root is the traditional Unix name for the superuser: the account with UID 0, whose privileges bypass nearly all permission checks. Root can read and write any file, signal any process, load kernel modules, change network configuration, and shut the system down. A compromised root account is a compromised machine.
For historical and security reasons, modern distributions typically discourage direct root logins. Ubuntu, for example, disables the root password entirely and expects users to use sudo. Logging in as root for routine work is considered poor practice because every typo is potentially catastrophic and every compromised process has unlimited power.
The root user's home directory is /root, kept separate from /home so that it is still available even if /home is unmounted. Root has its own profile and shell configuration there, and some commands (notably sshd_config's PermitRootLogin) exist specifically to control whether root may log in remotely.
Not all power needs to be root. Linux's capabilities system lets specific privileges (like CAP_NET_BIND_SERVICE for binding to low ports) be granted to particular processes or binaries, so services can do their job without needing full root. This is the direction modern Linux security is moving.
Related terms: sudo, Capabilities
Discussed in:
- Chapter 9: Users, Groups, and Permissions — Users Are Numbers
Also defined in: Textbook of Linux