The "root" user account on Linux has full administrative privileges over the entire system. If you want to edit system configuration files, install software, add users, or virtually anything else outside of your home directory, you'll need root access. For most tasks, you won't need to log or switch to the root user account—you can run your administrative tasks with the sudo command to run them as root. This prevents you from doing damage while logged in with full superuser permissions. If you're using Ubuntu, the root account is locked by default to prevent this from happening. But if you need to keep root access while doing a large amount of system tasks, you can enable the root user and become root with the su command, or by signing in as root on console. This minHour teaches you how to enable the Linux root user and gain root access.
Unlocking the Root Account
Open the terminal.
Ubuntu and several other distributers lock the root account automatically to prevent you from using commands that can damage your system. You can unlock the root account in the terminal. If you’re in the desktop environment, you can press ‘ to start the terminal.
Type .
sudo passwd root ↵ Enter When prompted for a password, enter your user password.
Set a new password.
You’ll be prompted to create a new password and enter it twice. Once a password has been set, the root account will be active.
Lock the root account again.
If you want to lock the root account, enter the following command to remove the password and lock root:
- sudo passwd -dl root
Gaining Root Access in the Terminal
Open the terminal.
If the terminal is not already open, open it. Many distributions allow you to open it by pressing .
Type .
su – ↵ Enter This will attempt to log you in as “super user.” You can actually use this command to log in as any user on the machine, but when left blank it will attempt to log in as root.
Enter the root password when prompted.
After typing “su -” and pressing . You’ll be prompted for the root password.
- If you get an “authentication error” message, your root account is likely locked. You will need to unlock the root account.
Check the command prompt.
When you are logged in as root, the command prompt will end with # instead of $ (if you’re using the bash, bourne, or korn shell) or % (if you’re using csh, tcsh, or zsh).
Enter the commands that require root access.
Once you’ve used su – to log in as root, you can run any commands that require root access. The su command is preserved until the end of the session, so you don’t need to keep re-entering the root password every time you need to run a command.
Consider using .
sudo su – sudo (“super user do”) is a command that lets you run other commands as root temporarily. This is the best way for most users to run root commands, as the root environment is not maintained, and the user doesn’t need to know the root password. Instead, the user will enter their own user password for temporary root access.
- Type sudo command and press (e.g. sudo ifconfig). When prompted for the password, enter your user password, not the root password.
- sudo is the preferred method for distributions like Ubuntu, where it will work even when the root account is locked.
- This command is limited to users with administrator privileges. Users can be added or removed from /etc/sudoers.
Allowing Root Login (Ubuntu)
Open the terminal.
Ubuntu and several other distributers lock the root account automatically to prevent you from using commands that can damage your system. You can unlock the root account in the terminal. If you’re in the desktop environment, you can press ‘ to start the terminal.
Type sudo nano /etc/gdm3/custom.conf and press ↵ Enter.
This command allows you to edit the “custom.conf” file so that you can log in as the root account in the login page when you start your computer.
Enter your user password and press ↵ Enter.
Before you can edit the “custom.conf” file, Ubuntu asks you to enter your user password. Enter your password and press .
Add AllowRoot=True to the file.
Go to the bottom of the file. Add “AllowRoot=True” below “TimedLoginDelay = 10.” Add a few spaces so that the “A” in “AllowRoot” goes right below the “T” in “TimedLoginDelay”.
Press Ctrl+X.
This displays a prompt that asks if you want to save the file.
Press Y followed by ↵ Enter.
This saves the “Custom.conf” file. You should return to the normal Terminal prompt.
Type sudo nano /etc/pam.d/gdm-password and press ↵ Enter.
This is the command to edit the password authentication manager file.
Enter your password and press ↵ Enter.
Before you can edit the file, you are required to enter your user password. Enter your password and press to continue.
Place a # on the third line.
The third line says “auth required pam_succeed_if.so user != root quiet_success.” Simply place a hashtag (#) at the beginning of this line. The entire line should turn blue. This enables root log in using the root password.
Press Ctrl+X.
This displays a prompt that asks if you want to save the file.
Press Y followed by ↵ Enter.
This saves the “custom.conf” file. You should return to the normal Terminal prompt.
Logging as Root
Consider using other methods for gaining temporary root access.
Logging in as root is not recommended for regular use, as it is very easy to perform commands that will render your system inoperable, and it also poses a security risk, especially if you are running an SSH server on your machine. Only log in as root when performing emergency repairs, such as dealing with disk failures or restoring locked accounts.
- Using sudo or su instead of logging in as root will help prevent unintended damage while logged in as root. Using these commands gives the user a chance to think about the command before severe damage is done.
- Some distributions, such as Ubuntu, leave the root account locked until you manually unlock it. Not only does this prevent users from unknowingly doing too much damage using the root account. It also secures the system from potential hackers, as the root account is typically targeted first. With a locked root account, hackers aren’t able to gain access to it. You will need to unlock the root account and allow root login before logging in to the root account.
Enter .
root If the root account is unlocked and you know the password, you can log in as root when you’re prompted to log in with a user account. Enter “root” as the user when prompted to log in.
- If “root” is not listed as one of the log in accounts, click Not listed? and type “root” as the username.
- If you need root access to perform a command, use the method in the previous section.
Enter the root password as the user password.
After entering root as the username, enter the root password when prompted.
- In many cases, the root password may be “password.”
- If you don’t know the root password, or have forgotten it, see the next section for instructions on resetting it.
- In Ubuntu, the root account is locked and cannot be used until it has been unlocked.
Avoid running complex programs while logged in as root.
There’s a chance that the program you intend to run will have a negative effect on your system when it has root access. It’s highly recommended that you use sudo or su to run programs instead of logging in as root.
Resetting the Root or Admin Password
Reset the root password if it has been forgotten.
If you’ve forgotten the root password and your user password, you’ll need to boot into recovery mode in order to change them. If you know your user password and need to change the root password, just type sudo passwd root, enter your user password, then create a new root password.
Reboot your computer and hold left-.
⇧ Shift This will open the GRUB menu.
- The timing on this can be tricky, so you may have to try multiple times.
Select the first .
(recovery mode) This will load recovery mode for your current distribution.
Select the .
root This will start the terminal with you logged in as the root account.
Remount the drive with write permissions.
When you boot into recovery mode, you will typically only have read permissions. Enter the following command to enable write access:
- mount -rw -o remount /
Create a new password for any accounts you’re locked out of.
Once you’re logged in as root and have changed the access permissions, you can create a new password for any account:
- Type passwd accountName and press . If you need to change the root password, type passwd root.
- Enter the new password twice when prompted.
Reboot your computer after resetting passwords.
Once you’re finished resetting passwords, you can reboot and use your computer as normal. Your new passwords will take effect immediately.
Warnings
- Only use the root account when you have to, and log out as soon as you are done.
- Only share your root password with people who are A) trusted, and B) need to know it.