Skip to main content
Engineering LibreTexts

02-A.2: Who Is the Superuser?

  • Page ID
  • Superuser

    As well as the files that a user can create, Linux systems have a number of files which are needed by the system for it to work properly. If these important system files are changed incorrectly they can cause various things to break, so they are protected from changes by default. Certain applications also modify important parts of the system, and so are also protected.

    The way that they are protected is by only allowing users with administrative privileges to change the files or use the applications. In day-to-day use, users will not need to change any system files or use these applications, so by default users do not have administrative privileges.

    Sometimes users do need to use these applications, so they may be able to temporarily get administrative privileges to allow them to make the changes. If an application needs administrative privileges, it will ask for a password. For example, if a user wants to install some new software, the software installer (package manager) will ask for your administrator password so it can add the new application to the system. Once it has finished, your administrative privileges will be taken away again.

    Administrative privileges are associated with certain user accounts. Administrator users are allowed to have these privileges while standard users are not. Without administrative privileges you will not be able to install software. Some user accounts (for example, the “root” account) have permanent administrative privileges. Users should not use administrative privileges all of the time, because it is possible to accidentally change something that was not intended to (like delete a needed system file, for example).

    In summary, administrative privileges allow users to change important parts of the system when needed but prevent users from doing it accidentally.

    What Does “Superuser” Mean?

    A user with administrative privileges is sometimes called a superuser. This is simply because that user has more privileges than normal users. You might see people discussing things like su and sudo; these are programs for temporarily giving you “superuser” (administrative) privileges.

    IMPORTANT CONCEPT: Principle of Least Privilege

    The principle of least privilege is an important concept in information security. It is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Linux employs this principle by restricting user permission to read, write or execute only the files or resources they need to do their jobs. In other words, users are given the least amount of privilege necessary. So on Linux, if a user needs to be able to read a file, but should not have the ability to write to the file, they are given read permission, but not write permission. If a certain user needs to be able to reset a user password, but that user should not be allowed to add a new user, they are given the proper permission to do only those tasks that are necessary to complete their job.

    Why Are Administrative Privileges Useful?

    Requiring users to have administrative privileges before important system changes are made is useful because it helps to prevent your system from being broken, intentionally or unintentionally.

    If you had administrative privileges all of the time, you might accidentally change an important file, or run an application which changes something important by mistake. Only getting administrative privileges temporarily, when you need them, reduces the risk of these mistakes happening.

    Only certain trusted users should be allowed to have administrative privileges. This prevents other users from messing with the computer and doing things like uninstalling applications that you need, installing applications that you don’t want, or changing important files. This is useful from a security standpoint.

    "How do administrative privileges work?" by Ubuntu Documentation Team is licensed under CC BY-SA 4.0

    • Was this article helpful?