What is root and rootkit in Linux ?

For linux or Unix beginners, it is very difficult to understand what is meant by root in Linux or Unix and what rootkit refers to.

In this post, we will check answers to these queries.

What is root in linux OS ?
root is a superuser login account to Linux OS which has all available privileges.

[root@nglinux ~]# id -a
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@nglinux ~]# echo $USER 
root
[root@nglinux ~]# 

What is root directory ?
Linux OS filesystem has / as the topmost directory and all directories /home /usr /bin /etc/ /var, etc are available inside this directory.
Hence this topmost directory is called as root directory in Linux system.

[root@nglinux ~]# df -h /
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        20G  9.5G  9.2G  51% /
[root@nglinux ~]# ls /
bin   cgroup  data  etc   lib         media  opt   root  selinux  sys  usr
boot  custom  dev   home  lost+found  mnt    proc  sbin  srv      tmp  var
[root@nglinux ~]# 

Then what is /root in Linux ?
/root is the root user home directory in Linux and must not be confused with root directory i.e. /.

[root@nglinux ~]# cat /etc/passwd | grep ^root:
root:x:0:0:root:/root:/bin/bash
[root@nglinux ~]# ls -ld /root/
dr-xr-x---. 34 root root 12288 Jan 10 01:16 /root/
[root@nglinux ~]# 

What is rootkit in Linux ?
rootkit is a program/executable which can break the system security and can give unauthorized users’ root access and can erase the logs afterwards.
Lets take an example:- I logged into my colleague’s machine, and gained root user access and then erased my work activity on his system, this total task is carried our by rootkit software.

Note:- Beware of rootkits and stay away from them to secure your data. They can steal your data as well.

Leave a Reply

avatar
  Subscribe  
Notify of