root (UID 0)
The root account is the ultimate authority on the system. Any process running as UID 0 bypasses normal permission checks.
Solaris · Super User
Solaris · Lesson 9
Super User
Root and sudo privilege management. RBAC concepts in Solaris. Secure administration methods. Audit and compliance controls.
What is the super user in Solaris?
The super user, traditionally called root, has full control of the system. Root can read and modify any file, manage services, storage, networking and security. Because of this power, you must be extremely careful when using elevated privileges.
Solaris also supports Role-Based Access Control (RBAC), which allows administrators to delegate specific privileges without handing out the root password to everyone.
Core super-user concepts
su and root shells
su - temporarily switches you to another account, often root. The hyphen (-) loads that user’s environment.
RBAC, roles and pfexec
RBAC roles and pfexec allow users to run some privileged commands without giving full root access for everything.
Step-by-step commands related to the super user
Use these examples in your Solaris lab. Start from a normal user where possible, and switch to root only when needed.
1. Identify the super user (root) account
The root account has UID 0 and unrestricted access. You should always confirm when you are root.
terminal — super user
solaris-lab[root@solaris ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@solaris ~]# whoami
root
[root@solaris ~]# grep '^root:' /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
2. Use su - to become root from a normal user
A normal user with the right password or role assignment can switch to root using su -. Always use the hyphen (-) to get a full root environment.
terminal — super user
solaris-lab[devuser@solaris ~]$ id
uid=1100(devuser) gid=10(staff) groups=10(staff)
[devuser@solaris ~]$ su -
Password: ********
Oracle Corporation SunOS 5.11 Solaris 11.4
[root@solaris ~]# id
uid=0(root) gid=0(root) groups=0(root)
3. Check RBAC roles assigned to your account
Solaris uses Role-Based Access Control (RBAC). A user can have roles that allow privileged tasks without giving away the root password.
terminal — super user
solaris-lab[devuser@solaris ~]$ roles
oracle
[devuser@solaris ~]$ su - oracle
Password: ********
Oracle Corporation SunOS 5.11 Solaris 11.4
[oracle@solaris ~]$ id
uid=1101(oracle) gid=60(dba) groups=60(dba)
4. Run a privileged command with pfexec
If RBAC is configured, pfexec lets a user run specific commands with elevated privilege without a full root shell.
terminal — super user
solaris-lab[devuser@solaris ~]$ pfexec id
uid=0(root) gid=0(root) euid=0(root) egid=0(root) groups=0(root),10(staff)
[devuser@solaris ~]$ pfexec svcs svc:/network/ssh:default
STATE STIME FMRI
online 10:20:31 svc:/network/ssh:default
5. Check if sudo is available (optional)
Some Solaris environments also use sudo. It allows fine-grained command execution as root with logging and policy in /etc/sudoers.
terminal — super user
solaris-lab[devuser@solaris ~]$ sudo -l
User devuser may run the following commands on this host:
(root) /usr/sbin/svcs
(root) /usr/sbin/svcadm
[devuser@solaris ~]$ sudo svcs ssh
STATE STIME FMRI
online 10:20:31 svc:/network/ssh:default
Best practices when working as root
Minimise root usage
- Use normal accounts for day-to-day work; only switch to root when absolutely necessary.
- Keep root sessions short. Exit back to your normal user once the privileged task is complete.
- Avoid running complex one-liner commands as root unless you are fully confident in what they do.
Auditability and control
- Prefer RBAC roles, pfexec or sudo so that privileged activity can be logged and controlled.
- Do not share the root password in chat or email; use secure channels and change it when people leave the team.
- Periodically review who has root access or privileged roles on critical systems.
Think twice before pressing ENTER as root
- Always re-read destructive commands (
rm -r,zfs destroy,svccfg delete, etc.) before executing them as root. - When testing new or risky commands, try them first as a normal user or in a lab environment.
- Keep clear separation between lab, test and production servers so you don't accidentally run experiments on the wrong system.
In upcoming lessons, you will use super-user privileges for process management, service control and storage administration. Understanding root and roles now will make those topics much safer.