The Super Special root User

Ted LeRoy
A free video tutorial from Ted LeRoy
Enterprise Security Architect - Online Instructor
4.6 instructor rating • 3 courses • 6,940 students

Lecture description

Ubuntu Server - The Super Special root User

In this lesson, we’ll look at what the root user is, why the root user is so special, and how to work with root permissions.

The root user

All Linux systems, and for that matter, Unix, and BSD systems, have a root user. The root has god-like power over your system. It can do ANYTHING!

If you’re doing good things, and not making any mistakes, that’s fine.

If, however, you make a critical error when you’re working as root, the consequences can be devastating to your server.

We’ll look at a simple command to illustrate the potential problems that can ensue if you make a mistake as root.

The rm command removes a file, or set of files, or set of files, and directories you specify.

rm removes files. With the -r option, it will remove the present directory and all sub-directories. With the -f option, it will force the deletion, even if it would otherwise have resulted in an error.

If you wanted to remove something from your home directory, and you were logged in as a regular user, you could have a situation like the following:

rm -rf /home/theo/somefile

due to a typo becomes

rm -rf / home/theo/somefile

You were in a hurry, and you somehow added a space after the / or root directory.

The shell understands rm -rf but it then sees / which it also understands and home/theo/somefile, which it sees as an argument it can’t interpret.

bash does exactly what it’s supposed to do, and starts deleting everything it can from /.

Since my privileges aren’t elevated, it will only be able to delete files I have the access to remove.

Not pleasant, but not catastrophic for the system as a whole.

What do you think happens if this is done as root?

Please watch the lesson to see.

The moral of the story is to make sure you work as a non-root user unless you have to elevate your privileges for some reason.

When you do have to, use the sudo command if it will get the job done.

Only on rare occaisions work as root, and do it by typing sudo su -, not by enabling login for the root account.

Also, be sure any critical systems are backed up!

Learn more from the full course

Ubuntu Linux Fundamentals Linux Server Administration Basics

Updated for Ubuntu 20.04 - The Latest! Gain essential skills with Linux Server in this 11 hour Beginner's course.

11:18:00 of on-demand video • Updated March 2021

  • You will learn what Linux is
  • Installing Linux
  • Working at the command line and why the Command Line Interface is so simple yet powerful
  • Configuring and securing remote access with SSH
  • Securing your server, ufw, apt update and upgrade
  • Stopping bad guys with Fail2ban
  • Installing and securing nginx web server
  • Managing users and groups
  • How to use the Linux file system
English [Auto] In this lesson we'll look at what the route user is why the route user is so special and how to work with route permissions all Linux systems and for that matter Unix and BSD systems have a route user the route user has godlike power over your system. It can do anything. If you're doing good things and not making any mistake any mistakes that's fine. If however you make a critical area when you're working as root the consequences can be devastating for your server. We'll look at a simple command to illustrate the potential problems that can ensue if you make a mistake as root the R N command removes a file or a set of files or a set of files and directories that you specify so you can see there's a force option. This will override things that would normally result in an error or a prompt in the minus r option does a recursive deletion meaning anything in the directory you're in and below will be deleted so let's say you're running as a normal user not as root and you have a typo in a command. So you type are m minus r f and then you have the forward slash which is the root directory and you're in a hurry and you mean to remove something from your own home directory you need to remove something from your own home directory but you accidentally have a space after the slash our M is gonna see this as an argument that doesn't make sense but it's going to understand remove our f root. So let's see what happens here OK. It gives us a warning. Our m it is dangerous to operate recursively en route use no preserve route to override this fail safe so that's nice. Ubuntu built in a nice warning for us but that is not in a lot of other systems so let's try with no preserve route and it's deleting things but you see it says cannot remove for a lot of things. Those are things that I didn't have permission to remove so let's stop this. Oh there it goes it's it's already stopped. Let's see if my home directory still exists yeah. So it's broken so as user Theo I'm kind of stuck here. Let me see if my pseudo permissions still work Oh it's good. OK. Least pseudo permission still work. But a whole bunch of stuff couldn't be deleted couldn't be deleted because I was running as feel not as root. Now let's see what happens if I do the same thing as root so we'll type. Well we'll see first get back in our home directory then we'll do the same thing but we'll preface that with Sudo which will make it run as root what do you think's gonna happen. Oh yes. So some big problems there. We can write any commands or anything. This is this is borked it's broke. So this operating system is basically toast because we ran it his route. I was wondering when it was my health is can't removes if I wasn't working I thought it might have to run as full root. But yeah it's broke. So if you did not have a backup of this server at this time and you'd made that mistake you would have to rebuild you. You'd be in trouble. Mm hmm. So that's why Ubuntu is so cautious and protective about the root user so thankfully this wasn't a real computer here. This was this wasn't a working virtual machine here this was one a clone of the virtual machine I want to use so I anticipated doing this and I made an extra copy I don't you know should work. Yeah. No. Can you set it down. So this this thing is completely broken. You'll see jokes in some forums when somebody asks a question as a new person saying how do I do this when when it's obvious that they haven't looked themselves at all for help or the man pages or even just a quick google search and somebody jokingly say just type our m minus our f en route. And this is what would happen if they actually follow those instructions. And of course putting the override warning but similarly problems could happen if if you're even down a few directories and you have some typo in there that you don't notice. And that's again with just one command with R.M.. But yeah this this way have to be very careful with brute I think I can actually hear oh let me exit. OK so let's trash that virtual machine cause it is broken no power off except a warning and power half and then just delete that bad boy because it's gone too you know. Files and then get back on my real route to serve her here. You notice when you type passwords in Linux you often won't see any characters no stars or asterisks or dots so that's OK. It is actually taking your password it's just not showing anything on the screen to protect you. OK so now we'll look at how root is handled. And I'm going do so for a boon to the root user doesn't even. Can't even log in. There's no password assigned to it. You could change that behavior but I recommend against it unless you really really need to for some reason. Chances are good that you don't need to even if you think you do so Google ask questions and in the Ubuntu forums if you think you need to use root or search them and pages so someone tell you to do a R and minus RF on your root directory and just try to find a way around having to do something as root if you do need to work as root. You could still do that without setting the root password and you might have seen the way I did that. You go pseudo rescue you dash I'll ask you for your password you put that in hopefully type it right. And your route. So you don't have to log in as root to become route to do some work some things are some some simple things are painted about or impossible to do as using pseudo. So let's type see we are in the slash root folder all the other users home directories are in the slash home directory but roots is in its own directory. Now if I get out of here and I want to do sudo pseudo the root cause we make it a tell me the command isn't found so even a simple thing like changing directory might not work when you're using sudo many things will so I always try first but sometimes you might have to change to the root user so most of the time 9 percent of the time what you wanna do is work as your own user level at your own user level and use the pseudo command to run things as root use. Great caution when you're working as root as you just saw can lead to some serious problems. Also make sure you backup your stuff. So even if you do make a mistake like that at least you can recover so just use sudo. Try not to work as root unless you absolutely have to and be very very cautious. Many sysadmins I know double check commands whenever they're running his route just to make sure they don't have a typo and it's going to work as they expect.