Every Ubuntu installation since 6.06 has shipped with the root account locked. You can’t log in as root at the console or the graphical login screen out of the box—and that’s intentional. But there are situations where you genuinely need a root session, and Ubuntu 12.10 Quantal Quetzal is no exception. This guide explains how to enable it, how to make it work with the LightDM display manager, what the risks are, and why you should probably use sudo instead.
Why Root Is Disabled by Default
Ubuntu follows the principle of least privilege. Instead of giving users the root password, it grants administrative users access to sudo, which:
- Logs every privileged command to
/var/log/auth.log. - Requires the user’s own password, not a shared root password.
- Can be scoped to specific commands via
/etc/sudoers. - Times out after 15 minutes, so a forgotten terminal is not an open door.
Running as root full-time is dangerous. A single typo—rm -rf / home instead of rm -rf /home—can destroy the entire system with no confirmation prompt. Sudo forces you to be deliberate about each privileged action.
That said, some workflows (rescue operations, chroot environments, certain legacy scripts) are genuinely easier with a root shell. Here’s how to set it up.
Step-by-Step: Enabling Root Login
Step 1 — Set a Root Password
Open a terminal with Ctrl+Alt+T and run:
sudo passwd root
You will be prompted to enter a new UNIX password twice. Choose something strong—this account has unrestricted access to the entire system.
Step 2 — Test Root Access in the Terminal
Before touching the graphical login, verify that root works in the terminal:
su -
Enter the root password you just set. Your prompt should change from $ to #, and whoami should return root. Type exit to return to your normal user.
Step 3 — Allow Root Login in LightDM
By default, LightDM (the graphical login manager in Ubuntu 12.10) blocks root from logging in. You need to create a configuration override.
sudo nano /etc/lightdm/lightdm.conf
Add or modify the following lines under the [SeatDefaults] section:
[SeatDefaults]
greeter-show-manual-login=true
greeter-hide-users=false
Save with Ctrl+O, then exit with Ctrl+X.
Step 4 — Configure PAM to Allow Root
The PAM (Pluggable Authentication Module) configuration for LightDM may contain a line that explicitly denies root. Check the file:
sudo nano /etc/pam.d/lightdm
Look for a line like:
auth required pam_succeed_if.so user != root quiet_success
If it exists, comment it out by adding a # at the beginning:
# auth required pam_succeed_if.so user != root quiet_success
Save and exit.
Step 5 — Edit the GDM/Unity Greeter Profile (If Needed)
On some configurations, an additional PAM file controls the greeter. Check:
sudo nano /etc/pam.d/lightdm-autologin
Apply the same change—comment out any pam_succeed_if.so user != root line.
Step 6 — Restart LightDM
Apply the changes by restarting the display manager:
sudo service lightdm restart
This will drop you back to the login screen. Click Login or type root in the username field if manual login is shown, enter the root password, and you should land on a root desktop session.
Step 7 — Create a Root .profile (Optional)
Root’s home directory is /root. If this is your first time logging in graphically, some settings files may be missing. You can copy your user’s configuration as a starting point:
sudo cp ~/.profile /root/.profile
sudo cp ~/.bashrc /root/.bashrc
Security Implications
Enabling root login has real consequences. Consider these risks before leaving it active:
- No audit trail per user. If multiple people know the root password, you cannot distinguish who did what in the logs.
- Full exposure on login screen. Anyone with physical access sees “root” as a login option—they only need the password.
- Malware escalation. A process running in a root session has unrestricted access. In a sudo-based workflow, malware in your user session still has limited privileges.
- No timeout. A root graphical session stays root until you log out. There is no 15-minute timeout like sudo provides.
Safer Alternatives to Root Login
Use sudo for Individual Commands
For most administrative tasks, prefix the command with sudo:
sudo apt-get update
sudo nano /etc/fstab
Use sudo -i for a Root Shell
If you need an interactive root shell without enabling root login:
sudo -i
This opens a login shell as root, reading /root/.profile and /root/.bashrc. Type exit when finished.
Use gksudo for Graphical Applications
To run a GUI application with root privileges:
gksudo gedit /etc/fstab
This is safer than logging into a full root desktop session because only the single application runs elevated.
Use pkexec for PolicyKit-Aware Apps
Some modern applications support PolicyKit authentication:
pkexec gedit /etc/fstab
This triggers a graphical password prompt and logs the action through PolicyKit.
Reverting the Changes
If you decide to lock root again (recommended once you’ve finished your task):
Step 1 — Lock the Root Account
sudo passwd -l root
This places an ! in front of the password hash in /etc/shadow, effectively disabling the password.
Step 2 — Revert LightDM Configuration
Remove the lines you added to /etc/lightdm/lightdm.conf and uncomment any PAM lines you commented out in /etc/pam.d/lightdm and /etc/pam.d/lightdm-autologin.
Step 3 — Restart LightDM
sudo service lightdm restart
The system is now back to its default, sudo-only configuration.
Common Pitfalls
Forgetting the root password. If you set a root password and later forget it, boot into recovery mode from GRUB. Select the root shell option—it drops you into a root prompt without a password. From there, run passwd root to reset it.
Locking yourself out of sudo. If you edit /etc/sudoers incorrectly while experimenting with root, you may lose sudo access for your normal user. Always use visudo to edit that file—it validates syntax before saving.
Graphical glitches in root sessions. Some desktop applications were not designed to run as root and may display warnings or behave unexpectedly. The GNOME keyring, for instance, may fail to unlock automatically in a root session.
SSH root login. Setting a root password does not automatically enable SSH root access. That is controlled separately in /etc/ssh/sshd_config via the PermitRootLogin directive. Leave it set to no unless you have a specific need.
Final Thoughts
Enabling root login on Ubuntu 12.10 is straightforward—set a password, tweak LightDM, adjust PAM—but the Ubuntu project disabled it for good reasons. For the vast majority of tasks, sudo and gksudo are safer, more auditable, and perfectly sufficient. Enable root only when you have a concrete need, and lock it again when you are done.