The Superuser (root)
Almost every Unix system comes with a special user in the /etc/passwd file with a UID of 0. This user is known as the superuser and is normally given the username root. The password for the root account is usually called simply the "root password.”
The root account is the identity used by the operating system itself to accomplish its basic functions, such as logging users in and out of the system, recording accounting information, and managing input/output devices. For this reason, the superuser exerts nearly complete control over the operating system: nearly all security restrictions are bypassed for any program that is run by the root user, and most of the checks and warnings are turned off.[54]
What the Superuser Can Do
Any process that has an effective UID of 0 (see Section 5.3.1 later in this chapter) runs as the superuser—that is, any process with a UID of 0 runs without security checks and is allowed to do almost anything. Normal security checks and constraints are ignored for the superuser, although most systems do audit and log some of the superuser’s actions.
Some of the things that the superuser can do include:
- Process control
Change the nice value of any process (see Section B.1.3.3).
Send any signal to any process (see Signals).
Alter “hard limits” for maximum CPU time as well as maximum file, data segment, stack segment, and core file sizes (see Chapter 23).
Turn accounting and auditing on and off (see Chapter 21).
Bypass login restrictions prior to ...
Get Practical UNIX and Internet Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.