topic Re: Definition of root or superuser in Operating System - HP-UX

Definition of root or superuser

hpitrc_1 — Thu, 25 Jan 2007 18:46:23 GMT

I was asked to define root or superuser. I used Google and some other search engine for a definition but would like to ask the forum to help define root or superuser in your own words and provide some examples.

Re: Definition of root or superuser

A. Clay Stephenson — Thu, 25 Jan 2007 19:37:45 GMT

As succinct and accurate as possible: any user whose user id (UID) is zero. In UNIX, the user name (root, admin, ...) means nothing; the UID means everything.

Re: Definition of root or superuser

Prashanth.D.S — Fri, 26 Jan 2007 02:57:59 GMT

Hi,

Root user/Super user in simple words one who has this account access can do any administrative changes without any restrictions, can play around with configuration etc..account one which can boss around the other user accounts.

Best Regards,
Prashanth

Re: Definition of root or superuser

Torsten. — Fri, 26 Jan 2007 09:59:52 GMT

Hi,

start here: http://en.wikipedia.org/wiki/Superuser

Re: Definition of root or superuser

spex — Fri, 26 Jan 2007 10:13:28 GMT

Hello,

"Root" is the traditional name for the UNIX superuser. In UNIX, the uid and gid are what matter; user and group aliases (e.g. "root", "bin", "adm", etc.) are provided as a convenience. By default, "root" appears at the head of /etc/passwd, and has a uid of 0.

In practical terms, "root" has unlimited access to every facet of a system (configuration, files, user database, resources, etc.).

PCS

Re: Definition of root or superuser

f. halili — Fri, 26 Jan 2007 10:35:11 GMT

root - which is also referred to as the root user, the administrative user, the system administrator. The root account and the superuser, is the user name or account that has access to all commands and files on a Unix-like operating system.

For short - root is the System Administrator account.

thanks,
f. halili

Re: Definition of root or superuser

James R. Ferguson — Fri, 26 Jan 2007 10:35:25 GMT

HI:

I'll add to this discussion that it is possible to define multiple account names with a 'uid' (user ID) of zero. When done, each of the accounts is a "root" or "superuser".

While this underscores the fact that the Unix only "cares" about the 'uid' of a process or file when confering privilege and that 'uid=0' denotes ultimate privilege, administrators who define multiple uid=0 accounts are creating extremely insecure, unstable systems!

Imagine that you create a second "root" user named "hpitrc" with a uid=0. Now, sometime later when you, or your replacement, decides that this is a dormant account and any files it has should be removed, you do:

# find / -user hpitrc -exec rm -r {} \+

You just destroyed your system! The *name* "hpitrc" maps to a uid=0 which means that every file and every directory owned by 'root' is removed from the system leaving it wholly unusable.

Regards!

...JRF...

Re: Definition of root or superuser

Steve Lewis — Fri, 26 Jan 2007 11:29:50 GMT

[ Top tip from JRF there, I could quite see that one happening! ]

Added to the above:
A superuser is a way to go underneath HP's RBAC (role based access control) product and still get access to everything. It is still required on the system.

A superuser will still be able to see your database data, even if the files or raw devices are owned by someone else - it overrides file ownerships and can read/write the raw devices directly. Only column/table level encryption can guard against that.

If your database or software package does (madly) list the root account as a defined user to connect with, it is probably stored as the word, not the userid.

All of the stuff about userid of zero is fine and correct, but check for user/administrator written scripts that incorrectly check for the word root, not the userid of 0.

Re: Definition of root or superuser

Sp4admin — Fri, 26 Jan 2007 11:55:50 GMT

Hello,

In simple words ROOT is the the administrator account on the server. It has access to the commands and file on the server.It has unlimited access to every configureation, files, database, all resoures.

It is the Superuser...

sp,