A “root” account is a special account on a computer system or network that provides privileged, superuser access and functions to special users. It is often targeted by hackers and malware using tools like a “rootkit.”
Terms related to Root: Superuser, administrative account, admin, supervisor, rootkit, malware, principle of least privilege, role-based access.
A “root” is a special account available on many different computer operating systems and software. A root account provides anyone with root access with high levels of privilege to administer the system. As a result, root level, privileged access is often sought out by criminals and hackers due to the powerful commands it provides, and the ease of accessing sensitive systems, applications, and data.
The actual name of a root account does vary, popular names include root, administrator, admin, superuser, or supervisor. Cybersecurity best practice recommends that the “principle of least privilege” is used to define who has access to the root account — in other words, only trusted users whose roles require them to have system-wide privileges and commands should have a superuser account. All other users should have an ordinary account, with data, applications, and system access and commands defined by their job roles.
Root accounts provide a wide range of commands that can easily be misused — for example, the ability to access all systems and data, the ability to copy or delete the system and its contents, and a wide variety of other privileges.
A “rootkit” is often used by criminals to gain unauthorized access to a root account, A rootkit is a collection of software, often malware, that can hide itself and exploits vulnerabilities and backdoors to give hackers root access. Typically, hackers will exploit vulnerabilities in computer systems to get inside the system and install a rootkit. They can then use rootkit access to gain superuser status whenever they wish.