Is superuser the same as root?

Google hits inform that sudo means super user do as I read this SO post here.

I just wanted to verify that when I do

sudo node my_node_program

that I am running the program as the root user.

Does

superuser === root

After some research, Apple states that root is a superuser, which implies that superuser is a group and root is a user in the group.

See support.apple.com.

Seems like everyone is blurring the terms / concepts together.

Sun - FE

Posted 2019-05-20T04:28:22.503

Reputation: 319

Whether or not root is the same as superuser or root is a superuser or those two are completely different concepts altogether depends solely on how you define the term "superuser". So, what's your definition? – Jörg W Mittag – 2019-05-20T08:01:41.927

24sudo means switch user and do. It's just that, like su, it defaults to the root user. – OrangeDog – 2019-05-20T11:08:26.577

5@OrangeDog You just made that up though. su was always super-user and the documentation of sudo from 1993 simply says execute a command as the superuser. You can "backronym" as much as you want, but the sources don't lie. – pipe – 2019-05-20T11:47:00.847

24@pipe In AT&T Unix V7 (1979) the source says "substitute user". Later (and forked) versions changed it to "switch user". The version you're looking at from 1993 obviously didn't get the memo. – OrangeDog – 2019-05-20T12:02:21.500

5@pipe Many manuals commonly refers to "substitute user" for su – Jean-Baptiste Yunès – 2019-05-20T12:11:07.583

2@OrangeDog I'm looking at the 1975 sources. – pipe – 2019-05-20T12:21:16.440

6@pipe well in 1975 (UNIX V6) all it did was elevate to superuser. When they make it more generic, they changed the meaning accordingly. – OrangeDog – 2019-05-20T12:24:12.147

Apple were late to the *nix party. I don't know that I'd use their doco as gospel. – mcalex – 2019-05-21T03:50:25.397

sudo whoami appears reasonably conclusive – jymbob – 2019-05-21T11:52:19.963

1@jymbob - sudo -u someotheruser whoami similarly shows that while root is the default target, the tool is more generic than that. – David Spillett – 2019-05-21T15:07:33.697

@DavidSpillett granted, but the OP asks "when I do sudo node my_node_program [am I] running the program as the root user" so my suggestion was that running a command which print which user just ran the command using sudo is (in that instance) fairly conclusive. su also defaults to root, but that wasn't part of the question, so I didn't include it. – jymbob – 2019-05-22T21:20:53.180

Answers

Yes, as a general rule, root and superuser are the same; "root" is a/the name typically given to a user with full system privileges on a Unix type system.

It is technically possible for other users/accounts to have the same level of access. It's purely semantics, but I guess some people call these accounts "superuser accounts" (which describes the account type and access), while others call the accounts "root accounts", which refers to accounts that have the same access as root - i.e. everything.

BTW, SUDO does not mean super user

SUDO is a mechanism to elevate/change privileges. It is possible to use SUDO to elevate a normal account to superuser privileges, but it can also be used to provide more limited access, e.g. allowing a user to run stuff as another user, which is typically a lot more limited then superuser. (For example, a user might use sudo to run something as the web server user, which would allow them to access resources they normally don't have access to, but it would not allow them to modify security permissions or access stuff which only the root account/super user account should have access to.)

davidgo

Posted 2019-05-20T04:28:22.503

Reputation: 49 152

23substitute user do would suit it better than super user do, in fact. – Xtreme Biker – 2019-05-20T07:35:35.050

24@XtremeBiker I always read sudo as switch user do. – oldherl – 2019-05-20T10:07:21.210

"superuser" could also refer to natural persons who have access to the root account. – OrangeDog – 2019-05-20T11:30:17.990

1No matter what it stands for, let's all just agree it is pronounced sudo and not *sudo*. – user1717828 – 2019-05-20T17:06:35.087

@user1717828 clearly it is "Sue-do" - just make sure you have a user "Sue" with all the necessary permissions. – Baldrickk – 2019-05-21T08:48:42.217

Correct me if I'm wrong, but I believe there is one and only one root account while there can be multiple superusers. You can't create a new root; you can create a new superuser. So in that respect the terms mean different things.

– John Wu – 2019-05-22T05:43:29.283

@JohnWu - You are sort of, but not totally correct. You can indeed have multiple root accounts - if you take any account and give it a UID (and typically GID) of 0, it becomes a root account. When you log in and ask what your name is, it will say "root". Likewise, if you have multiple users with regular accounts, and some kind of elevation system to give them superuser access, when they ask the system what their name it it will typically say root. (I assume here that root is the earliest 0 UID account in the password database, generally a reasonable assumption) – davidgo – 2019-05-22T05:53:59.467

Thanks @davidgo. I was not clear from your answer whether you meant that "root" and "super user" are literally the same on a technical level or if was more about how people refer to them since they do pretty much the same thing. There is some ambiguity there that I think is worth clarifying in your answer. – John Wu – 2019-05-22T06:14:31.387

@XtremeBiker in the post linked by the OP, the accepted answer actually states that sudo stands for "substitute user do". – David – 2019-05-22T19:12:10.613

Superuser is the generic term to refer to the user account used for system administration. That means that the superuser has the ability to perform privileged operations such as creating/deleting user accounts. Please note that the actual name and implementation of the superuser account vary between operating systems.

In Unix-like operating systems (macOS, GNU/Linux, BSD, etc.), the superuser is the account whose UID (user identifier) is zero, no matter how it is named. In most of these OSes, it's named root by convention.

So, while superuser and root can be used interchangeably in most Unix-like OSes, they don't hold the same meaning.

nxnev

Posted 2019-05-20T04:28:22.503

Reputation: 291

1Superuser could also refer to a Windows administrator account – wjandrea – 2019-05-20T14:14:58.207

"The superuser" is often the description of a role in the security model that grants all permissions.

Historically the login / username associated with the role of superuser is root on UNIX-like operating systems like MacOS (and for instance "Administrator" on MS Windows).

Is superuser the same as root?

Yes, for all intents and purposes running a program "as the superuser" or "as root" is the same and you will be able to do things you could not do as "regular" user (such as for instance starting services that listen to reserved ports in the 1-1024 range, creating new users and other system management tasks. )

I just wanted to verify that when I do
sudo node my_node_program
that I am running the program as the root user.

As the manual states (check with man sudo ) running sudo without specifying a user using the optional -u [username|#uid-number] argument, will default to running the command as root.

HBruijn

Posted 2019-05-20T04:28:22.503

Reputation: 1 024

There are differences...

root is the username of a superuser, and is expected to be present in all unixes. root uid is 0, the uid of the superuser.

But there can be many other users with the uid 0, all of which will have superuser rights as well (what counts is the uid, in most cases, and not the username associated with it. the name in /etc/passwd mostly serves to allow ls, find etc to display a human readable name instead of an uid, and to allow some commands to accept a username instead of an uid (chown, etc)).

awk -F':' '($3 == 0)' /etc/passwd  # will list all superuser accounts. root, and maybe others

So no, root and superuser is not equivalent. root is the "main" superuser, but there can be others...

Additionnally, some groups give some "superuser rights" over some files/directories. Or you could have acls allowing more than the superuser to execute something (... but still limited to that user's uid, so it does not automaticcaly grant superuser rights, just may grant access to superuser reserved commands or directories, for exemple). And you could have some /etc/sudoers entries allowing some other logins to execute some commands (or ALL) as the superuser (this time with the superuser effective uid, and therefore rights)...

Olivier Dulac

Posted 2019-05-20T04:28:22.503

Reputation: 818

note that: checking a system for other "uid 0" entry is good to do ... each of those entries is in effect a superuser, and each have its own password ! (giving multiple degrees of password "weakness" for an attacker to exploit, if that attacker knows those other "uid 0" usernames) – Olivier Dulac – 2019-05-20T14:10:26.027

4Ot may be worth adding that there should ideally be a 1:1 mapping between uid and username - certainly it is technically possible to have multiple users with uid 0 and associated root access, but this messes up the ownership name mapping and is not good security practice. Requiring non-root login +sudo gives more traceability and accountability- especially in a distributed environment with remote loging. – davidgo – 2019-05-20T19:45:23.490

@davidgo I agree 100% – Olivier Dulac – 2019-05-20T20:10:55.983

4@davidgo: It might not be good practice, but I think it's still the default practice on some BSDs to have an account named toor with uid 0... (Difference being shells, one has a convenient ksh/bash/zsh the other a guaranteed-to-work sh.) – user1686 – 2019-05-21T06:38:41.350

1@grawity. I just learnt sonething. Seems like those BSDs have it backwards. – davidgo – 2019-05-21T07:01:26.937

@davidgo This was also a long-ago practice when root had a bare-bones /bin/sh login. Some administrators would set up a kroot account that had bin/ksh as the login shell. I'm thinking back to very old SunOS or Irix BSD-based OSes. – doneal24 – 2019-05-22T19:56:19.863

"superuser" was used to qualify a person that has privileges on a system. "root" is the common logname of the superuser in *NIX systems.

That guy is the superuser, his login is "root".

Now, these terms are frequently used interchangeably and harmlessly.

Jean-Baptiste Yunès

Posted 2019-05-20T04:28:22.503

Reputation: 111

TL;DR

When you run sudo, you're changing the effective user and/or group ID of a process call. Sudo defaults to the root user, but can use other users and groups as well (see the -u flag, for example).

The root user is the system's default superuser, but the choice of name is a convention rather than a hardcoded requirement. Don't change it, though, unless you are a masochist.

UID 0 is a Built-in Superuser

You're looking at this backwards. Root is an instance of a superuser (e.g. a user with elevated system privileges), but there can be any number of superusers on a Linux or Unix system. root just happens to be the expected name of the user with a real ID of 0. That user ID (UID) is hardcoded into the kernel and receives special permissions on *nix systems.

The default superuser group (e.g. root on most Linux distros, wheel on most BSD derivatives) can contain other users too, which then have access to things with the relevant read, write, execute permissions set in the group bits of the mode. For example:

-rw-rw-r--  1 root  root  6804 Aug 17  2018 /etc/passwd

This file is readable and writable by the root user, as well as anyone in the root group.

Various utilities like sudo or SGID binaries can provide other users with an effective UID (EUID) or effective GID (EGID) that allows them to perform privileged operations. While not recommended, you can also have more than one user with the same UID, so anyone in /etc/passwd with a UID of 0 is effectively root as well, even if the account names are different. Some BSDs have historically included a toor user with a real UID of 0, along with the standard root user.

You can even rename your root account to something else, if you like. That's generally a bad idea because many scripts and utilities expect the first account with UID 0 to actually be named root, and often use the account's name instead of its UID or GID to set permissions. For example, the following lines are usually equivalent:

chown 0:0 /etc/passwd
chown root:root /etc/passwd

However, while the kernel doesn't care if you rename the root account to toor or even luser, you can generally expect things to break if you don't have your first superuser account named root with a real ID of 0. Think of it as a de facto portability standard, for all practical purposes.

The Default Superuser Group

Most Linux systems use root for the name of the default superuser group. User root is a member of this group. The group is usually assigned a group ID (GID) of 0, but this isn't enforced by the kernel.

On BSD-based systems like macOS, the default superuser group is generally wheel instead of root. This difference can crop up in cross-platform scripting, but isn't as likely to cause unpleasant surprises as a renamed root user.

CodeGnome

Posted 2019-05-20T04:28:22.503

Reputation: 1 841

The internet can be very misleading at times as this google search tells you that sudo stands for super user do. However this is not the case as you can use sudo to switch to other types of users.

root is an instance of a type of user colloquially known as a superuser. "Super" b.c. the user has a high level of access.

There can be many users of the type superuser and you can actually login with the name root in many nix systems.

The reason that people mistake sudo for super user do, is that root is the default user for sudo. You can see this effect by executing the line below.

sudo whoami

will return root

livelong.ai

Posted 2019-05-20T04:28:22.503

Reputation: 108

For me, superuser would represent a group name, while root would be the account belonging to a superuser group (by default). Most of the systems use this analogy.

Apart from the fact the most of the systems call the superuser group "wheel".

Hatebit

Posted 2019-05-20T04:28:22.503

Reputation: 151