What is root and rootkit in Linux ?
For linux or Unix beginners, it is very difficult to understand what is meant by root in Linux or Unix and what rootkit refers to.
In this post, we will check answers to these queries.
What is root in linux OS ?
root is a superuser login account to Linux OS which has all available privileges.
[root@nglinux ~]# id -a uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [root@nglinux ~]# echo $USER root [root@nglinux ~]#
What is root directory ?
Linux OS filesystem has / as the topmost directory and all directories /home /usr /bin /etc/ /var, etc are available inside this directory.
Hence this topmost directory is called as root directory in Linux system.
[root@nglinux ~]# df -h / Filesystem Size Used Avail Use% Mounted on /dev/sda1 20G 9.5G 9.2G 51% / [root@nglinux ~]# ls / bin cgroup data etc lib media opt root selinux sys usr boot custom dev home lost+found mnt proc sbin srv tmp var [root@nglinux ~]#
Then what is /root in Linux ?
/root is the root user home directory in Linux and must not be confused with root directory i.e. /.
[root@nglinux ~]# cat /etc/passwd | grep ^root: root:x:0:0:root:/root:/bin/bash [root@nglinux ~]# ls -ld /root/ dr-xr-x---. 34 root root 12288 Jan 10 01:16 /root/ [root@nglinux ~]#
What is rootkit in Linux ?
rootkit is a program/executable which can break the system security and can give unauthorized users’ root access and can erase the logs afterwards.
Lets take an example:- I logged into my colleague’s machine, and gained root user access and then erased my work activity on his system, this total task is carried our by rootkit software.