A Brief History of Unix and Linux - The Problem with Root
In the 1960s, Unix was created by a multi-organizational effort to develop a dependable time-sharing operating system. The Unix system fostered a distinctive approach to software design – solving a problem by inter-connecting simpler tools, rather than creating large monolithic application programs. The Unix development and evolution led to a new philosophy of computing, and it has been a never-ending source of both challenges and joy to programmers around the world.
After four decades of use, the Unix OS is still regarded as one of the most powerful, versatile, and flexible operating systems in the computer world. Its popularity is due to many factors, including its ability to run a wide variety of machines, from micros to supercomputers. IT also fell in love with its portability, all of which led to Unix’s adoption by many manufacturers. Universities began using Unix for research, but over the years enterprises embraced Unix and began using Unix to run databases and other business applications.
As time went on, more and more business critical assets were being managed by Unix. Because universities used Unix to create a collaborative environment, access to high-privilege administrative accounts in Unix was based on little more than trust. While this made sense to education users, it had the opposite effect on the business world where protecting access to confidential information is vital to survival.
Over the last four decades, the foundation of IT systems management has been built on the concept of the administrator. Whether root on a Unix or Linux system, or a DBA or Windows administrator, the administrator role gives the user the power to configure virtually every aspect of a system. Even though the administrator role is considered to be the highest level of privilege, access to such privilege is protected by the simplest of controls, such as knowledge of a root password. The root or administrative account has historically been shared among a group of trusted individuals, making it virtually impossible to track the actions of any specific user of this group. Though this scenario was ideal for university use, the IT risk to enterprise use was obviously problematic.