How to gain elevated privileges on Debian?

The standard Debian way is to use the root account. In the installer, when you are prompted for a root password, the root account is enabled and assigned the password given. At that step, if you leave the password field empty, the root account would be disabled, and sudo will be installed and enabled for the user you create afterwards. Both can be changed in either direction at any time after installation.

Whichever way the installation went, the root account will be present on the system. When it has no password, it will be simply locked, meaning, you cannot directly access or use it, while if you have a password for it, it will be enabled like any other account. Assigning a password to the root account at any stage will enable, or unlock, the account, while simply removing its password will disable or lock it.

Using the root account

When you have the standard root account enabled, you don't want to log in as root but use the su (substitute user) command instead. This way you can temporarily switch to the root account, and return to your normal user when done.

  • To gain root privileges, open a terminal and type the following command:
  • Press Enter
  • Type the root password when prompted, and press Enter.
  • Do stuff you need, e.g. system updates etc.
  • When finished, type exit and press Enter.

The su command The su command, meaning substitute user, is the way to impersonate another user on a Linux system. It often mistakenly referred to as "super user", as it is most often used to access the root account, but in reality, it can be used to access any account and act on their behalf.

Say on your system there are two users: john, and suzanne. You are logged in as suzanne, but John comes to the computer and wants to access some files only his account can read. He could, of course, log out, and back in as john, or he can issue the command su john, give the password associated with the john account, and access his files like that. Then, when he types exit, the user suzanne can continue using the PC like nothing ever happened. A lot less disruptive.

Of course, there are a lot more deliberate applications of the command su than the above simple example, but this is as good an illustration as anything.

Using sudo

When you have sudo installed and enabled for your user account, you will take a slightly different approach. There should be no way or even need to access the root account directly. You will simply prefix your commands with sudo, to ask for elevated privileges for that command only. Of course, that applies for any command that command might invoke, so if you e.g. start a script with sudo, the whole script will run with the elevated privileges, so better be careful where you use it.

  • To run a command as root with sudo, use the following syntax:
    sudo command

    So for example, to run the system update command(s) apt update && apt upgrade, you would type

    sudo apt update && apt upgrade
  • When prompted, type the user password and press Enter
  • Done. The next command you type will be run as your own user with normal privileges, unless you use sudo again, although you might not be asked for the password again for 15 minutes, depending on the setup.

Remembering the password for 15 minutes is a convenience from sudo, but it can be a source of vulnerability. (Not so much for the home user, but on a multi-user system, or a public computer, etc.)