Linux is designed as a multi-user system, where each user is granted certain privileges.

But what happens if we want to grant someone privileges to, say, use networking? What if that is the first account on the system? How would Bobby feel if someone else he doesn't even know said "you can enter Bobby's house". Obviously, what I mean there is: It would be very broken if Linux let people grant other people permission without permission themselves! But then... what if it's the first account on the system? What if that is a user without full permissions? Eeek!

This is where root comes in. Root exists on every Linux system under the sun. Root can do anything and everything, including creating new users. Root is that user who can justifiably tell anyone to enter Bobby's house, since root is the ultimate supreme power in a Linux system, and there is only one root.

But then, why don't we just always run as root if it makes everything so much simpler?

Root's supreme power is sometimes a disadvantage to him. The slightest flick of his wrist can send the entire universe he worked so hard to create crashing down, so he has taken to sitting quietly most of the time for the sake of all other life. In some maniacal systems, root is the only user, and people run as root all the time. The result there is dangerous stuff as mentioned. (Windows typically did this, or at least had a design making this preferable, until very recently).

In other similarly crazy Linux systems, people must log in as root from time to time in order to, for example, add new users or install software. This is safer since being root is a deliberate and short lived act, but still dangerous since they are running millions of lines of code with full access rights. A security flaw can potentially be exploited by malware, giving it immediate access to do anything nasty that it may please. (A mosquito standing on the shoulders of a God, if you will). Even a simple bug in that software can have disastrous consequences when the user it is being run as is actually permitted to change any and all files.

In most Linux systems, we have a system of running programs with certain privileges on the fly. The conventional way is with "sudo", which runs just a single program as root. This means that deliberate act is even more deliberate and does not get out of hand. (Hm... now that I'm awake from my slumber, I may as well poke around the Interwebs for a little while. A minute of absolute power shouldn't hurt anyth--- oops!). Sudo, however, still means that the GUI for said program, as well as lots of other unnecessary code, gets run as root for no good reason.
Thus, an even more fancy technology would be PolicyKit. That one elevates privileges for particular operations for particular programs, ensuring that nothing ever gets out of hand and that we know exactly where every bit of root's absolute power is going.


There, my probably woefully inaccurate (I admit to still learning this stuff) quick explanation of root!