The standard administrative superuser account on Microsoft Windows is called
Administrator. On Unix-like systems, it is called
root instead. It’s normally a bad idea to use an administrative account for anything that you can do with a less privileged account, because any time you use any user account at all you expose that particular account to potential threats if the software run under that account’s privileges has a vulnerability that can allow someone to compromise the user account.
If you use Firefox to browse the Web, and it turns out Firefox has some kind of scripting vulnerability that allows a malicious script on a Website to install a backdoor on your system, how vulnerable you are depends to some degree on what user account you use:
Obviously, you have to access the administrative account from time to time when you are the system administrator. The key is to use those elevated privileges only for the specific tasks that require them, and sign back out of the root account immediately after that. On a server, this usually means logging in as root at a virtual TTY console, doing whatever you need to get done as root, then typing
<Ctrl>+<D> to log out of the root account again.
The “substitute user” or “switch user” command (also sometimes identified as “superuser”),
su, allows convenient and secure access to the root account without having to log out of the current logged in user account on Unix-like systems. It is also commonly used to access normal, unprivileged user account environments from within a root account session by specifying the account whose user environment one wants to access.
Probably the most common use of
su these days is as a means of accessing the root account to perform administrative tasks without leaving an X Window System session. One can just open a terminal emulator and type
su, enter the password when prompted, and start working with root privileges.
This can provide additional security for remote connections too; the administrator can configure a system to disallow SSH logins as root, requiring a user to connect as some other user account and use
su to elevate privileges. This is a quick and easy way to stop remote brute force attacks agains the root account’s password. Some systems, such as FreeBSD, actually install SSH configured that way by default.
There is a great tool for securing and logging the behavior of users who need to perform limited administrative tasks called
sudo. Quite a lot can be done with this tool, and as such quite a lot can be said about it. It could, arguably, warrant a book of its own.