Can Root/Superuser Read My Read-Protected Files? – Security Insights

'root' is traditionally the name given to the user account with superuser level rights. In this respect they are one and the same, though there is no rule that I know of that says that the superuser account must be called root.

It may be that the account was named 'root' due in part to the fact that only the superuser has write permission to the root directory (/)

The Windows Administrator account is not analogous to the Unix superuser account since there are restrictions on what a Windows Administrator can do. The analog to root on Windows NT based OSes is the SYSTEM account, which cannot be used by an interactive user.

The command line you are suggesting is secure.

All other things being equal, "normal" anonymous pipes (created with the pipe(2) system call or the shell's familiar | syntax) are always going to be more secure than named pipes because there are fewer ways for something else outside the system to get ahold of either one of the ends of the pipe. For normal anonymous pipes, you can only read or write from the pipe if you already have in your possession a file descriptor for it, which means you must either be the process that created the pipe, or must have inherited it (directly or indirectly) from that process, or some process that had the file descriptor deliberately sent it to you through a socket. For named pipes, you can obtain a file descriptor to the pipe if you don't have one already by opening it by name.

On operating systems like Linux that have /proc there is always the possibility that another process can peek into /proc/pid/fd an access file descriptors belonging to a different process, but this is nothing unique to pipes (of whatever kind), and for that matter they can peek into another process' memory space too. The "peeker" must be either running under the same user as the subject or root, so it's not a security problem.