Super-User Do (sudo)

When making changes to your system configuration, you need to be root. This is risky business, precisely because root can do pretty much anything. There's no limit (at the system level) to the damage root mistakes can cause.

See sudo 101 for a longer introduction.

Root Privileges

Unix has a rights management system which is quite simple to use, and very good at limiting the risk of unintentionally breaking things. Simply preventing any user from deleting system files, formatting hard drives, etc. makes it much harder for users to break things they shouldn't be messing with.

An enormous advantage of the UNIX rights management (everything is a file, users (and groups of users) have read/write/execute access to each file) is that it has been around virtually forever. All bugs have been fixed, and the pros and cons are well understood. This, of course, is true for UNIX in general. :-)

How To Get Them

Sometimes, you need root privileges. What is the safest way to get them?

Login as root

When hackers try to break into a system, they need to 1) guess or otherwise acquire the name of a user, and 2) guess/acquire the password of that user. Any user account which exists on all systems is a risk, since that gives away 1), leaving only the password. There are ways to find out people's usernames, but leaving a universally known account with supreme privileges open is begging to be hacked. If at all possible, the root account should have logins disabled.

Use su

This is a simple way to switch from being logged in as user A to being logged in as user B (usually root). Since allowing root login is a bad idea, using su to login as root is a bad idea by extension.

Use sudo

This runs a single command with root privileges, without changing the current user. When you are logged in with a low-privilege account, and you try to do something requiring root privileges, the system will tell you so, and you get to think about whether that was really what you intended. It is good practice to require users to re-enter their password (at least occasionally) when using sudo. Note that sudo will require the user password, not the root password (if root is disabled, there is no root password to use...).

Use a graphical sudo-frontend (e.g. gksudo on Ubuntu)

sudo is sufficient for running simple commands on the commandline. However, when starting programs where it is not obvious whether files in the HOME directory will be modified, gksudo should be used. This will handle account-related environment variables correctly, and ensure that no files in your home directory accidentally become owned by root (and hence uneditable using your own account).

gksudo will use a GUI dialog to query for the password.