This post assumes that you know a few things about Unix-based operating systems. You will need to know about su and sudo as well as what the root or superuser is.

Some people know this, and some people don’t. On Ubuntu-based systems, by default, the root user has a complex, randomly generated password and is generally not used. The idea is to have a “sudo-capable” user that is able to do root tasks with the “sudo” command. It allows you to be root for one command and requests your password instead of the root password. That way, the root password isn’t shared. If a virus attempts to use sudo, it meets a password dialog.

If you try to use su, which basically gives you the terminal of another user, you have to type their password. If you try to use su to be root, you would have to know the complex root password. This isn’t so if you type “sudo su”. That gives you the root terminal without requiring the complex password.

I think that this is a minor security flaw as it defeats the point of the complex random password that is set to the root user by default.