Escalating to root permissions

jon-l-cosby · May 23, 2026, 8:08pm

How do you gain root permissions in the terminal? Typing ‘sudo’ at every command is redundant. There’s su, but I don’t have any idea what the root password is.

hdd-gehrke · May 23, 2026, 8:40pm

See the manual page of sudo:

-i, --login
                 Run the shell specified by the target user's password database entry as a login shell.  This means that login-specific resource files such as .profile, .bash_profile,
                 or .login will be read by the shell.  If a command is specified, it is passed to the shell as a simple command using the -c option.  The command and any arguments are
                 concatenated, separated by spaces, after escaping each character (including white space) with a backslash (‘\’) except for alphanumerics, underscores, hyphens, and
                 dollar signs.  If no command is specified, an interactive shell is executed.  sudo attempts to change to that user's home directory before running the shell.  The com‐
                 mand is run with an environment similar to the one a user would receive at log in.  Note that most shells behave differently when a command is specified as compared to
                 an interactive session; consult the shell's manual for details.  The Command environment section in the sudoers(5) manual documents how the -i option affects the envi‐
                 ronment in which a command is run when the sudoers policy is in use.

Alternatively - e.g. you don’t like the shell set for root (usually /usr/bin/sh which is a symlink to /usr/bin/dash) you could also do sudo bash or sudo zsh.

ericmarceau · May 23, 2026, 8:50pm

You could create a custom “Launcher” on your Panel with a command similar to this one:

pkexec mate-terminal --geometry=120x28+0+275 -e "nice -n -19 bash"

That gives me a root-based terminal after I enter my login password (same password as for sudo).

That is also the very first thing I do after my Desktop Manager comes to usable state.

peterwhite23 · May 23, 2026, 10:19pm

That’s not quite correct. Root has bash as login shell just like any other user. It is also true that dash is the default /bin/sh provider. But those are not related to each other.

As for the original issue, sudo -s is the equivalent of su; -i behaves like a login shell, whose equivalent would be su -, IIRC.

Oh, forgot about the root password; there is none, which is a security hardening feature which should be left alone, because that way one cannot login as root, which is relevant in remote access environments, e.g. SSH.

Yes, but it also serves as a reminder that the safety is off.

peterwhite23 · May 23, 2026, 10:29pm

Yikes! A careless stress $(nproc) can render your machine unresponsive.

graymech · May 23, 2026, 10:36pm

I do not agree that using the sudo prefix is redundant. That is creating a false impression.

Ubuntu has always disabled the root account. That is still the official Ubuntu policy. I am not happy to even link to a very, very old Ubuntu Wiki article on this subject. This is dangerous knowledge that the uninformed will use and break the OS..

I will quote sections.

By default, the root account password is locked in Ubuntu. This means that you cannot login as root directly or use the su command to become the root user. However, since the root account physically exists it is still possible to run programs with root-level privileges. This is where sudo comes in - it allows authorized users (normally “Administrative” users;

When giving advice on the Ubuntu Forums and IRC, please take the time to teach “the basics” such as ownership, permissions, and how to use sudo / gksu / kdesudo in such a way that new users do not break systems.

Enabling the root account is rarely necessary. Almost everything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo. If you really need a persistent root login, the best alternative is to simulate a root login shell using the following command…

Please remember that platforms like this are read by new users. I am thankful that years ago as a new user reading posts in Ubuntu Forums members took the time to warn about the risks whenever someone wanted to know how to enable the root account.

It impressed on me a great respect for certain knowledge.

I once installed Debian. It created a root account and a user account. I found myself still using the root account long after I needed to be root. No. No. I much prefer the Ubuntu way which is still the standard in Ubuntu 26.04 LTS. And yes, I know about sudo-rs. The Ubuntu principle has not changed.

graymech · May 23, 2026, 10:54pm

To confirm that “sudo” is most definitely not redundant I quote the latest Officail Ubuntu Documentation.

Official Ubuntu documentation relevant to the root account

Scroll down to the heading: The Modern Solution.

Better to disable the root account entirely and then, instead of allowing long-lived terminal sessions with dangerous powers, require the user to specifically request superuser rights on a per-command basis. The key to this approach is a command called sudo (as in “switch user and do this command”).

sudo is used to prefix a command that has to be run with superuser privileges. A configuration file is used to define which users can use sudo, and which commands they can run. When running a command like this, the user is prompted for their own password, which is then cached for a period of time (defaulting to 15 minutes), so if they need to run multiple superuser-level commands they don’t keep getting continually asked to type it in.

Running Ubuntu as root defeats the purpose of Permission Prompting.

ericmarceau · May 24, 2026, 1:39am

Maybe you misunderstood.

That gives you a terminal with a bash session, waiting for your manual command input. How is that any different from you entering that same command with a sudo prefix?

I have safely opened such terminal sessions over the last 40 years. It is a matter of awareness and discipline, just as I am doing now while responding to this post.

The sudo command was developped as a system shield against sysadmins who don’t have the necessary awareness or discipline to be root in an environment that impacts a “global” system, as opposed to a self-owned domain.

Like many who were “raised” without sudo (firstly with HP-UX sys admin in 1984 on an HP9000 model 550 20-user system, I am now 70), for my context which is limited to a personal desktop, sudo is a crutch which I prefer to avoid unless forced to by an outside provider’s imposed process.

If you context is admin of a multi-user Corporate system, nowadays, CYA dictates that you should be using sudo for just about anything that is sysadmin related, especially to keep the sysadmin action command log clean and separate from you personal BASH history!

peterwhite23 · May 24, 2026, 1:46am

It’s the fact that you chose to nice -n -19 that bash session which should result in the second highest nice priority -19 and running something like stress -c $(nproc) that gobbles up all CPU time…

~~You may also want to check if that fails silently because only root is allowed to use negative nice values by default.~~ (I’ve just realized that I totally forgot about the pkexec)

ericmarceau · May 24, 2026, 2:42am

Well, Peter …

Process Hierarchy (extract from pt.sh):

   PID   PPID  TTY  USER                    COMMAND
                           *      *      *
  2518   2175    ?  ericthered              | | | | mate-panel
  3059   2518    ?  root                    | | | | | /usr/bin/mate-terminal --geometry=120x28+0+275 -e nice -n -19 bash
  3124   3059   /0  root                    | | | | | | bash
 17024   3124   /0  root                    | | | | | | | /bin/sh /Oasis/bin/Priority__Report.sh
  4775   3059   /1  root                    | | | | | | bash
 15683   4775   /1  root                    | | | | | | | /bin/sh /Oasis/bin/pt.sh
                           *      *      *

( I need to revisit the code to add the nice value column in that report directly. )

Process Priority:

    PID    PPID USER            %CPU    NI COMMAND
                           *      *      *
   2518    2175 ericthered       0.0     0 mate-panel
   3059    2518 root             0.1     0 /usr/bin/mate-terminal --geometry=120x28+0+275 -e nice -n -19 bash
   3124    3059 root             0.0   -19 bash
  17024    3124 root             0.0   -19 /bin/sh /Oasis/bin/Priority__Report.sh
   4775    3059 root             0.0   -19 bash
  15683    4775 root             2.6   -19 /bin/sh /Oasis/bin/pt.sh
                           *      *      *

The priority is being assigned and maintained for children. That is the whole point of using pkexec.

peterwhite23 · May 24, 2026, 2:45am

So you must have some additional privileges for your user then, I suppose. May also be due to being member of some audio or pipewire group.

And I didn’t say anything about inheritance, that’s implied anyway. Any child of the shell, pkexec or not, will inherit the same nice value.

My point is that you have a loaded with such a shell always available, possibly as the default of all terminals, because you can effectively DoS your system with it by running something that eats all the CPU time. For instance, the terminal itself has nice=0; would it even be able to react to SIGINT coming from your keyboard?

ericmarceau · May 24, 2026, 2:49am

Interesting! I am a member of the audio group:

audio:x:29:pulse,ericthered

I was not aware of that.

Can you explain how that would raise my privilege levels?

I have at least 1 root terminal open at all times, because sometimes I need to intervene with high-priority because I don’t like what I see going on elsewhere, and the computer in those circumstances can be so sluggish as to be near-unresponsive, hence the root comman line, ready to “launch” my rockets!

peterwhite23 · May 24, 2026, 2:52am

Those have settings in /etc/security/limits.d to allow for realtime prio via rtkit, for instance. Raising the limit on nice is just part of that deal.

ericmarceau · May 24, 2026, 2:54am

Thank you! That is the second new thing I’ve learned today! Not bad for a my ancient brain!

BTW, nice touch with the “shoot yourself in the foot” icons!

peterwhite23 · May 24, 2026, 2:56am

Thanks! I saw all these emojis and they just beckoned me.

ericmarceau · May 24, 2026, 3:00am

I especially like the “detachment” conveyed by the water pistol! We all know how much worse it is, if we do the wrong thing!

peterwhite23 · May 24, 2026, 3:02am

BTW, it’s most likely the pipewire group, because I have this:

$ sudo grep -rE 'nice|rtprio' /etc/security/limits.d
/etc/security/limits.d/@video.conf:#        - nice - max nice priority allowed to raise to values: [-20, 19]
/etc/security/limits.d/@video.conf:#        - rtprio - max realtime priority
/etc/security/limits.d/@video.conf:@video               -       rtprio          20
/etc/security/limits.d/@video.conf:@video               -       nice            -11
/etc/security/limits.d/@pipewire.conf:@pipewire - rtprio 88
/etc/security/limits.d/@pipewire.conf:@pipewire - nice -11
/etc/security/limits.d/25-pw-rlimits.conf:@pipewire   - rtprio  95
/etc/security/limits.d/25-pw-rlimits.conf:@pipewire   - nice    -19
/etc/security/limits.d/10-gamemode.conf:@gamemode - nice -10

But I can’t quite remember if they ship like that with Ubuntu or if I did that.

peterwhite23 · May 24, 2026, 3:07am

Now I’m curious and I hope you are too, because I’d like to ask you the favor of running this command in the nice -19 shell:

stress -c $(nproc)

XxXxX · May 24, 2026, 6:07am

i use sudo for single programs. IE > sudo gedit

to open single files i use sudo nano. IE > sudo nano /etc/systemd/resolved.conf

and to open nautilus as /root i use. IE > nautilus admin://

rubi1200 · May 24, 2026, 7:48am

Since this is not exactly a support request, topic moved to the Lounge, which is more for general discussions.