341:). In Windows XP and earlier systems, there is a built-in administrator account that remains hidden when a user administrator-equivalent account exists. This built-in administrator account is created with a blank password. This poses security risks as local users would be able to access the computer via the built-in administrator account if the password is left blank, so the account is disabled by default in Windows Vista and later systems due to the introduction of User Account Control (UAC). Remote users are unable to access the built-in administrator account.
349:
accounts in
Windows systems without UAC do not insulate the system from most of the pitfalls of full root access. One of these pitfalls includes decreased resilience to malware infections. To avoid this and maintain optimal system security on pre-UAC Windows systems, it is recommended to simply authenticate when necessary from a standard user account, either via a password set to the built-in administrator account, or another administrator account.
353:
password of an administrator in standard user accounts. In
Windows XP (and earlier systems) administrator accounts, authentication is not required to run a process with elevated privileges. This poses a security risk that led to the development of UAC. Users can set a process to run with elevated privileges from standard accounts by setting the process to "run as administrator" or using the
357:
command and authenticating the prompt with credentials (username and password) of an administrator account. Much of the benefit of authenticating from a standard account is negated if the administrator account's credentials being used has a blank password (as in the built-in administrator account in
352:
In
Windows Vista/7/8/10/11 administrator accounts, a prompt will appear to authenticate running a process with elevated privileges. Usually, no user credentials are required to authenticate the UAC prompt in administrator accounts but authenticating the UAC prompt requires entering the username and
348:
root account – Administrator, the built-in administrator account, and a user administrator account have the same level of privileges. The default user account created in
Windows systems is an administrator account. Unlike macOS, Linux, and Windows Vista/7/8/10 administrator accounts, administrator
176:, runs with root privileges. It spawns all other processes directly or indirectly, which inherit their parents' privileges. Only a process running as root is allowed to change its user ID to that of another user; once it has done so, there is no way back. Doing so is sometimes called
657:
635:
82:
recommends that most users and applications run under an ordinary account to perform their work, as a superuser account is capable of making unrestricted, potentially adverse, system-wide changes.
784:
665:
730:
401:
did allow multiple accounts, this was only so that each could have its own preferences profile – all users still had full administrative control over the machine.
102:
is the conventional name of the user who has all rights or permissions (to all files and programs) in all modes (single- or multi-user). Alternative names include
691:
525:
627:
571:
337:), there must be at least one administrator account (Windows XP and earlier) or one able to elevate privileges to superuser (Windows Vista/7/8/10/11 via
482:
780:
892:
843:
814:
724:
393:
On many older OSes on computers intended for personal and home use, anyone using the system had full privileges. Many such systems, such as
867:
912:
70:. In some cases, the actual name of the account is not the determining factor; on Unix-like systems, for example, the user with a
128:
of 0. The root user can do many things an ordinary user cannot, such as changing the ownership of files and binding to network
201:
in entering commands can cause major damage to the system. Instead, a normal user account should be used, and then either the
907:
115:
506:
756:
152:
605:
180:
and is often done as a security measure to limit the damage from possible contamination of the process. Another case is
79:
358:
Windows XP and earlier systems), hence why it is recommended to set a password for the built-in administrator account.
286:
273:– but this is configured to ask them for their password before doing administrative actions. In some cases the actual
687:
78:
model, any user with the role of superuser (or its synonyms) can carry out all actions of the superuser account. The
124:("root" written backward) account in addition to a root account. Regardless of the name, the superuser always has a
282:
522:
264:
567:
546:
474:
74:(UID) of zero is the superuser, regardless of the name of that account; and in systems which implement a
290:
277:
account is disabled by default, so it can't be directly used. In mobile platform-oriented OSs such as
835:
440:
435:
338:
51:
810:
425:
314:
75:
415:
864:
720:
455:
420:
714:
129:
871:
529:
510:
71:
374:
285:, superuser access is inaccessible by design, but generally the security system can be
203:
187:
148:
144:
32:
901:
318:
163:
306:
221:
method requires that the user be set up with the power to run "as root" within the
54:. Depending on the operating system (OS), the actual name of this account might be
503:
249:
119:
766:
252:
of who has used the command and what administrative operations they performed.
430:
410:
398:
362:
334:
330:
310:
302:
267:), automatically give the initial user created the ability to run as root via
39:
597:
397:, did not have the concept of multiple accounts, and although others such as
762:
326:
322:
278:
186:
and other programs that ask users for credentials and in case of successful
167:
91:
752:
17:
147:
of a Unix system. This directory was originally considered to be root's
445:
125:
260:
256:
182:
95:
886:
542:
450:
345:
344:
A Windows administrator account is not an exact analogue of the
269:
217:
approach requires the user to know the root password, while the
209:
198:
172:
107:
365:, 2000 and higher, the root user is the Administrator account.
248:
approach is now generally preferred – for example it leaves an
394:
190:
allow them to run programs with privileges of their accounts.
865:"Supervisor (Bindery) User Created on Every NetWare 4 Server"
543:"What is root? - definition by The Linux Information Project"
568:"/root : Home directory for the root user (optional)"
385:
In OpenVMS, "SYSTEM" is the superuser account for the OS.
225:
file, typically indirectly by being made a member of the
377:, the superuser was called "supervisor", later "admin".
811:"Enable and Disable the Built-in Administrator Account"
143:
is the only user account with permission to modify the
197:
is never used as a normal user account, since simple
27:
Special user account used for system administration
716:Host Integrity Monitoring Using Osiris and Samhain
289:in order to obtain it. In a few systems, such as
805:
803:
801:
8:
305:and later systems derived from it (such as
889:– by The Linux Information Project (LINFO)
592:
590:
588:
213:(substitute user do) command is used. The
466:
155:now recommends that root's home be at
7:
893:An Introduction to Mac OS X Security
694:from the original on 5 November 2016
608:from the original on 5 November 2011
485:from the original on 22 August 2015
50:is a special user account used for
846:from the original on 13 March 2016
523:"What is this UID 0 toor account?"
25:
755:; Presotto, Dave; Quinlan, Sean,
638:from the original on 5 June 2015
293:, there is no superuser at all.
817:from the original on 2013-11-27
813:. microsoft.com. 25 July 2008.
787:from the original on 2012-07-11
733:from the original on 2024-05-24
574:from the original on 2005-05-25
549:from the original on 2021-05-08
504:The Jargon File (version 4.4.7)
658:"2.3. Configuring sudo Access"
628:"4.4. Administrative Controls"
1:
244:For a number of reasons, the
193:It is often recommended that
153:Filesystem Hierarchy Standard
263:distributions (most notably
139:may have originated because
80:principle of least privilege
929:
31:For the Q&A site, see
29:
913:Operating system security
874:, 01 Feb 1996, novell.com
836:"The LocalSystem Account"
751:Cox, Russ; Grosse, Eric;
719:. Elsevier. p. 32.
178:dropping root privileges
114:on some Unix variants.
38:Not to be confused with
781:"Microsoft Corporation"
688:"difference adm - root"
170:system, usually called
94:computer OSes (such as
713:Brian Wotring (2005).
389:Older personal systems
908:System administration
207:(substitute user) or
132:numbered below 1024.
52:system administration
441:Rooting (Android OS)
436:Privilege escalation
339:User Account Control
199:typographical errors
315:Windows Server 2003
255:Some OSes, such as
76:role-based security
870:2017-11-07 at the
758:Security in Plan 9
528:2020-12-22 at the
509:2021-04-18 at the
416:Jailbreaking (iOS)
162:The first process
86:Unix and Unix-like
46:In computing, the
783:. Microsoft.com.
726:978-0-08-048894-3
456:Wheel (computing)
421:nobody (username)
297:Microsoft Windows
118:often provides a
16:(Redirected from
920:
875:
862:
856:
855:
853:
851:
832:
826:
825:
823:
822:
807:
796:
795:
793:
792:
777:
771:
770:
765:, archived from
748:
742:
741:
739:
738:
710:
704:
703:
701:
699:
684:
678:
677:
675:
673:
664:. Archived from
654:
648:
647:
645:
643:
624:
618:
617:
615:
613:
594:
583:
582:
580:
579:
564:
558:
557:
555:
554:
539:
533:
520:
514:
501:
495:
494:
492:
490:
471:
356:
272:
247:
224:
220:
216:
212:
206:
185:
175:
158:
43:
36:
21:
928:
927:
923:
922:
921:
919:
918:
917:
898:
897:
887:root Definition
883:
878:
872:Wayback Machine
863:
859:
849:
847:
834:
833:
829:
820:
818:
809:
808:
799:
790:
788:
779:
778:
774:
769:on 11 July 2018
750:
749:
745:
736:
734:
727:
712:
711:
707:
697:
695:
686:
685:
681:
671:
669:
656:
655:
651:
641:
639:
626:
625:
621:
611:
609:
596:
595:
586:
577:
575:
566:
565:
561:
552:
550:
541:
540:
536:
530:Wayback Machine
521:
517:
511:Wayback Machine
502:
498:
488:
486:
473:
472:
468:
464:
407:
391:
383:
371:
354:
299:
268:
245:
222:
218:
214:
208:
202:
181:
171:
156:
151:, but the UNIX
88:
72:user identifier
44:
37:
30:
28:
23:
22:
15:
12:
11:
5:
926:
924:
916:
915:
910:
900:
899:
896:
895:
890:
882:
881:External links
879:
877:
876:
857:
827:
797:
772:
743:
725:
705:
679:
649:
619:
584:
559:
534:
515:
496:
465:
463:
460:
459:
458:
453:
448:
443:
438:
433:
428:
423:
418:
413:
406:
403:
390:
387:
382:
379:
375:Novell NetWare
370:
369:Novell NetWare
367:
298:
295:
188:authentication
149:home directory
145:root directory
87:
84:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
925:
914:
911:
909:
906:
905:
903:
894:
891:
888:
885:
884:
880:
873:
869:
866:
861:
858:
845:
842:. Microsoft.
841:
840:microsoft.com
837:
831:
828:
816:
812:
806:
804:
802:
798:
786:
782:
776:
773:
768:
764:
760:
759:
754:
747:
744:
732:
728:
722:
718:
717:
709:
706:
693:
689:
683:
680:
668:on 2019-12-22
667:
663:
659:
653:
650:
637:
633:
629:
623:
620:
607:
603:
599:
593:
591:
589:
585:
573:
569:
563:
560:
548:
544:
538:
535:
532:, freebsd.org
531:
527:
524:
519:
516:
512:
508:
505:
500:
497:
484:
480:
479:opengroup.org
476:
470:
467:
461:
457:
454:
452:
449:
447:
444:
442:
439:
437:
434:
432:
429:
427:
424:
422:
419:
417:
414:
412:
409:
408:
404:
402:
400:
396:
388:
386:
380:
378:
376:
368:
366:
364:
359:
350:
347:
342:
340:
336:
332:
328:
324:
320:
319:Windows Vista
316:
312:
308:
304:
296:
294:
292:
288:
284:
280:
276:
271:
266:
262:
258:
253:
251:
242:
240:
236:
232:
228:
211:
205:
200:
196:
191:
189:
184:
179:
174:
169:
165:
161:
154:
150:
146:
142:
138:
133:
131:
127:
123:
122:
117:
113:
109:
105:
101:
97:
93:
85:
83:
81:
77:
73:
69:
65:
61:
60:administrator
57:
53:
49:
41:
34:
19:
860:
850:16 September
848:. Retrieved
839:
830:
819:. Retrieved
789:. Retrieved
775:
767:the original
757:
746:
735:. Retrieved
715:
708:
696:. Retrieved
682:
672:16 September
670:. Retrieved
666:the original
661:
652:
642:16 September
640:. Retrieved
631:
622:
612:16 September
610:. Retrieved
601:
576:. Retrieved
562:
551:. Retrieved
537:
518:
499:
487:. Retrieved
478:
469:
392:
384:
372:
360:
351:
343:
307:Windows 2000
300:
274:
254:
243:
238:
234:
230:
226:
223:/etc/sudoers
194:
192:
177:
164:bootstrapped
160:
140:
136:
134:
120:
111:
103:
99:
89:
67:
63:
59:
55:
47:
45:
250:audit trail
902:Categories
821:2014-02-26
791:2012-08-07
737:2018-12-17
662:redhat.com
632:redhat.com
602:ubuntu.com
598:"RootSudo"
578:2015-05-11
553:2012-08-07
513:, catb.org
489:12 January
475:"getpwuid"
462:References
431:Power user
411:Hypervisor
399:Windows 95
363:Windows NT
311:Windows XP
303:Windows NT
68:supervisor
40:Power user
33:Super User
763:Bell Labs
753:Pike, Rob
545:. LINFO.
287:exploited
279:Apple iOS
259:and some
168:Unix-like
135:The name
92:Unix-like
48:superuser
18:Root user
868:Archived
844:Archived
815:Archived
785:Archived
731:Archived
698:1 August
692:Archived
636:Archived
606:Archived
572:Archived
547:Archived
526:Archived
507:Archived
483:Archived
405:See also
446:Rootkit
381:OpenVMS
283:Android
241:group.
126:user ID
723:
426:passwd
317:, and
291:Plan 9
265:Ubuntu
112:avatar
355:runas
261:Linux
257:macOS
237:, or
235:admin
227:wheel
183:login
166:in a
157:/root
130:ports
104:baron
96:Linux
64:admin
852:2015
721:ISBN
700:2016
674:2015
644:2015
614:2015
491:2019
451:sudo
346:Unix
281:and
275:root
270:sudo
246:sudo
239:sudo
219:sudo
210:sudo
195:root
173:init
141:root
137:root
121:toor
110:and
108:BeOS
100:root
56:root
395:DOS
373:In
361:In
301:In
231:adm
116:BSD
106:in
98:),
90:In
66:or
58:,
904::
838:.
800:^
761:,
729:.
690:.
660:.
634:.
630:.
604:.
600:.
587:^
570:.
481:.
477:.
335:11
331:10
313:,
309:,
233:,
229:,
215:su
204:su
62:,
854:.
824:.
794:.
740:.
702:.
676:.
646:.
616:.
581:.
556:.
493:.
333:/
329:/
327:8
325:/
323:7
321:/
159:.
42:.
35:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.