LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 08-01-2005, 09:56 AM   #1
puishor
Member
 
Registered: Jun 2005
Location: Bucharest
Distribution: Debian,Knoppix,Slackware
Posts: 91

Rep: Reputation: 15
my root


Hi !

all smarty linux books said that
"do not work as root for day by day stuff"
In Mandrake as far as I remember , if you login as root in KDE , backround if RED , there is no right-click menu.... this is to prevent you being logged as root.
Also, the new one , I installed xchat , and when I login in it , I get the message
"It is stupid to login in xchat as root"
( meaning , you a an idiot if you start xchat , and you got root privileges ... )

why all are so scary of root account ?

I work already for a year in Linux , and always only as root ( I have no other users ).
I use my linux box as a Desktop , at work and at home.
I am the only user that uses this PC (with linux )
And all is OK. No scary aliens invading the planet....

Well.. here is my question:
What it is stupid to start xchat as root ?
What could happen in worse case ?
Will my PC explode ? Will the 3 rd world war start ? ( LOL )
Could someone log in my system through xchat ?

I am really confusing... and frustrated ( especially because that little program said that i am an idiot )

Any suggestions are welcome.
 
Old 08-01-2005, 10:00 AM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 269Reputation: 269Reputation: 269
Your exposing your root account to the world, opening yourself up to vulnerabilities. root is almighty, what your doing is like leaving the key to your house under your front door mat, easily accessible to some but the stupid might not be able to find it.

At a minimum, simply su - when you need root's privileges or be even more secure and setup sudo, where you don't need to even use root's password at all.

You might think it's harmless but I'll be damned when you get cracked and the attackers use your box that's connected to the internet to attack other vulnerable hosts out there.
 
Old 08-01-2005, 10:27 AM   #3
Half_Elf
LQ Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 46
Linux / Unix have a very good user seperation, as opposite to Windoze. As a "normal" user on a Linux system, you can't modify any system files, you only have write access to your home, you can't install a "system wide" application, etc...

This is the MAIN reason why linux is so secure and why there is no virus (almost) attacking linux. To make a virus that could work against a Linux system, you would need to find an exploit that allow you to get a root access and that kind of access are very rare on an updated system. But if you run as root... the "attacking virus" wouldn't need an exploit and could corrupt your system easy. That's why it's uber dumb and not recommended to use root to do "usual" task like chatting and such.

Now you are thinking "ok yeah but I am not dumb I will not run anything suspicious". But it's very easy to make a remote computer to execute something, especially about web browsing and chatting. As example, some version ago (like 2 years ago) XChat had a big security hole that was used to make your XChat client to download and EXECUTE a file without the user to know about it.
In fact to make it simple, let's say : as a user, the worst thing that can happen to you if you execute something evil, is to delete your complete home folder. As root, if you execute something evil, you are deeply .... Your system files could be corrupted, your binaries rooted (trojanned) and so your system transformed in a router for spams.
 
Old 08-01-2005, 10:41 AM   #4
oneandoneis2
Senior Member
 
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,460

Rep: Reputation: 48
And along with the damage that could be done by malicious other people, there's the damage that a simple mistake on your part could cause.

For instance, if you want run "rm -rf /some/directory" but accidentally put in a space so you actually put "rm -rf / some/directory" - kiss your data goodbye, you've just deleted every file on your computer.

An ordinary user can't damage system files by careless mistakes. Root can. Hence running as root only when necessary will protect your files from simple typing errors.
 
Old 08-02-2005, 02:38 AM   #5
puishor
Member
 
Registered: Jun 2005
Location: Bucharest
Distribution: Debian,Knoppix,Slackware
Posts: 91

Original Poster
Rep: Reputation: 15
thanks for advices.
Now I must reconfigure my entire system so and other users could run all stuff that I installed and worked out as root
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL3 Mounting USB after reboot and between reboots: root and non-root users Luis Nunes Linux - Hardware 0 07-20-2005 08:32 AM
IntelliMouse thumb buttons work as root, broken as non-root user, wheel works always digital vortex Linux - Hardware 7 03-02-2004 04:14 PM
root files: create as root:root or root:wheel? pcass Linux - Security 1 02-07-2004 04:14 PM
cant resize root thru rescue, auto mounts root dir absolutal Linux - Newbie 0 06-18-2003 03:06 PM
Why does kppp.desktop require root userid for non-root user? rdaves@earthlink.net Linux - Networking 4 08-27-2001 09:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration