A Root Shell On Ubuntu : The Right Way

By | 2008/05/09

Just the other day we were having a discussion on using the root shell in Ubuntu.  Now, remember, the root user account is disabled with no assigned password on a default Ubuntu system so administrative tasks need to be done using the sudo command.  For nearly all of the administration you would need sudo will be adequate.  There are occasionally those fringe cases where you might require a root shell.  Below I have a few alternatives and then, if you must, the correct way of opening a root shell.

For more information please see the RootSudo page on the Ubuntu Community Wiki.

Alternatives To A Root Shell

One of the most common reasons that a user might need a root shell is due to output redirection not working as expecting while using sudo.  This can be bypassed fairly easily.  Let me outline an example:

sudo echo "foo" > /root/somefile

The above example will not work because the normal user does not have access to write to the root user home directory, and combining the redirection in the command we’ve lost sudo access.

An alternative that will work would look something like this:

echo "foo" | sudo tee /root/somefile

This will echo the output on the console but the tee command ('man tee‘ for more information) will also take that output and write it to the file as expected.  Also note that 'tee -a' will work in the same fashion as >>, appending the data to the current file vs overwriting.

The Proper Way To A Root Shell

If you still need a root shell (perhaps you’ve come across a different scenario? perhaps you’re just lazy? perhaps you’re coming from another distribution?) let me outline the proper way to gain a root shell.

DISCLAIMER: This should be avoided if at all possible.  It is not suggested to run a root shell on an Ubuntu system.  Use at your own risk.  See examples above, etc.

sudo -i

The command sudo -i is the equivalent to the 'su -' command.  This will properly change to the root user, switch to the root user’s home directory, use his (her?) environment values, etc.

sudo -s

The command sudo -s is the equivalent to the 'su' command.  This will change to the root user but will not properly use his (her?) environment values, etc.

The WRONG Way To A Root Shell

Please DO NOT use the following methods to gain root access:

sudo bash, sudo sh, sudo su -, sudo su, sudo -i -u root

If you currently do use these methods this post was written for you!

UPDATE: Based on the feedback in the comments for this post I’ll try to expand the reasoning on *why* the right way is the preferred way.

First of all we need to understand some background information.  When a user creates a session there are a number of environment values that are set.  To have a look at some of these try this command:

env

This will output a number of details about the current working environment.  These environment values may be different for different users.  Some of the values are generated by way of the .bashrc file (assuming a bash shell, of course), the .bash_profile, etc.  Take a look at the .bashrc in your users home directory and compare it with the .bashrc in root’s home directory.

diff -u ~/.bashrc /root/.bashrc

You should see some differences, and this is just from one of the multiple files that are read during a proper login.

When creating a root shell by using ‘sudo bash‘ you are not incorporating the root environment properly.  You are creating a shell with root privileges but the env output is still that of your user.  Each user, whether unprivileged or root, should have unique environment settings to truly be that user.  This will be the case for ‘sudo bash‘, ‘sudo su‘ and ‘sudo sh‘.

39 thoughts on “A Root Shell On Ubuntu : The Right Way

  1. alphager

    I keep hearing that “sudo bash” is bad, but i never see an explanation.
    Why is “sudo bash” considered harmful?

    Reply
  2. PRK

    Interesting post. I do use sudo su. An explanation as to why this should not be used will be very helpful. Thanks!

    Reply
  3. Christer Edwards Post author

    @alphager – ‘sudo bash’ will no longer have any of the benefits of the sudo system. ie; auditing, granular access controls, environment inheritance, etc. See the link to the wiki for more benefits of sudo, most of which are lost using ‘sudo bash’ or similar.

    Reply
  4. mirada

    I get root access in a way that isn’t even listed here – I just went into recovery mode and made a password for the root account.

    Personally I like it this way – for basic tasks I just use sudo, but for the more involved tasks I can use su.

    Reply
  5. Waldo

    Seriously– this is a nice article but it’s missing the most important part–educating the reader about what’s wrong with sudo bash!

    Because that’s what I almost always use… so what am i doing wrong?

    Reply
  6. Vadim P.

    I was hoping PolicyKit would solve the need for “sudo nautilus” or “sudo gedit”, but it didn’t. It’s such a pain to re-do work if you forget to put sudo in front…

    Reply
  7. Christer Edwards Post author

    @Vadim – check out the RootSudo link I have posted. You should be using ‘gksudo gedit’ or ‘gksudo nautilus’ instead as well.

    Reply
  8. Manuel

    I don’t see the differences between sudo -s (the one I use) and sudo bash.

    In both I don’t get to use the root’s environment values.

    Reply
  9. Andrew Zajac

    To avoid a lot of garbage being sent to the console when zcatting a binary file, you can redirect to /dev/null:

    zcat file.gz | sudo tee /dev/device >/dev/null

    Now that more closely resembles the behavior you would expect from:

    sudo zcat file.gz > /dev/device

    BTW, this used to work using Gutsy. What exactly has changed in Hardy?

    Reply
  10. Bob

    I see the issue with “sudo bash” but why wouldn’t “sudo su -” get the proper environment?

    Reply
  11. Ami

    Hmm. “sudo su -” to do the job.

    Unless there’s some sort of security issue with what I do know, I honestly can’t think of any way my life could possibly be improved by using “sudo -i” instead. Not that it would hurt either, but my fingers are well-trained to my current method.

    Reply
  12. Hugo Heden

    Manuel: Correct, in neither case you get the root’s environment.

    However, (if I understand this article