What does it means is it safe? I'm running zaid security Kali Linux os

It is showing

logged in as a privilege user
Running a session as privilege user should be avoided for security reasons. Of possible, you should login as a normal user
What it means is it safe?

You are probably using the root account with the toor password. the root account is actually the same as the windows administrator account. So you can run anything without verification. It is better to create a normal user and use sudo. (if security on your test VM is really important) You can also segment the VM from your regular network and just use root. But that is entirely your own responsibility.

1 Like

Please can you explain more… Is it necessary to create new Normal user and why… Please explain more
Thanks Edwin

“root” (aka “superuser”) is the name of the system administrator account. The origins of the name are a little archaic, but that doesn’t matter.

Root user has user id 0 and nominally has unlimited privileges. Root can access any file, run any program, execute any system call, and modify any setting. (But see below¹).

Prior to the invention of the “sudo” command, if you wanted to perform administrative tasks, you had to login as root, either by getting a login prompt² somehow, or with the su command (“su” being short for substitute user.)³

That’s a bit of a hassle, and also doesn’t let you give users partial administrative powers. So the “sudo” command (short for “substitute user do”) was invented.

The “sudo” command lets you execute commands with superuser privileges as long as your user id is in the sudoers file, giving you the necessary authorization.

So, e.g. sudo vi /etc/hosts would allow you to edit the hosts file as if you were running as root. You don’t even need the root password, just your own login password.

And of course, sudo su would allow you to simply become root. The result is the same as if you had logged in as root or executed the su command, except that you don’t need to know the root password but you do need to be in the sudoers file.

The sudoers file determines who can use the sudo command and what they can do with it.

The sudoers file is what gives you multiple administrators⁴. Effectively, your administrators are root, plus everybody listed in the sudoers file. Without the sudoers file, the only administrator is root.

In fact, in organizations where someone else administers your computer for you, it’s quite common to not know the root password of your own computer — as long as you’re in the sudoers file, it doesn’t matter.

At one company I worked for, with a ginormous server farm, only a very, very small number of people knew the root passwords. Instead, there was a database of who was allowed to work on which servers. An automated process would add you to the sudoers files of those servers you were authorized to access, and remove you when your authorization expired.

When you run an application that requires root privileges, sudo will ask you to input your normal user password. This ensures that rogue applications cannot damage your system, and serves as a reminder that you are about to perform administrative actions which require you to be careful!

1 Like

Thanks Edwin

Hello, when I created a new non root user after that I try to login as root then enter passwd it says wrong password what does it means I type right password…

If you are logging into the new user account and it is not letting you run sudo it may be a permissions or group issue. I’ve had some trouble with permissions but as long as they are in the sudo group they should be able to run commands as root using sudo. I’m not very experienced with Linux but like i said, in the past, it usually turned out to be something I did when configuring permissions or groups.