330:). In Windows XP and earlier systems, there is a built-in administrator account that remains hidden when a user administrator-equivalent account exists. This built-in administrator account is created with a blank password. This poses security risks as local users would be able to access the computer via the built-in administrator account if the password is left blank, so the account is disabled by default in Windows Vista and later systems due to the introduction of User Account Control (UAC). Remote users are unable to access the built-in administrator account.
338:
accounts in
Windows systems without UAC do not insulate the system from most of the pitfalls of full root access. One of these pitfalls includes decreased resilience to malware infections. To avoid this and maintain optimal system security on pre-UAC Windows systems, it is recommended to simply authenticate when necessary from a standard user account, either via a password set to the built-in administrator account, or another administrator account.
342:
password of an administrator in standard user accounts. In
Windows XP (and earlier systems) administrator accounts, authentication is not required to run a process with elevated privileges. This poses a security risk that led to the development of UAC. Users can set a process to run with elevated privileges from standard accounts by setting the process to "run as administrator" or using the
346:
command and authenticating the prompt with credentials (username and password) of an administrator account. Much of the benefit of authenticating from a standard account is negated if the administrator account's credentials being used has a blank password (as in the built-in administrator account in
341:
In
Windows Vista/7/8/10/11 administrator accounts, a prompt will appear to authenticate running a process with elevated privileges. Usually, no user credentials are required to authenticate the UAC prompt in administrator accounts but authenticating the UAC prompt requires entering the username and
337:
root account – Administrator, the built-in administrator account, and a user administrator account have the same level of privileges. The default user account created in
Windows systems is an administrator account. Unlike macOS, Linux, and Windows Vista/7/8/10 administrator accounts, administrator
165:, runs with root privileges. It spawns all other processes directly or indirectly, which inherit their parents' privileges. Only a process running as root is allowed to change its user ID to that of another user; once it has done so, there is no way back. Doing so is sometimes called
646:
624:
71:
recommends that most users and applications run under an ordinary account to perform their work, as a superuser account is capable of making unrestricted, potentially adverse, system-wide changes.
773:
654:
719:
390:
did allow multiple accounts, this was only so that each could have its own preferences profile – all users still had full administrative control over the machine.
91:
is the conventional name of the user who has all rights or permissions (to all files and programs) in all modes (single- or multi-user). Alternative names include
680:
514:
616:
560:
326:), there must be at least one administrator account (Windows XP and earlier) or one able to elevate privileges to superuser (Windows Vista/7/8/10/11 via
471:
769:
881:
832:
803:
382:
On many older OSes on computers intended for personal and home use, anyone using the system had full privileges. Many such systems, such as
856:
59:. In some cases, the actual name of the account is not the determining factor; on Unix-like systems, for example, the user with a
117:
of 0. The root user can do many things an ordinary user cannot, such as changing the ownership of files and binding to network
190:
in entering commands can cause major damage to the system. Instead, a normal user account should be used, and then either the
713:
495:
745:
594:
169:
and is often done as a security measure to limit the damage from possible contamination of the process. Another case is
901:
347:
Windows XP and earlier systems), hence why it is recommended to set a password for the built-in administrator account.
262:– but this is configured to ask them for their password before doing administrative actions. In some cases the actual
676:
67:
model, any user with the role of superuser (or its synonyms) can carry out all actions of the superuser account. The
113:("root" written backward) account in addition to a root account. Regardless of the name, the superuser always has a
511:
896:
556:
104:
141:
535:
68:
463:
275:
63:(UID) of zero is the superuser, regardless of the name of that account; and in systems which implement a
271:
266:
account is disabled by default, so it can't be directly used. In mobile platform-oriented OSs such as
824:
253:
799:
853:
703:
279:
429:
424:
327:
40:
8:
414:
303:
64:
404:
274:, superuser access is inaccessible by design, but generally the security system can be
709:
444:
409:
210:
method requires that the user be set up with the power to run "as root" within the
118:
43:. Depending on the operating system (OS), the actual name of this account might be
860:
518:
499:
60:
492:
755:
363:
241:
of who has used the command and what administrative operations they performed.
192:
176:
137:
133:
21:
256:), automatically give the initial user created the ability to run as root via
890:
586:
386:, did not have the concept of multiple accounts, and although others such as
307:
152:
175:
and other programs that ask users for credentials and in case of successful
295:
238:
108:
136:
of a Unix system. This directory was originally considered to be root's
419:
399:
387:
351:
323:
319:
299:
291:
28:
751:
315:
311:
267:
156:
80:
741:
875:
531:
434:
114:
333:
A Windows administrator account is not an exact analogue of the
206:
approach requires the user to know the root password, while the
354:, 2000 and higher, the root user is the Administrator account.
237:
approach is now generally preferred – for example it leaves an
179:
allow them to run programs with privileges of their accounts.
854:"Supervisor (Bindery) User Created on Every NetWare 4 Server"
532:"What is root? - definition by The Linux Information Project"
249:
245:
171:
84:
439:
334:
258:
198:
187:
161:
96:
557:"/root : Home directory for the root user (optional)"
374:
In OpenVMS, "SYSTEM" is the superuser account for the OS.
383:
214:
file, typically indirectly by being made a member of the
366:, the superuser was called "supervisor", later "admin".
800:"Enable and Disable the Built-in Administrator Account"
132:
is the only user account with permission to modify the
186:
is never used as a normal user account, since simple
16:
Special user account used for system administration
705:Host Integrity Monitoring Using Osiris and Samhain
739:
278:in order to obtain it. In a few systems, such as
888:
794:
792:
790:
701:
294:and later systems derived from it (such as
878:– by The Linux Information Project (LINFO)
787:
762:
581:
579:
577:
202:(substitute user do) command is used. The
377:
574:
889:
144:now recommends that root's home be at
74:
882:An Introduction to Mac OS X Security
683:from the original on 5 November 2016
597:from the original on 5 November 2011
285:
474:from the original on 22 August 2015
39:is a special user account used for
13:
835:from the original on 13 March 2016
512:"What is this UID 0 toor account?"
14:
913:
869:
744:; Presotto, Dave; Quinlan, Sean,
357:
627:from the original on 5 June 2015
282:, there is no superuser at all.
847:
817:
806:from the original on 2013-11-27
802:. microsoft.com. 25 July 2008.
776:from the original on 2012-07-11
733:
722:from the original on 2024-05-24
695:
563:from the original on 2005-05-25
538:from the original on 2021-05-08
493:The Jargon File (version 4.4.7)
669:
647:"2.3. Configuring sudo Access"
639:
617:"4.4. Administrative Controls"
609:
549:
524:
505:
486:
456:
1:
450:
233:For a number of reasons, the
182:It is often recommended that
142:Filesystem Hierarchy Standard
252:distributions (most notably
128:may have originated because
69:principle of least privilege
7:
393:
10:
918:
369:
20:For the Q&A site, see
18:
902:Operating system security
863:, 01 Feb 1996, novell.com
825:"The LocalSystem Account"
740:Cox, Russ; Grosse, Eric;
708:. Elsevier. p. 32.
167:dropping root privileges
103:on some Unix variants.
27:Not to be confused with
770:"Microsoft Corporation"
677:"difference adm - root"
159:system, usually called
83:computer OSes (such as
702:Brian Wotring (2005).
378:Older personal systems
897:System administration
196:(substitute user) or
121:numbered below 1024.
41:system administration
430:Rooting (Android OS)
425:Privilege escalation
328:User Account Control
188:typographical errors
304:Windows Server 2003
244:Some OSes, such as
65:role-based security
859:2017-11-07 at the
747:Security in Plan 9
517:2020-12-22 at the
498:2021-04-18 at the
405:Jailbreaking (iOS)
151:The first process
75:Unix and Unix-like
35:In computing, the
772:. Microsoft.com.
715:978-0-08-048894-3
445:Wheel (computing)
410:nobody (username)
286:Microsoft Windows
107:often provides a
909:
864:
851:
845:
844:
842:
840:
821:
815:
814:
812:
811:
796:
785:
784:
782:
781:
766:
760:
759:
754:, archived from
737:
731:
730:
728:
727:
699:
693:
692:
690:
688:
673:
667:
666:
664:
662:
653:. Archived from
643:
637:
636:
634:
632:
613:
607:
606:
604:
602:
583:
572:
571:
569:
568:
553:
547:
546:
544:
543:
528:
522:
509:
503:
490:
484:
483:
481:
479:
460:
345:
261:
236:
213:
209:
205:
201:
195:
174:
164:
147:
32:
25:
917:
916:
912:
911:
910:
908:
907:
906:
887:
886:
876:root Definition
872:
867:
861:Wayback Machine
852:
848:
838:
836:
823:
822:
818:
809:
807:
798:
797:
788:
779:
777:
768:
767:
763:
758:on 11 July 2018
738:
734:
725:
723:
716:
700:
696:
686:
684:
675:
674:
670:
660:
658:
645:
644:
640:
630:
628:
615:
614:
610:
600:
598:
585:
584:
575:
566:
564:
555:
554:
550:
541:
539:
530:
529:
525:
519:Wayback Machine
510:
506:
500:Wayback Machine
491:
487:
477:
475:
462:
461:
457:
453:
396:
380:
372:
360:
343:
288:
257:
234:
211:
207:
203:
197:
191:
170:
160:
145:
140:, but the UNIX
77:
61:user identifier
33:
26:
19:
17:
12:
11:
5:
915:
905:
904:
899:
885:
884:
879:
871:
870:External links
868:
866:
865:
846:
816:
786:
761:
732:
714:
694:
668:
638:
608:
573:
548:
523:
504:
485:
454:
452:
449:
448:
447:
442:
437:
432:
427:
422:
417:
412:
407:
402:
395:
392:
379:
376:
371:
368:
364:Novell NetWare
359:
358:Novell NetWare
356:
287:
284:
177:authentication
138:home directory
134:root directory
76:
73:
15:
9:
6:
4:
3:
2:
914:
903:
900:
898:
895:
894:
892:
883:
880:
877:
874:
873:
862:
858:
855:
850:
834:
831:. Microsoft.
830:
829:microsoft.com
826:
820:
805:
801:
795:
793:
791:
775:
771:
765:
757:
753:
749:
748:
743:
736:
721:
717:
711:
707:
706:
698:
682:
678:
672:
657:on 2019-12-22
656:
652:
648:
642:
626:
622:
618:
612:
596:
592:
588:
582:
580:
578:
562:
558:
552:
537:
533:
527:
521:, freebsd.org
520:
516:
513:
508:
501:
497:
494:
489:
473:
469:
468:opengroup.org
465:
459:
455:
446:
443:
441:
438:
436:
433:
431:
428:
426:
423:
421:
418:
416:
413:
411:
408:
406:
403:
401:
398:
397:
391:
389:
385:
375:
367:
365:
355:
353:
348:
339:
336:
331:
329:
325:
321:
317:
313:
309:
308:Windows Vista
305:
301:
297:
293:
283:
281:
277:
273:
269:
265:
260:
255:
251:
247:
242:
240:
231:
229:
225:
221:
217:
200:
194:
189:
185:
180:
178:
173:
168:
163:
158:
154:
150:
143:
139:
135:
131:
127:
122:
120:
116:
112:
111:
106:
102:
98:
94:
90:
86:
82:
72:
70:
66:
62:
58:
54:
50:
49:administrator
46:
42:
38:
30:
23:
849:
839:16 September
837:. Retrieved
828:
819:
808:. Retrieved
778:. Retrieved
764:
756:the original
746:
735:
724:. Retrieved
704:
697:
685:. Retrieved
671:
661:16 September
659:. Retrieved
655:the original
650:
641:
631:16 September
629:. Retrieved
620:
611:
601:16 September
599:. Retrieved
590:
565:. Retrieved
551:
540:. Retrieved
526:
507:
488:
476:. Retrieved
467:
458:
381:
373:
361:
349:
340:
332:
296:Windows 2000
289:
263:
243:
232:
227:
223:
219:
215:
212:/etc/sudoers
183:
181:
166:
153:bootstrapped
149:
129:
125:
123:
109:
100:
92:
88:
78:
56:
52:
48:
44:
36:
34:
239:audit trail
891:Categories
810:2014-02-26
780:2012-08-07
726:2018-12-17
651:redhat.com
621:redhat.com
591:ubuntu.com
587:"RootSudo"
567:2015-05-11
542:2012-08-07
502:, catb.org
478:12 January
464:"getpwuid"
451:References
420:Power user
400:Hypervisor
388:Windows 95
352:Windows NT
300:Windows XP
292:Windows NT
57:supervisor
29:Power user
22:Super User
752:Bell Labs
742:Pike, Rob
534:. LINFO.
276:exploited
268:Apple iOS
248:and some
157:Unix-like
124:The name
81:Unix-like
37:superuser
857:Archived
833:Archived
804:Archived
774:Archived
720:Archived
687:1 August
681:Archived
625:Archived
595:Archived
561:Archived
536:Archived
515:Archived
496:Archived
472:Archived
394:See also
435:Rootkit
370:OpenVMS
272:Android
230:group.
115:user ID
712:
415:passwd
306:, and
280:Plan 9
254:Ubuntu
101:avatar
344:runas
250:Linux
246:macOS
226:, or
224:admin
216:wheel
172:login
155:in a
146:/root
119:ports
93:baron
85:Linux
53:admin
841:2015
710:ISBN
689:2016
663:2015
633:2015
603:2015
480:2019
440:sudo
335:Unix
270:and
264:root
259:sudo
235:sudo
228:sudo
208:sudo
199:sudo
184:root
162:init
130:root
126:root
110:toor
99:and
97:BeOS
89:root
45:root
384:DOS
362:In
350:In
290:In
220:adm
105:BSD
95:in
87:),
79:In
55:or
47:,
893::
827:.
789:^
750:,
718:.
679:.
649:.
623:.
619:.
593:.
589:.
576:^
559:.
470:.
466:.
324:11
320:10
302:,
298:,
222:,
218:,
204:su
193:su
51:,
843:.
813:.
783:.
729:.
691:.
665:.
635:.
605:.
570:.
545:.
482:.
322:/
318:/
316:8
314:/
312:7
310:/
148:.
31:.
24:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.