Superuser (root) Account

Superuser (root) Account

Most system administration is performed while the system administrator is logged in as root (the superuser). This account is different from an ordinary user account because root has access to all system files and is not constrained by the usual system of permissions that controls access to files, directories, and programs. The root account exists so that the administrator can perform all necessary tasks on the system while maintaining the privacy of user files and the sanctity of system files. Other operating systems that do not differentiate between users have little or no means of providing for the privacy of users' files or for keeping system files uncorrupted. UNIX-based systems place the power to override system permissions and to change system files only with the root account.

All administrators at your site should have regular user accounts for their ordinary user tasks. The root account should be used only for necessary system administration tasks.

Access to the root Account

To obtain the best security on a multiuser system, access to the root account should be restricted. On workstations, the primary user of the workstation can generally use the root account safely, though most users should not have access to the root account on other user's workstations.

Make it a policy to give root passwords to as few people as is practical. Some sites maintain locked file cabinets of root passwords so that the passwords are not widely distributed, but are available in an emergency.