Root and Ordinary Users

Although users are the subject of another chapter, allow us to introduce the distinction between the root user account and ordinary users, because this distinction is the foundation on which much of the security model is based. For a more in-depth discussion on the matter. Linux makes use of something called the root user account. This is sometimes referred to as the superuser account, and that gives you an idea of its purpose in life: the root user has unrestricted access to all aspects of the system. The root user can delete, modify, or view any file, as well as alter hardware settings. Because everything on a Linux system is a file, this gives the root user immense power.

Linux systems also have ordinary user accounts, which are limited in what they can do. Such users are limited to saving files in their own directory within the /home directory and also the /tmp and /var/tmp directories, (although the system is usually configured so that an ordinary user can read files outside the /home directory too). But an ordinary Ubuntu user cannot delete or modify files outside of their /home directory unless explicitly given this permission by the root user.

The user account you created during the installation of Ubuntu is a limited account, but on some Linux systems, it’s possible to type root at the login prompt and, after providing the correct password, actually log in as root and perform system maintenance tasks. Ubuntu is slightly different in that the root account is disabled by default, and users are instead able to borrow superuser powers whenever they’re required, in a similar way to Mac OS X. For this to happen, they simply need to provide their own login password. With desktop programs, a password prompt dialog box appears automatically. Although the root account is disabled, most key operating system files “belong” to the root user, which is to say that only someone with superuser powers can alter them. Ordinary users are simply unable to modify or delete these system files. This is a powerful method of protecting the OS configuration from accidental or even deliberate damage.