The root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user, and the superuser.
READ ME FIRST
Below is an explanation of the root user which can be enabled on your DV, DV Developer, or Dedicated Server. We strongly encourage you to have a complete understanding of this article. Additionally, it is important for you to understand our role as a hosting provider once you have root access. We highly suggest reading supplemental materials when considering the administration of your server.
(mt) Media Temple cannot be responsible for any vulnerabilities, misconfigurations, or failed installations/upgrades on your server. Please consult our Scope of Support Statement before administrating your server as root.
Privileges and permissions
Root privileges are the powers that the root account has on the system. The root account is the most privileged on the system and has absolute power over it (i.e., complete access to all files and commands). Among root's powers are the ability to modify the system in any way desired and to grant and revoke access permissions (i.e., the ability to read, modify and execute specific files and directories) for other users, including any of those that are by default reserved for root.
The permissions system in Unix-like operating systems is set by default to prevent access by ordinary users to critical parts of the system and to files and directories belonging to other users. This is because it is very easy to damage a Unix-like system with root access. However, an important principle of Unix-like operating systems is the provision of maximum flexibility to configure the system, and thus the root user is fully empowered.
Use with caution
Unix-like systems assume that the system administrator knows exactly what he or she is doing and that only such individual(s) will be using the root account. Thus, there is virtually no safety net for the root user in the event of a careless error, such as damaging or deleting a critical system file (which could make the entire system inoperable). For this reason, we would strongly encourage you to make backups of any files/directories you are working with. You might also want to consider our Snapshot Backup add-on detailed here: DV Backup Options.
Adding to the danger of routinely using the system as root is the fact that all processes (i.e., instances of programs in execution) started by the root user have root privileges. Because even the most widely used and well-tested application programs contain numerous programming errors (due to the huge amount of code required and its great complexity), a skilled attacker can often find and exploit such an error to obtain control of a system when a program is run with root privileges rather than using an ordinary user account, with its very limited privileges.
A critical means for preventing users from directly damaging Unix-like systems or increasing the vulnerability of such systems to damage by others is the avoidance of using the root account except when absolutely necessary, even by knowledgeable and experienced system administrators. That is, rather than routinely logging into the system as root, administrators should log in with their admin account and then use the su command. This will provide you with root privileges only as needed and without requiring a new login.
Example: To list the contents of a directory owned by root you would type:
su root ls /root
You will be prompted for your root password. The account of the admin user can be returned to by typing exit.
Disable SSH login for root
If you would like to secure and interact with your system in this manner, we suggest following our article to disable direct root logins. The security associated with using su can be increased by using its -c option, which terminates it and causes an immediate return to the former user account after the current command has completed execution or after any program that it has launched has been closed.
When to use root
Tasks that require root privileges include moving files or directories into or out of system directories (i.e., directories that are critical to the functioning of the operating system), copying files into system directories, granting or revoking user privileges, some system repairs, and the installation of some application programs. By default, it is not necessary to be root to be able to read most configuration files and documentation files in system directories, although it is necessary to be root to modify them.
Root privileges are usually required for installing software in RPM (Red Hat Package Manager) package format because of the need to write to system directories. If an application program is being compiled (i.e., converted into runnable form) from source code (i.e., its original, human-readable form), however, it can usually be configured to install and run from a user's home directory. Root privileges are not needed by an ordinary user to compile and install software in its home directory. Compiling software as root should be avoided for security reasons.