persistent root shell, Ubuntu provides commands such as:

sudo -i o sudo su -

that They simulate a full root login, with their own environment and PATHThis is useful for scripts and tools that expect to be in a "pure" root environment to function correctly without needing to enable permanent direct login.

Root access via SSH: enabling, disabling, and securing

On remote servers, the issue of root access becomes even more important. By default, most Ubuntu installations They disable direct root login via SSHThis forces you to log in with a normal user account and then use sudo. It's a crucial security measure to prevent automated attacks.

If, for some very justified reason, you need to enable that access, the basic process involves these steps: first assign a password to root If you don't have it:

sudo passwd root

And then edit the SSH server configuration:

sudo nano /etc/ssh/sshd_config

Within this file, look for the directive PermitRootLoginIf it's commented out or in "prohibit-password", you can change it to:

PermitRootLogin yes

Save the changes and restart the service:

sudo systemctl restart ssh

From there, you can log in directly as root via SSH, something that This poses a considerable vulnerability if used with a password only.The minimum acceptable in this case would be to combine it with public key authentication and, if possible, restrict access by IP or through a bastion or VPN.

To reverse the situation and strengthen security, re-edit / Etc / ssh / sshd_config and configure:

PermitRootLogin no

Or, if you want to subjectively allow only key access:

PermitRootLogin prohibit-password

Again, restart SSH and, if you want to go a step further, also lock the local root account with:

sudo passwd -l root

Thus, All remote administration tasks will have to go through regular users and sudo privileges., being registered and subject to the rules of the sudoers file.

Best practices when using superuser privileges

Mastering root, sudo, and su is not just about memorizing commands, but about adopt habits that minimize risk when working with high privilegesThere are a few sensible practices worth integrating into your daily routine.

The most important thing is to always apply the principle of least privilege: having only the necessary permissions, and only for as long as absolutely necessary. Translated to Linux, this means using `sudo` for isolated commands whenever possible and avoiding staying in a root shell for extended periods unnecessarily.

It is also key Never run scripts or binaries from dubious sources as root.Before running a snippet of code you've copied from the internet, open it with a text editor and check exactly what it does. If you don't understand any part, be suspicious. When it comes to downloaded software, always try to get it from official repositories, project websites, or other reputable sources, and verify the checksums if the developer publishes them.

If you have the possibility, First, test scripts or manuals in an isolated environment (a virtual machine, a Docker container, a test environment) before applying them to a production server or your main machine, and consult Linux software tricksIt can save you a lot of trouble.

On servers with multiple administrators, it's advisable to go a step further and configure sweaters in a granular wayThis allows each person to execute only the commands they actually need. This limits the potential damage of a mistake or a compromised account, and also maintains traceability of who did what at any given time.

By monitoring these aspects and respecting the idea that Root is a tool for specific situations, not a battle-testing user for everyday tasks.You can take full advantage of Linux's flexibility without unnecessarily jeopardizing the stability and security of your system.

The Linux ecosystem relies heavily on the separation between normal user and superuser, and on mechanisms like sudo and su to switch between them only when necessary; understanding how root works, when to use it, how to limit its exposure and how to recover it in case of emergency is a key piece to manage any distribution wisely, whether on your personal laptop or on a critical production server.