Follow ZDNET: Add us as a preferred source on Google.
ZDNET key takeaways
- Logging in as the root user should never be done on Linux.
- Using the root account could lead to disaster.
- Sudo is the preferred method of gaining elevated privileges.
When I first started using Linux in 1997, there was one inevitability: at some point, you would have to either log in as root or switch to the root account. I did it. A lot.
Also: Do you need antivirus on Linux?
Anytime I needed to install a piece of software, change a config file in /etc, start or stop a service, or upgrade the OS — any action that required heightened (admin) privileges — I used the root account.
Whenever I needed to access those heightened permissions, I would do one of two things: use the su command to switch to the root user, or log in to the desktop as the root user. Either way, I had to know the root password to do so.
What I didn’t know at the time was how wrong it was to do so.
But then again, back in those days, we didn’t have sudo.
Disaster in the waiting
I was lucky. In all the years I had to make use of the root account in such a way, disaster never struck. I was able to log in as root or switch to the root user without incident.
As I said, I was lucky.
You see, logging in as the root user is asking for disaster to strike. Why?
Also: The first 5 Linux commands every new user should learn
You’re in a busy office or share your house or apartment with others. You log into your Linux PC as the root user because you have a ton of admin tasks to do. In the middle of doing whatever it is you need to get done, you’re called away from your desk.
While you’re gone, another user sits down at your computer. Since you’ve logged in as root, that user has full access to do whatever nefarious thing they want. They might reconfigure something in /etc, install a keylogger, or add some other malicious software package. They can do this because you logged in as root. If they open the terminal window, they have full privileges and can wreak havoc.
That’s not all. If you’re logged in as the root user, a single typo or poorly run command could cause serious problems. You could accidentally use the rm command on the wrong directory and end up with a big problem on your hands.
Brute force attacks
With the root account enabled, a hacker could target your machine and use a brute-force attack (a cyberattack that involves trying all possible password, username, or encryption key combinations) to gain access to the root user. Once they’ve breached the root user account, they can do whatever they want.
Also: 7 Linux commands I can’t live without after 20 years in the terminal
Simply because the root user account was enabled. You wouldn’t even have had to have ever logged into the root account on that machine for this to happen. But because the root account was enabled, the damage a hacker can do is exponentially increased.
In other words, they could do anything they wanted.
A problem with applications
There’s another glaring reason why you should never log in as root. When you log in with the administrator account, every application you use has admin privileges. What could happen?
Say you’re listening to music with your distribution’s default music player and it crashes. Since you’re logged in as root, that app has root privileges. When the app crashes, it could take down critical files by wiping away, say, the contents of the /usr directory.
Also: I install these 11 apps on every new Linux system, and you should, too – here’s why
As well, when you’re logged in as root, every vulnerability in your web browser could have a profoundly negative impact on your system. A small bug in a piece of software could cause major problems for everything.
Someone could even format your drive. You do not want that to happen. Ever.
In comes sudo
All of the above played into the creation of the sudo command, which allows users (who have been granted access to the command) to run commands with admin privileges but doesn’t give them full access to everything. With sudo, users can be limited to what admin privileges they are allowed. You could even limit a user to a single command that requires admin privileges.
When sudo first came into play, people balked about having to type not only four extra characters in their commands but also about the timeout setting, which meant that after the time expired, the user would have to type their sudo password again.
Also: 6 sudo tricks every Linux user needs to know – plus 1 just for fun
It was a tiny inconvenience that delivered big dividends.
Users no longer had to log in as the root user. In some cases (such as with Ubuntu), the root user account is disabled, meaning it can’t be used.
From my perspective and experience, that is exactly how it should be: the root account should be disabled. There are some distributions (such as Debian) that not only ship with the root account enabled but also don’t add standard users to the sudo group. Any time I install Debian, the first thing I do is add my user to the sudo group so I never have to log in as or su to root.
Also: The most beautiful Linux distributions for 2025
If you’re using a distribution that has the root user enabled and didn’t add your user account to sudo, you should at least change the latter so you don’t have to log in as root. I would also recommend that you disable the root user. To do this, you only need to remove the root password and lock the account. These two steps can be done with the following commands:
- Delete the password with: sudo passwd -d root
- Lock the account with: sudo passwd -l root
Just make absolutely certain that your user account has full sudo privileges before you do the above; otherwise, you could wind up with a system wherein you cannot run anything that requires elevated privileges.
Get the morning’s top stories in your inbox each day with our Tech Today newsletter.