How to Enable root user account in Ubuntu Linux

This tutorial explains how to enable root user account in Ubuntu step by step with practical examples. There are three ways to enable root account; temporary, for CLI prompt only and for CLI and GUI both. Learn all three methods in detail including how to disable root account again once it is enabled.

While I was preparing this tutorial, I made a quick search “How to enable root user account in Ubuntu” in Google and checked the top ten results. Most of them start with an annoying introduction just like, enable root at your own risk, warning message not to enable root account, ask yourself why you want to enable the root user, precaution message to avoid root user account, blah, blah, blah.

If someone is searching a way to enable the root account or want to use Ubuntu under the root account, definitely he or she have a specific reason or requirement to do this. So, instead of becoming a moral instructor, in this tutorial I will explain only the method and steps which are required to enable and disable the root password in Ubuntu.

If you are interested in knowing the reasons behind keeping the root account in disable state, check these web pages.

https://askubuntu.com/questions/6676/why-is-there-no-option-to-login-as-root

http://ihazomgsecurityskillz.blogspot.in/2010/09/running-as-root.html

Default root account status in Ubuntu

While installing Ubuntu, installation wizard neither provides an option to set root password nor provides any information about the default status of root account. This creates confusion, especially among the newbies. For example, I receive several questions similar to following questions: -

What happened to root account in Ubuntu? Does root account exist in Ubuntu?

Yes … root account exists in Ubuntu and just like the other flavors of Linux; it is the main administrator account in Ubuntu Linux also.

Why did we not get an option to set root password during the installation?

Because Ubuntu wants to keep the root account in disable state.

In Linux, a user account without password or empty password is considered as disabled account. Linux does not allow us to login with an empty password.

To confirm this, we can check the files which keep the records of user accounts in Linux with following commands: -

$sudo grep /etc/passwd
$sudo grep /etc/shadow

/etc/passwd: - This file stores the user database in Linux.

/etc/shadow: - This file stores password for users.

The grep command is used to search for a specific pattern in provided text source.

If you are interested in learning how grep command works in Linux, check this tutorial:-

How to use grep command explained with practical examples

It explains grep command in detail with practical examples.

root user account

Output of above commands confirms that root account exists in Ubuntu. As we can see in above output, password field is occupied by character “x” and “!” in user database file and in password file respectively.
  • The character “x” represents a blank or empty password.
  • The character “!” represents that password is locked.

We have already discussed the blank password and the reason why root password is set to blank in Ubuntu. Let’s understand the locked password.

A locked password means, user is not allowed to use that password. No matter whether you type right or wrong password, if password is locked, login attempt will be failed in every situation.

root login fail

Technically with default installation and without any change root account is disabled and locked in Ubuntu.

Enabling and disabling root account in Ubuntu

As per requirement, we can enable and disable root account in three ways; temporary, for CLI prompt only and for CLI and GUI both. Let’s understand each method in detail with examples.

Enabling root account temporary

If you only need root account for a particular task or job, run following command and supply the super user password to authenticate the access.

$sudo –i

Super user is the user account that we create during the installation or any other user account which we manually add in administrator group.

Disabling root account

Once specific task is finished, use exit command to logout from the root account or simply close the terminal if you have no further task in terminal.

enable root account temporary

Enabling root account for command line (CLI prompt)

With default installation, Linux offers six independent virtual terminals (CLI) and one GUI interface for works. These terminals can be accessed by pressing ALT+CTRL+F(1to7) keys.

To learn what virtual consoles are and how they can be accessed and used, see this tutorial.

Linux Virtual Console Explained

This tutorial explains virtual consoles in detail.

To enable root account for CLI terminal only, use following command: -

$sudo –i passwd root
Enter new UNIX password: [Set new password for root account]
Retype new UNIX password: [Confirm new password]

This command is the combination of two commands. First command unlocks the root account and second command sets the root password.

enable root account for cli

Once root account is unlocked and password is set, it is ready to use for CLI prompt. To confirm this, switch to any CLI terminal, and login with root account

root account login testing command prompt

Disabling root account

If root account is no longer required, you can use following to command to disable it again.

$sudo passwd -dl root

This command makes root password empty and enables the password lock again.

disable root account cli prompt

To confirm the disabling of root account, switch to CLI prompt again and login with root account

verify disable root account login cli

Enabling root account for GUI (Ubuntu Desktop)

Just like previous method, enable root account with following command

$sudo –i passwd root
Enter new UNIX password: [Set new password for root account]
Retype new UNIX password: [Confirm new password]

enable root account gui

GUI (Ubuntu Desktop) has its own security layer which blocks root account. So, even we have a properly enabled root account with password, it will not work in GUI login.

Before we adjust necessary security features, let’s try to login with correct password.

root login fail gui

As we can see in above output, root account is not allowed to login.

In order to allow root account in GUI, we have to modify following files

/etc/gdm3/custom.conf
/etc/pam.d/gdm-password

Before update, let’s take the backup of these files. Backup copy allows us to deal from any unpleasant situation.

$mkdir bakup
$cp /etc/gdm3/custom.conf backup/
$cp /etc/pam.d/gdm-password backup/

backup configuration files

Now open /etc/gdm3/custom.conf file with your favorite text editor.

My favorite text editor is the vi editor. If you haven’t used it, I highly recommend you to learn it. No matter whether you are repairing the system in emergency mode, working with a live CD, working with a remote system or working with a fully loaded Linux, vi is the only editor which is available in every situation and condition.

To learn the vi editor, check this tutorial.

How to use vi editor step by step explained

It explains how to use vi editor in Linux step by step with practical examples.

vi /etc/gdm3/custom.conf

Add following line in the [security] directive and save the file

AllowRoot=true

AllowRoot=true

Now open the /etc/pam.d/gdm-password file

vi /etc/pam.d/gdm-password

Add hash (#) sign in starting of following line and save the file

auth required pam_succeed_if.so user !=root quiet_success

Any line which starts with # is considered as a comment line in configuration file. Shell ignores all comments while it executes a configuration file.

updated /etc/pam.d/gdm-password

To apply these changes, we have to restart the system.

sudo reboot -f

After restart, login from root account to verify the enabling of root account

root login confirm

Disabling root password

Just like previous method, make root password empty and put it in lock condition again with following command

$sudo passwd –dl root

sudo passwd -dl root

Now revert the changes which we made in configuration files. If you have taken the backup of configuration files, just restore the original files back from the backup.

restore orginial file

If you haven’t taken the backup,

  • Remove “AllowRoot=true” line from [security] directive in file /etc/gdm3/custom.conf
  • Remove # sign from the starting of following line
    #auth required pam_succeed_if.so user !=root quiet_success
    in file /etc/pam.d/gdm-password

Enabling and disable root in nutshell

Requirement To enable root account To disable root account
Temporary Run sudo –i command Use exit command or close the terminal
CLI Only Use sudo –i passwd root command. Set root password, when it asks. Use sudo passwd –dl root command
CLI & GUI both

Use sudo –i passwd root command. Set root password, when it asks.

Add “AllowRoot=true” line in [security] directive in file /etc/gdm3/custom.conf file.

Add # in starting of following line
auth required pam_succeed_if.so user !=root quiet_success
in /etc/gdm3/custom.conf file.

Use sudo passwd –dl root command

Remove “AllowRoot=true” from [security] directive in file /etc/gdm3/custom.conf file.

Remove starting # from following line
auth required pam_succeed_if.so user !=root quiet_success
in /etc/gdm3/custom.conf file.

At end of this tutorial, let’s take a quick look on –d and –l option which we used with passwd command.

-d: - This option is used to delete the user’s password. Since Linux does not allow a user to login without password, a user account with blank password will be disabled automatically.

-l: - This option is used to lock the password. Once password is locked, user is not allowed to use that password.

-d and -l options passwd command

That’s all for this tutorial. If you face any problem while enabling or disabling the root account, let me know. I will help you in this procedure. If you like this tutorial, don’t forget to share it with your friends.

ComputerNetworkingNotes Ubuntu Linux Tutorials How to Enable root user account in Ubuntu Linux