The use of the Linux Administration account (the root user) should be restricted to trusted users only. Through a PAM module called pam_console.so, some activities normally reserved only for the root user, such as rebooting and mounting removable media are allowed for the first user that logs in at the physical console.

Other important system administration tasks, such as altering network settings or mounting network devices, are not possible without administrative privileges. As a result, system administrators must decide how much access the users on their network should receive. It is also possible to deny root access through remote access using the SSH protocol.