In any Linux system there is always one privileged user - root. This user has the rights to perform any actions, delete any files and change any settings. It is almost impossible to somehow limit the freedom of action of root. On the other hand, all other users of the system usually do not have most of the necessary rights, such as the right to install programs, since this is an administrative operation that only root has rights to. Another common operation, accessible only to the superuser, is copying and changing files in system folders, where regular user has no access.

Earlier this problem The solution was quite simple: if you had the root password, you could log into the system under his account or temporarily obtain his rights using the su command. Then perform all the necessary operations and return back to the normal user. In principle, this scheme works well, but it has many significant shortcomings, in particular, it is impossible in any way (more precisely, it is very difficult) to limit administrative privileges to only a certain range of tasks.

Therefore, in modern Linux distributions instead of the root account, the sudo utility is used for administration.

In Ubuntu, by default, the root account is completely disabled, i.e. There is no way you can become root without enabling it. root is disabled, i.e. it is present in the system, you just can’t log into it. If you want to return the ability to use root, see the paragraph below about enabling the root account.

What is sudo

sudo is a utility that grants root privileges to perform administrative operations according to its settings. It allows you to easily control access to important applications on the system. By default, when installing Ubuntu the first user (the one created during installation) is granted full rights on using sudo. Those. in fact, the first user has the same freedom of action as root. However, this behavior of sudo is easy to change; see below in the paragraph about setting up sudo.

Where is sudo used?

sudo is used whenever you run something from the System Administration menu. For example, when you launch Synaptic you will be asked to enter your password. Synaptic is an installed software management program, so to run it you need administrator rights, which you get through sudo by entering your password.

However, not all programs that require administrative privileges automatically run through sudo. Typically, you have to manually launch programs with administrator rights.

Running graphical programs with administrator rights

To launch graphical programs with administrator rights, you can use the program launch dialog, called up by default with the combination Alt keys+ F2 .

Let's say we need to launch the Nautilus file manager with administrator rights in order to somehow change the contents of system folders through the graphical interface. To do this, enter the command in the application launch dialog

Gksudo nautilus

gksudo can be substituted with gksu , and KDE users should also write kdesu instead of gksudo . You will be asked to enter your password, and if you have the necessary rights, Nautilus will run as administrator. You can launch any graphical software with administrator rights by simply writing in the launch dialog

Gksudo<имя_команды>

Be extremely careful when working in applications running with administrator rights. You can perform any operation without any warnings from the system, in particular, delete system files, making the system inoperable.

Running programs with administrator rights in the terminal

To run a command in a terminal with administrator rights, simply type sudo in front of it:

Sudo<команда>

You will be asked to enter your password. Be careful when entering the password no way is not displayed, this is normal and done for security purposes, just type to the end and press Enter. After entering the password, the specified command will be executed as root.

The system remembers the entered password for some time (keeps the sudo session open). Therefore, subsequent executions of sudo may not require entering a password. To guarantee termination of the sudo session, type in the terminal

Additionally, errors related to channels in Linux are common. When executing a command

Sudo cat test.txt | grep text > result.txt

with root rights only cat will execute, so the file result.txt may not register. You need to either write sudo before each command, or temporarily switch to superuser.

Gaining superuser rights to run multiple commands

Sometimes it becomes necessary to run several commands in a row with administrator rights. In this case, you can temporarily become a superuser using one of the following commands:

Sudo -s sudo -i

This will put you in superuser mode (with restrictions imposed through sudo settings), as indicated by the # symbol at the end of the prompt. command line. These commands are similar in action to su , however: - sudo -s- does not change the home directory to /root, the home directory of the calling user remains home sudo -s, which is usually very convenient. - sudo -i- will also change the home directory to /root.

To exit back to normal user mode, type exit or simply press Ctrl + D.

Using a traditional root account and the su command

Unlocking the root account leads to unnecessary risks (working constantly under root, you have 100,500 ways to “shoot yourself in the foot”), and also makes it easier for an attacker to gain access to your computer.

Ubuntu 11.04 and earlier

To log in as root, just give it a password:

Sudo passwd root

Then on the login screen, click Other... and enter the username (root) and password that you set.

Ubuntu 11.10 and older

Starting with version 11.10, the lightdm login manager was installed, and logging in as root is a little more complicated.

1. Set the root password. Enter in terminal:

Sudo passwd root

2. Turn on the “Enter login” item. Enter in terminal:

Gksu gedit /etc/lightdm/lightdm.conf

At the end of the file add:

Greeter-show-manual-login=true

3. Reboot lightdm. Enter in terminal:

Sudo service lightdm restart

That’s it, the “Login” item will appear on the login screen. In the login field we enter “root”, in the password field - the password that we set in the first stage.

To reverse lock the root account, you will need to rollback the changes in the lightdm settings, and also lock the root account with the command in the terminal:

Sudo passwd -l root

Setting up sudo and permissions to run various commands

sudo allows you to allow or disable users from running a specific set of programs. All settings related to access rights are stored in a file /etc/sudoers. It's not really regular file. To edit it necessary(for security reasons) use the command

Sudo visudo

By default, it says that all members of the group admin have full access to sudo, as indicated by the line

%admin ALL=(ALL) ALL

You can read more about the syntax and customization options of this file by running

Man sudoers

If you make a mistake when editing this file, you may completely lose access to administrative functions. If this happens, you need to boot into recovery mode, and you will automatically receive administrator rights and be able to fix everything. You can also edit this file from a LiveCD.

Allow a user to execute a command without entering a password

In order to prevent the system from asking for a password for certain commands, it is necessary to add sudoers after the line # Cmnd alias specification add a line where you list the desired commands with the full path separated by commas (the path of the command can be found by executing which command_name:

# Cmnd alias specification Cmnd_Alias ​​SHUTDOWN_CMDS = /sbin/shutdown, /usr/sbin/pm-hibernate, /sbin/reboot

And add the line to the end of the file

Username ALL=(ALL) NOPASSWD: SHUTDOWN_CMDS

Attention! The above steps do not replace the need to enter the sudo command before your command

Creating synonyms (aliases)

To not only avoid having to enter a password for sudo, but also to avoid having to enter sudo at all, do the following: open the .bashrc file located in your home directory

nano ~/bashrc

and add the lines to the end of the file

alias reboot ="sudo reboot" alias poweroff ="sudo poweroff" alias pm-hibernate="sudo pm-hibernate" alias hibernate ="sudo pm-hibernate" alias shutdown ="sudo shutdown"

The validity period of the entered password

Perhaps you want to change the length of time that sudo lasts without entering a password. This can be easily achieved by adding something like the following to /etc/sudoers (visudo):

Defaults:foo timestamp_timeout=20

Here's sudo for the user foo valid without the need to enter a password for 20 minutes. If you want sudo to always require a password, set timestamp_timeout to 0.

sudo doesn't ask for password

sudo without a password is a terrible security hole, anyone is allowed to do whatever they want. If you allowed this on purpose, immediately return it back to how it was.

However, in some cases, sudo suddenly stops requiring a password on its own. If you do visudo , you can see something like this line, which the user apparently did not add:

ALL ALL=(ALL) NOPASSWD:ALL

Most likely, this disastrous line was added when installing a program like Connect Manager from MTS or Megafon. In this case, it needs to be changed to a line that allows only this Connect Manager to be run as root, something like this:

Username ALL= NOPASSWD: /path/to/program

There are other options for solving the problem, a short discussion.

When we want to run programs as root we use sudo , gksu , gksudo etc. Now my question is how can we run Terminal as root user in Terminal?

I tried using gksudo terminal gksu terminal but nothing happens. and when I run sudo terminal I get the error sudo: terminal: command not found.

The default terminal emulator on Ubuntu is GNOME Terminal. It is located in /usr/bin/gnome-terminal and can be launched using the gnome-terminal command.

What do you really want

Most likely, you want a shell with root privileges, as if it were created from the root login (for example, with all environment variables set to root, not your user).

Assuming what you want, as steeldriver suggested, just run:

You will have a root shell in which the commands you enter will be executed as root (without sudo preceding them).

But if you really want to run a graphical terminal emulator application as root, read on. I present two ways: using gksu/gksdo and the sudo command.

With gksu/gksudo

Since you have gksu installed package you can run gnome-terminal as root with any of:

Gksu gnome-terminal gksudo gnome-terminal

(Since gksu is installed in sudo-mode by default on Ubuntu, they should be equivalent.)

Running gnome-terminal as root without managing gnome-terminal without root privileges:

Almost every desktop environment provides the ability to run a command without having to open a terminal (which then, if closed, will usually terminate the command).

This is usually achieved using Alt + F2 . A text box appears that says Run(or similar) and you will be able to enter your command.

For example, this is similar to Unity:

And like in MATE (GNOME Flashback / Fallback, Xfce, LXDE are similar):

note that This works with gksu and gksudo because they use a graphical authentication dialog. If you were to press Alt + F2 and run sudo... , you won't be able to interact with the password prompt.

With sudo

If you don't have the gksu package and don't want to install it, you can use:

Sudo -H gnome-terminal

The -H flag is important because it sets environment variable HOME in /root instead of your own user's home directory. You Not should use sudo gnome-terminal as it may break the gnome-terminal configuration owned by a non-root user. For getting additional information about this see

• RootSudo on the Ubuntu Help Wiki
• Why users shouldn't use regular sudo to run graphic applications?

(sudo -i gnome-terminal is also ok.)

Getting rid of a control terminal without authority:

If you (1) open a graphical terminal, (2) run something like sudo -H gnome-terminal in it, create a new graphical root terminal and (3) exit the original graphical terminal without root... then the root graphical terminal quits.

This is because the root graphics terminal is sent SIGHUP when the terminal that owns it logs out.

To prevent this, you might consider that you could launch a graphical root terminal instead:

Sudo -H gnome-terminal &

But this will only work if sudo doesn't ask for a password. If this happens, you won't see the password prompt.

One of the methods A workaround for this is to use:

Sudo -v sudo -H gnome-terminal

sudo -v exists only for this purpose. As explained in man sudo, it "update[s] the user's cached credentials, authenticating the user if necessary."

Note that this still won't work if you run directly from the desktop environment's Alt + F2 command line, because you still need a terminal to enter the password for sudo -v .

Or you can do this in what can be called the traditional way, pausing the operation after it has started:

1. Run sudo -H gnome-terminal from the original graphical terminal without root privileges.
2. Enter the password as specified in sudo . The graphical terminal will start.
3. While in a terminal without root privileges, press Ctrl + Z to pause the root terminal. Although the root terminal is suspended, you cannot use it; its interface will not respond to your actions.
4. Exit the control terminal without exit root with exit . The graphical root terminal setting will be automatically canceled and overridden by a non-root terminal.

Sudo -H gnome-terminal ^Z exit

But let's say you wanted to continue using the original, non-root terminal. Then you can run bg N , Where N – number of the graphical root terminal job to resume in the background. You can run jobs to find N but you probably won't have to - this number was shown as [ N ] when you pressed Ctrl + Z. For example:

Ek@Ilex:~$ sudo -H gnome-terminal password for ek: ^Z [ 1 ]+ Stopped sudo -H gnome-terminal ek@Ilex:~$

Short answer:

Gksudo gnome-terminal (assuming gksu is installed)

opens terminal as root:

Root@jacob-satellite-l300:~#

No need to explain that you can use this to open any terminal as root; for example, Vala (gksudo vala-terminal), gksudo xterm (gksudo xterm), Termit (gksudo termit), UXTerm (gksudo uxterm), Konsole (gksudo konsole) and so on.

There is another way to do this, test and work with Ubuntu 16.04 LTS:

First install gnome-panel:

Sudo apt install gnome-panel

Then install gksu:

Sudo apt install gksu

Once installation is complete, run:

Gnome-desktop-item-edit ~/Desktop/ --create-new

This creates a shortcut on your desktop. You should be able to name it. I named mine "X-Term", but you can call yours whatever you want. Enter /usr/bin/gksu * for the "Command" path.

1. Using the command: su

Many commands can only be run by the superuser, so we need to know how to become root. To do this we can use the command: su (switch user). The su command accepts the following formats:

but most often we will use su in order to become a user root:

Su - root

If the username is not specified on the line, the user is automatically assumed to be root, so the command can be shortened:

but both teams behave differently. "su" gives the current user an identity, whereas "su -" gives the current user an identity along with the surroundings that would be obtained by registering as.

Often users use "su" to become root. If you try to run a command (for example - ifconfig), you will receive: "command not found" error.

Su Password: ifconfig bash: ifconfig: command not found

The reason is that normal system users and root user have different environment variables PATH (you can view the user's PATH using "echo $PATH"). After entering Linux commands, the shell will search the user's PATH to try to find a command to run. It starts searching every directory listed in PATH until the target is found.

Regular user commands are typically located in /usr/local/bin, /usr/bin, and /bin. And the root user commands are located mainly in /usr/local/sbin, /usr/sbin, /sbin and the root PATH reflects this. So when you become superuser with "su -", you also accept new way PATH to basic commands. And using only "su", the default user PATH is saved, therefore, when trying to execute a program located in /usr/local/sbin, /usr/sbin, /sbin it will produce the result: "command not found" error. For a more detailed explanation, see the man bash page, especially the login shells section.

So you or should indicate full path to the command (example - /sbin/ifconfig) when using "su", or use "su -" when becoming root.

2. Using Sudo

You don't need to be a superuser every time you want to run some specific administrative functions. Thanks to Sudo, you can run some or all commands as root. When Sudo installed (package: Sudo), you can configure it using the "visudo" command as root. Basically it edits (Vim default) /etc/sudoers, but it is not recommended to do this manually.

Alex ALL=(ALL)ALL

Alex is the username. Save (press escape then type wq) and you're done. Login as alex, and run for example:

$sudo yum update

Sudo will ask for a password. This is Alex's password, not the root user's. So be careful when you grant user rights with Sudo.

But Sudo can do more than just that. We can allow a user or group of users to run only one command or group of commands. Let's go back to our sudoers file. Let's start with alex and alisa, members of the administrator group. If we want all users in the "administrator" group to be able to run every command as superuser, we must modify our example:

%admin ALL=(ALL)ALL

Alex can also execute a superuser command, and Alisa has the right to run Sudo, with the same rights and her password. If alex and alisa are not members of the same group, we can define the user's alias in the sudoers file:

User_Alias ​​ADMINS = alisa,alex

Here we have defined an alias called ADMINS, with members alisa and alex.

However, we don't want Alex and Alisa to be able to run any program as root. We want them to only be able to run "updatedb". Let's define a command alias:

Cmnd_Alias ​​LOCATE = /usr/sbin/updatedb

But this is not enough! We need to tell Sudo that users defined as ADMINS can run commands specified in LOCATE. To do this, we will replace the lines with "%admin" with these:

ADMINS ALL = LOCATE

This means that users in the ADMINS alias can run all commands in the LOCATE alias.

This time, /etc/sudoers looks like this:

User_Alias ​​ADMINS = alisa, alex Cmnd_Alias ​​LOCATE = /usr/bin/updatedb ADMINS ALL = LOCATE

As a result, alex and alisa can run updatedb as root by entering their password.

If the last line in the file is changed:

ADMINS ALL = NOPASSWD:LOCATE

then alex and alisa will be able to execute "sudo updatedb" without entering a password.

You can add more commands to a command alias and more aliases to a rule. For example, we can create an alias NETWORKING containing some network commands like: ifconfig, route or iwconfig:

Cmnd_Alias ​​NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhcclient, /usr/bin/net, sbin/iptables, /usr/bin/rfcom, /usr/bin/wvdial, /sbin /iwconfig, /sbin/mii-tool

Let's add all this to our /etc/sudoers file (using visudo!). We will also grant our ADMINS group the rights to execute programs from the NETWORKING alias:

User_Alias ​​ADMINS = alice, bob Cmnd_Alias ​​LOCATE = /usr/bin/updatedb Cmnd_Alias ​​NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net,/sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool ADMINS ALL = LOCATE, NETWORKING

A quick test: log in as alisa (or alex), and type:

$ping -c 10 -i localhost

The answer should come back quickly:

PING localhost.localdomain (127.0.0.1) 56(84) bytes of data. ping: cannot flood; minimal interval, allowed for user, is 200ms

Now, the same thing but with Sudo:

$sudo ping -c 10 -i 0 localhost PING localhost.localdomain (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.049 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=64 time=0.034 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=3 ttl=64 time=0.021 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=4 ttl=64 time=0.030 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=5 ttl=64 time=0.017 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=6 ttl=64 time=0.016 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=7 ttl=64 time=0.016 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=8 ttl=64 time=0.016 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=9 ttl=64 time=0.016 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=10 ttl=64 time=0.016 ms --- localhost.localdomain ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 1ms rtt min/avg/ max/mdev = 0.016/0.023/0.049/0.010 ms, ipg/ewma 0.187/0.028 ms

Sudo often used to provide certain users partial access to privileged teams so that they can perform limited administrative functions. One of the amenities Sudo is that all commands are written to /var/log/secure. The above example will be described by the line in the log:

Apr 18 11:23:17 localhost sudo: alex: TTY=pts/0 ; PWD=/home/alex ; USER=root ; COMMAND=/bin/ping -c 10 -i 0 localhost

That's all. Now I'll never forget when I used Sudo: "with great power comes great responsibility."

2.1 Sudo shell

If you have enough permissions configured in sudoers, you can also open a root shell using:

In the latest versions only on CentOS 5, sudo -s is used to launch the shell as root. Be very careful, as this may change or create new files in the Root home directory, and install into the calling user's home directory.

3.consolehelper

Consolehelper is a shell for launching Application GUI. When it starts running, it checks the PAM configuration for the required application. This means that we can authenticate the user using all installed PAM modules. The main method is to ask for a password, but if we have the proper equipment. we can authenticate using smart card, tokens, fingerprints, etc. PAM configuration is beyond the scope of this document (see the PAM Administrator's Guide), so we will look at the consolehelper configuration step required to run applications as root and require a root password.

As an example, let's configure /usr/bin/xterm to run as root.

Ln -s /usr/sbin/consolehelper /usr/bin/xterm-root

Now to configure PAM, create a file /etc/pam.d/xterm-root:

#%PAM-1.0 auth include config-util account include config-util session include config-util

Finally, configure consolehelper to run /usr/bin/xterm as root with the command "xterm-root". Create a file /etc/security/console.apps/xterm-root:

USER=root PROGRAM=/usr/bin/xterm

That's all. Run "xterm-root" (from the command line or with a shortcut to the .desktop file), enter the password and go. If you receive the error: "Xlib: connection to ":0.0" refused by server", run "xhost local:root" first.

As you know, Linux takes managing users and granting them permissions to use the system very seriously. A normal user can only write files to their own directory and the /tmp/ directory. It is also possible to read some files in the root file system. But you can’t install programs, because this requires write permission, you can’t change file attributes, you can’t start services, you can’t read some log files, and you can’t do much more.

In Linux, only the root user has the right to manage the root file system and create files there.

In this article we will look at what programs are needed in order to get root rights linux user how they work, how to run a program as root as a normal user and how to run graphics programs with root rights. We will also find out what sudo is and what is the difference between su and sudo.

It would take a very long time to list what an ordinary Linux user cannot do; it’s easier to say what he has the right to, namely, with the standard configuration of file permissions in Linux, an ordinary user can:

• Read, write and change attributes of files in your directory
• Read, write, change attributes of files in the /tmp directory
• Execute programs where it is not prohibited using the noexec flag
• Read files that have the read flag set for all users.

If we need to do something more, we will need Linux root user rights. Root has the right to do everything on your file system, regardless of what permissions are set on the file.

Login as superuser

To log in as root, you can switch to one of the virtual consoles, for example, using the keyboard shortcut Ctrl+Alt+F1 and then enter the login root and root password user.

You will get a full root environment with the ability to do everything, but this method is very impractical as you lose all the benefits of using a GUI.

You can do the complete opposite, enter the root login and its password in the graphical login manager, so that the desktop environment runs as root, and we get all the rights of root linux, but this option is highly not recommended, and very dangerous, you can accidentally damage everything system. Therefore, this method has been disabled in many login managers.

Switch to superuser in terminal

Now we come to something more interesting and practical. Using special utilities, you can switch the current terminal emulator to the superuser environment and execute all the following commands not on your behalf, but on his behalf, thus giving the program root Linux rights. There is a utility called su for this purpose. Generally speaking, this utility allows you not only to switch to the root user but also to any other user, but by default it is root that is used. Let's take a closer look at it. The su linux command has the following syntax:

$su options user

Here are its main options:

• -c, --command- execute the command
• -g, --group- set the main user group (only for root)
• -G --supp-group- additional user groups (for root only)
• -, -l, --login- login mode, all environment variables will be cleared and initialized taking into account the new user, and the home directory will also be changed
• -p, --preserve-environment
• -s, --shell- set the login shell
• --version- display the program version.

Now let's experiment a little to understand how the su linux command works.

First, let's run su without parameters, but first we'll create an environment variable to check how this command deals with them:

Now we do:

Now let's see what happened:

whoami
$pwd
$ echo $VAR
$ echo $PATH
$ exit

From these commands we see that we are now the root user, but the home directory is considered to be the directory of our previous user and our variable has not been saved, and the PATH variable has changed, now the /sbin path is added there.

Now we use login mode:

And let's repeat the same combination:

whoami
$pwd
$ echo $VAR
$ echo $PATH
$ exit

The same situation, only this time the home directory has also been changed to the root directory. But we can save our environment variables if necessary, there is the -p option for this:

As you can see, our variable remains. You can also switch to any other user. For example:

Obtaining superuser rights in this way is used in many distributions, for example, Debian, OpenSUSE, ArchLInux, Gentoo, etc. But in Ubuntu, as a distribution for beginners, logging in as the root user is disabled. This is done because it is also not very secure, you may forget that you are executing a command as root and do something wrong in the system. Therefore, let's move on to the next program.

Getting root rights without switching

To realize the maximum secure interface The sudo command was developed to work with superuser rights in Linux. Let's look at what sudo is. This command is written before each command that needs to be executed as a superuser, and to execute it you need to enter the password not of root, but just of your user. Just like the previous one, this utility has its own options. Let's look at the syntax first:

$ sudo options command

Program options:

• -b- execute the launched utility in the background
• -E- save environment variables
• -g- run the command from the group
• -H- use home directory
• -l- show a list of sudo permissions for the current user
• -r- use the SELinux role for the command
• -s- use shell
• -u- run the command as user, if not specified, use root
• -i- do not execute the command, but enter the shell, equivalent to su -

You can perform the same experiments, only for this command, to understand how to use the sudo command. For example:

Using sudo is the recommended way to run commands as root on Linux. This way you won’t forget what you’re dealing with and have the least risk of damaging the system. But there's one more left unresolved issue- what about graphical utilities? After all, the sudo command does not run them, but running graphical shell running as root is not safe. This is what we will look at next.

Graphically applications as superuser

To run graphical applications as superuser, there are special utilities. They retain all necessary environment variables and permissions. In KDE this is the kdesu command, and in Gnome the gksu command.

Just type gksu or kdesu followed by the command you want:

This command will launch the KDE file manager with superuser rights. In Gnome it will look like this:

The program will ask for a password in the graphical window, and then the file manager will open.

conclusions

That's all. Now you know how to gain superuser rights in Linux, you know how to use the sudo command and what is the difference between sudo and su. Now programs that require additional privileges on the system will not cause you problems. If you have any questions, write in the comments!

If you want to dig into the Android system, you may find that many applications require root rights. Recently, there is practically no need to obtain superuser rights, but still some applications require root rights. This article describes how to root Android and why you might need them.

Why do you need root rights on Android?

Android is based on Linux. On Linux and other Unix-like operating systems, the root user is equivalent to the administrator on Windows. root user has access to the entire operating system and can do anything. By default, you are not rooted on your Android device, and some apps will not work without root privileges. Like other modern mobile operating systems, Android runs applications in a sandbox for security purposes.

A root user always exists in Android, there's just no built-in way to access it. Getting root rights means that you gain access to an account with superuser rights. This process is often compared to jailbreaking an iPhone or iPad, but getting root rights and jailbreaking are different actions.

Root rights allow you to do many useful things. With superuser rights, you can remove or freeze pre-installed applications, run a firewall, enable modem mode even if your operator blocks it, create backup copy system and use many other settings that require low-level access to the system.

Applications that require root access are not difficult to find on Google Play Store, but they won't work until you get superuser rights. Some apps have features that work on rooted devices. Therefore, you need to learn how to root Android to take advantage of these features.

Warnings

Android devices cannot be rooted various reasons. In fact, device manufacturers are trying their best to prevent them from obtaining the rights to Android gadget. And that's why:

• Safety: On rooted devices, applications run outside the sandbox. Applications can abuse the superuser rights you have granted and break into other applications, which is usually not possible. That's why Google doesn't approve using Android Pay on rooted devices.
• Guarantee: Some manufacturers claim that after receiving root rights, the warranty disappears. However, obtaining superuser rights will not violate Hardware. In many cases, you can perform the non-root procedure and the manufacturer will not be able to know whether the root rights have been obtained or not.
• Breaking: As always, you do this at your own risk. Obtaining root rights is usually a safe process, but you do it yourself. If you mess something up, you won't be able to count on free warranty service to fix it. If you are worried whether everything will go smoothly, we recommend that you first look for information about successfully obtaining superuser rights on your device to be sure that there will be no pitfalls in the process.

Additionally, rooting may void your warranty. at least for some types of repairs.

Several ways on how to open root rights on Android

There are many ways to root Android, and which one you should use depends on your phone. In general, rooting will involve one of these processes:

• Unlocking the bootloader: Google and device manufacturers do not officially support rooting, but they do provide an official way for low-level access to some devices, which allows you to later gain root rights. For example, Nexus devices are designed for developers and you can easily unlock the bootloader with a single command. And then get root rights to download the .zip archive containing the file to obtain rights through the recovery screen. The Nexus Root Toolkit for Nexus devices automates this process. Other manufacturers also offer bootloader unlocking methods, but only for certain devices.
• Exploiting a Security Vulnerability: Other devices are blocked. Their manufacturers do not provide an official way to unlock their bootloader and tamper with them software. These devices can only be rooted by exploiting a security vulnerability that allows required file to the system partition.
• Installing CyanogenMod or other custom firmware on Android: Technically, this is an extension of one of the above methods. Unlocking the bootloader operating system and exploitation of security vulnerabilities allow you to install custom ROMs, such as CyanogenMod, which are often already rooted. CyanogenMod has a simple toggle in the settings that allows you to enable or disable root access. Upgrade to new CyanogenMod versions or other custom firmware will not disable root rights if the firmware is already rooted.

In this article we will primarily use the first method, which involves an unlocked bootloader. If your phone requires exploitation of a vulnerability, then we will not be able to help you as this process is different for each phone. You can search for information on how to root Android on the XDA Developers forum. You can use the Kingo Root and Towelroot applications, which allow you to gain superuser rights in one click.

Before you can root your android, you will need to unlock the bootloader using the official method and then install the TWRP recovery environment using these instructions. We will use TWRP to root your phone.

How to download SuperSU on your phone and get root access

So, your bootloader is unlocked and you have installed TWRP. Great! You've done almost everything. To root we are going to use the SuperSU program. This best app, which can grant root access to other applications. SuperSU is also available in Google Play Store, but this version will not give you superuser rights; it can only be used if you already have root rights. Luckily SuperSU is also available as. zip file, which we can download from TWRP. This will allow you to gain superuser rights and install SuperSU app.

So, to get started, follow this link to download the latest version of SuperSU. Download the .zip file to your computer, connect your phone via USB cable to your PC and download SuperSU to your phone.

Next, boot your phone into TWRP mode. This is done differently on different phones, but usually you need to turn off the phone and press and hold the power button + volume up key for 10 seconds, then use the volume keys to go to “ Recovery Mode» and press the power button to select it.

Once you do this you will be taken to the TWRP main screen. Click on the "Install" button.

NOTE: You must backup twrp before continuing.

The following screen will appear. Scroll down and navigate to the zip file you downloaded earlier.

Click on the zip file and you will see this screen. Swipe the slider to confirm installation.

When the process is complete, click on the “Wipe cache/Dalvik” button that appears and swipe the slider to confirm.

When the process is complete, click on the “Reboot System” button to reboot the Android system.

If TWRP asks whether to install SuperSU, click “Do Not Install”. Sometimes, TWRP cannot detect that you already have SuperSU installed.

Managing root rights with the SuperSU application

Now that you have learned how to open root rights on Android, you need to learn how to manage these rights.

After rebooting your phone, you should see a new SuperSU icon in the application menu. SuperSU distributes rights to applications that require them. Whenever an application wants to ask for superuser rights, it must ask your application SuperSU, which will show this request. To make sure that root rights are working, you can download the Root Checker application to check superuser rights.

For example, let's open and add the Clean Master application, which allows you to clean your device of accumulated garbage. It requires root rights for more effective cleansing. After launch, you will see a message stating that you need to provide superuser rights. Click Submit.

To manage root rights, open the application menu and click on the SuperSU icon. You will see a list of applications that have been granted or denied superuser rights. You can click on an application to change its permissions.

To remove root rights, open the SuperSU application, go to settings and select the “Full” option Root removal" If this is applicable for your device, then root rights will be removed.

Now you know how to open root rights on Android and how to remove them. Good luck!