For many who are accustomed to single-user operating systems like Windows 98 or Mac OS 9, the concept of root is an unfamiliar one. This article is intended to help explain what root access is, whether you need it, what you can do with it, and how you can get it.
Of course, as is common with technology terms, there are two very different definitions of root. Here is an explanation for one, just to get it out of the way:
For example, a file in the root directory of a computer running Windows would have a file path such as c:\MyFile.doc. A file in the root directory of a computer running Mac OS 9 would have a file path such as Macintosh HD:My File. A file in the root directory of a computer running a Unix-based operating system (including Mac OS X) would have a file path such as /myfile.txt. Note that, in Unix, the first slash in a file path denotes the root, or highest-level directory on that drive or volume.
As interesting as that is, it doesn't really relate to the discussion at hand. That would be the other meaning of root:
This leads to another important definition:
So, this is all well and good, but it doesn't explain what root access really is. Simply put, it all comes down to log-in permissions. On a Unix system, access and permissions are tied in to a user's log-in, which is made up of a username and a password.
When a user logs on to a computer running one of the various flavors of Unix, he is prompted to enter his username and password. The system then checks its roster of users to determine if the password and username match. If the user logs in with the username root, using the root password, he will be given permission to do lots of things that other users aren't allowed to do.
Here are just a few examples of some operations that may require root access:
Many of these examples are things that users are used to doing in their single-user systems. In fact, many users might feel like they are entitled to do these things. However, with multiple-user Unix-based systems, hardware and software configurations are closely controlled because they affect multiple people. Changes made while logged in as root can create potentially disastrous repercussions that affect all users on the system. As we all learned from the movie “Spiderman,” with much power comes much responsibility. Here's a little comparison that might make this concept a bit more clear.
Consider Harry Homeowner, who
owns a split-level 3 bedroom house on a quarter acre in Outer Suburbia.
Since Harry has the key to the front door, he has access to his entire
house, from crawlspace to kitchen to bedrooms to attic. He — and the
bank — own the whole place, so he can pretty much do as he
please.
If Harry wants, he can install a new turbo-flush toilet or convert his garage into a studio apartment. He can also replace the GFI recepticles in his kitchen and bathrooms with unprotected outlets, or take a sledge hammer to his hot water heater. Not that he should do either of these last two things -- the point is, he could.
Contrast Harry's situation with that
of Albert the Apartment dweller. Albert rents a four-room space (living
room, kitchen, bedroom, bathroom) in a multi-story complex in Inner
Urbania. Albert has access to his own unit, which is protected from
outsiders by a deadbolt and chain lock. In addition, Albert also has
access to common areas such as hallways, laundry facilities, and the mail
box facility.
Neither Albert nor his neighbors has the right to enter anyone else's apartment. Moreover, Albert and his fellow residents are prohibited from entering places such as the boiler room, the broom closet, and the main electrical room. The only person with keys to every door in the complex is the building superintendant (or super), who is has the run of the place. The super controls facility services (such as water and power), authorizes structural changes to the building, and can even enter tenants' apartments if he needs to.
Running a single-user operating system like Windows 98 or Mac OS 9 is a bit like living in a single-family home. Harry's relationship with his house is like a user's relationship with a single-user OS. A Windows user running Windows 98 can monkey around with DLLs, edit his Windows registry, and throw .INI files in the recycle bin to his heart's content. A Mac user running OS 9 can fiddle with extensions, take ResEdit to his System resources, and play a little game called “hide the Finder.”
In other words, a Windows 98 or Mac OS 9 user is totally free to screw up his own system. All of the files that are critical to his computer's health are accessible and vulnerable to tinkering. If he knows what he's doing, this user can fine-tune his computer's performance. If he doesn't know what he's doing, he can easily turn his machine into a really expensive paperweight.
In contrast, Unix systems are designed for multiple users. Like an apartment building, many people can be using the system at the same time. Because of this, only one person -- or a few select people -- are given permission to make changes that affect the whole system. While a tenant can turn off the lights in his living room, a super can shut off power to the entire apartment complex. Of course, there would have to be solid justification to do so. By using root access appropriately, super users can keep their “apartment computers” running smoothly.
If you're new to Unix, chances are pretty good that you have some more questions about wielding the power of root. Hopefully, you'll find the answers to those questions below.
As the title of this article suggests, with root access, if you don't know whether you've got it, you probably don't. However, it is possible to be logged in as root without knowing it. There are three different ways to find out whether you are root. The easiest is to look at your command prompt. Generally, your prompt contains your current username. So if you're logged in as root, you might see something like this:
In this example, we're logged in as root, working in the root directory of the system (as indicated by the “/” in the prompt).
If that seems too simple, there are some special commands that will tell you if you're root. At the preceding command prompt, you could enter:
Note that the system returned root, which is your current username. If you weren't logged in as root, the system would have returned your normal user id.
Another way to find out is to type the following:
The system will return your user id, your group id, and a list of all groups you belong to. If you're logged in as root, your user ID will be 0. (There are some exceptions to this, but this will apply to most cases.)
If you're working on a multi-user system, and want to get root access, you'll need to talk to the system administrator. If he's like most admins, he'll require you to have some really good reasons for wanting to have root access. If you can't justify it, chances are he won't allow it. If your reasons are good, if you pay suitable homage in the form of chocolate, caffeinated drinks, and large bags of Cheetos, and if the planets line up just right, you may be given the root password.
On the other hand, if you're working on a Unix machine that you own and control, you should already have root access. If you know you should have root access, but can't remember the password, you may be in trouble. See the last question below for more information about this unfortunate situation.
Once you have the root password, you need to log in to get root access. This part is pretty easy. If you're logging in at the start of a session, do the following:
If the password is correct, the system should let you in with Godlike privileges.
The second login scenario occurs when you're already logged in with your regular username and password, and want to shift into root. When this happens, type the following at the command prompt:
You might think this stands for “super user,” but you would be wrong. The command is “switch user,” and can be used to log in to the system as anyone else, providing you know the correct passwords. For example, if you wanted to log in as your buddy Mike, you could su mike, enter Mike's password, and do all sorts of things under his login. You could play a joke and use the passwd command to change Mike's password. Not that you should do this, but it would be kind of funny. (Note: Mike might not agree with the previous statement.)
When you use the su command without specifying a username, the system assumes you want to switch to root, and asks for the root password. Once you enter the correct password, you're logged in as root.The interesting thing about using su is that it gives you root privileges with your own personal environment variables. This means you'll probably get a prompt that looks something like this:
If you check out your path, for example, you'll see that it hasn't changed. Here's what you might see:
Password:
[root@machinename /root]$ echo $PATH
/usr/local/sbin:/usr/sbin:/sbin:/bin:
/usr/bin:/usr/local/bin:/usr/local/sbin:
/usr/bin/X11:/usr/X11R6/bin:/root/bin
[root@machinename /root]
Note that your $PATH variable is considerably more complex, giving you much more direct access to the various commands, scripts and programs on your machine. When you're done “rooting around,” here's how you go back to your initial login:
Hit ENTER and you should be back to your plain old regular non-super self.
If you're logging into your system remotely, and want to log in as root, it's a good idea to first use your garden-variety login, then use su - to shift to root once you're in. Doing this, instead of just jumping in as root from the get-go, can reduce the risk of being hacked.
One of the most important things to know about root access is that it is rarely a good idea to stay logged in as root for very long. When you're logged in as root, you're putting your system at risk. There is no “undo” command in Unix, so any file that you delete is immediately gone forever. Even so, it is often necessary to perform actions that require the permissions associated with root.
In situations like this, it is a simple matter to “log in” as root for a single command. This is done with the great little sudo utility. Short for “super user do,” sudo takes the command that follows as if it were executed by someone who was logged in as a super user. For example if you try to edit a file that is owned by root, you might experience the following access trauma:
Only someone who is logged in as root can edit a file owned by root. At this point, you could su and become root, but that would eventually require you to return to your normal login. Instead, you could do the following:
When you do this, your Unix system will ask you for your password. Key it in and hit ENTER. If the administrator has cleared you for this type of sudo access, the system will open the file for editing. Note that, after you close your text editor, you're back to using your standard login without the need for an exit command. Though sudo has become a standard add-on in Linux systems, it is not part of the default toolset. You can download sudo at < http://www.sudo.ws/sudo/ >. A similar utility, called super, can be found at < ftp://ftp.ucolick.org:/pub/users/will/super-3.14.0.tar.gz >.
Root is a “special occasion” thing. Sure -- you could run your system while logged in as root. It might make you feel like a really important guy. But you'd be foolish to do so.
First of all, when you're logged in as root, you're working with “phenomenal cosmic powers.” If you never ever ever make a mistake, by all means, root yourself. But as we said before, if you screw up, there's no “undo.” Making a typo while running as root could conceivably bring down your entire system. Permanently. It's just Not a Good Thing to Do.
You might also think of the su - and root commands as “opening a door” in your system. In your “apartment building,” you might leave the utility room door open for a few minutes while you carry in equipment or perform maintenance. But if you're managing a secure facility in a city of several million people (and if you're running a Unix-based system that's connected to the Internet, this is you), you're not going to want to leave that door open for very long.
Another reason you don't want to leave the door open -- you'll let the bugs in. When you're logged in as root, your system is more vulnerable to virii and such. The best way to prevent this is to close the door when you don't need it open. (Heaven knows, enough bugs are already coming in through the Windows, if you catch my drift.)
You're hosed.
Well, no, not really. But to be honest, you should be hosed. Your root password is the master key to your apartment-style computer; forgetting your root password is almost as bad as displaying it on a sticky note on your monitor. It's a big no-no.
Forgotten root passwords can never really be recovered. They can, however, be replaced. Since you probably have a really good excuse for forgetting your password -- something on par with amnesia or a brain tumor -- we'll give you some hints on how to save your bacon. Note that none of this can be done remotely -- they all require direct physical access to the machine in question. Also, please make sure that you only use these techniques on computers that you have been authorized to modify. If you use the information below to bypass security on a computer you're not supposed to be messing with, you're probably committing a felony. If you have a computer
Linux OS
If you're using LILO as your boot manager:
If you're using GRUB as your boot manager:
Mac OS X
If none of these techniques works for you, find a Unix guru and grovel. Make sure not to forget the three most important things about getting things done in this type of Unix environment: chocolate, caffeinated beverages, and Cheetos.
When you're choosing your root password, make sure to choose something that you can easily remember, but that others won't be able to guess. Password is probably not a good root password. Neither is your name, your birthdate, your social security number, or anything similar. And for pete's goodness, please don't write the password on a piece of paper and tape it to your monitor. This is roughly equivalent to leaving the master key on top of the mat, instead of under it.
This article is by no means a conclusive look at root access on Unix-based computer systems, but it should be enough to get you started. For more information on root and Unix system administration, check out the following websites:
You might also want to consult these books:
If you have additional questions about your Unix system, or if you need specialized systems management services, please don't hesitate to contact Iodynamics at info@iodynamics.com.
Special thanks to everyone who provided much-needed feedback to make this article better. These include Cody Batt and Miles Johnson and Slashdot users teridon, DeadSea, aridhol, akamoe, and Joel. Extra special thanks to Doran Barton, without whom I would know even less about Linux.
David Baker serves as director of communications for Iodynamics. A former composition instructor and professional tuba player, he holds an MA in Linguistics and a BA in English. Baker has also spent 8 years in the field of interface design and multimedia development. Since he is Iodynamics' primary purveyor of artsy-fartsy, touchy-feely stuff, Baker is a born-again Mac user and an eager Linux convert. He can be reached via e-mail at < davidb@iodynamics.com>.