I have been using linux for three years solidly to develop websites, c# software, graphics, 3d animation, adminstrate a service here and there, skype etc etc... I use linux as my primary OS at home and I develop using linux partially at work. And I run as root. Always have.

Yet my peers at work shake their heads at me and I have read numerous posts with severe warnings against doing this.

Yet three years down the track I am yet to have a single negative experience of running as root, and the arguments against doing this are very vague at best.

The most clear example I have heard of is: rm -rf /

Yet, in previous years I have always had the right to do a: format c: /s and no-one in the windows world felt passionately about it.

Maybe someone can shed some light here and maybe show some practical examples of how running as root can be a danger.

I believe the member "Woodsman" puts it best in his breif essay here.

A good essay. He mentions the possibilty of user accounts perhaps after being connected to the web. This makes me curious as to how I can be exploited, especially behind my routers firewall.

And I as the high-priest have to say that Woodsman needs to grow up.

;}

It's like saying "I've been driving my car without a seat-belt for
the last 10 years" and I feel safe. Running as root is (and will be)
considered bad practice if one has half a brain.


Cheers,
Tink

Ok, yes the sentiment has been expressed many times in the past. But I'm looking for practical reasons. My OS doesn't have a seatbelt, so we can rule that one out.

I'm not a big fan of linspire but i read some interesting interviews with Michael Robertson and he touched on the subject quite a few times. I'm not going to quote him and stuff like that. There is a lot on this subject on the web.
IMHO, generally speaking the only downsides of running as root are typing errors. Not paying attention and doing something stupid. As far as malicious software, there are a bunch of steps you would have to go thru to get the software installed on the system, that hopefully by then you would have enough sense to double check the files and make sure you know what you are getting ready to run.
That being said, it just seems like bad practice running as root. Overall, the computer is still generally safe, as long as the PICNIC (Problem In Chair Not In Computer) and PEBCAK (Problem Exists Between Keyboard and Chair) drivers are good. But it's prob not a good idea.

Doing it as a home/solitary user has less ramifications than say if you were in an office full of machines whereby leaving your terminal logged in (when you leave/go to the bathroom) could spell serious trouble for you when your account is used to delete half your corporate files.

Personally i use Sudo, but i like SOMETHING that reminds me that what i am doing is pretty important and requires full attention.
If i could run any command will-nilly i'd get complacent and make mistakes. or for that matter if i was ALWAYS root and i was scrolling through my shell history and executed the wrong command, more trouble. Or if i run a rogue file (after stupidly chmod'ing it...) as root, that's disasterous, as a user, it's not nearly as bad.

These are my reasons for keeping a similar policy of root/sudo logins for admin tasks, there are plenty of reasons on the other side of the fence such as time and ease, but as soon as you start sacrificing security for ease of use and time saving, you're on a downward spiral.

I wasn't aware it was a priesthood I was in. Where's my ornamental robe and harem of altar boys!?

That said, Unix is a multi-user operating system. It was designed as such and intended to be used as such. The existence of "root" is a compromise on this design to allow certain actions which must be able to be performed but should not be performed by everyone. These are system administration type actions.

In all fairness, if you have learned to use Unix well, you should not need to use the power of root on a daily basis. And surely not more than once a day -- every day. Sure... once in a while you'll be doing something which will require you to step into the power of that office but if you're doing it everyday... you're doing something wrong.

For example, on my system, I use sudo (consider it like becoming root) about once a week. And that is just to update my OS sources and ports tree. And then about once every two weeks I'll use it to update a bunch of the packages and programs on the computer. I do not need root to shutdown the computer (add yourself to the operator group) or to mount CDs or even burn them.

There is rarely a reason that I need to use root. But does this mean I should not be using root. Not having a need to use something does not mean that it is wrong to use it. Well, aside from the fact that not being root keeps one from having a stupid typing mistake ruin one's week -- it happens -- there are other reasons to not use root.

Files created while running a process are owned by the user who ran the process. This can result in a wedged state should you ever use a regular user account... where you can't actually do anything because files are created with the wrong group (or user) ids. Certain program will refuse to work at all if you are root, they dump out saying it is insecure to run them as root and to use a user account. It is easy to "pollute" your filesystem accidentally and to be unable to clean it up completely. For example, if you have ever unpacked an archive which did not create its own directory but instead unpacked into the current directory. If you accidentally did that in /usr/bin, you would have no way of sorting out what was what -- especially if it was a big file. As a regular user, this would be impossible and it would also create files with your own ID so sorting it would be easier if you managed to do it in the first place.

In that same situation, if the file had a file called "who" you would suddenly find one of your system binaries wiped out. And it could take weeks to notice an infrequently used binary no longer exists... long after you forgot what you did to cause it.

There are tons of valid reasons to not use root for everyday tasks. From security to common sense. Root exists only for system administration related tasks. To use it otherwise is to demonstrate that you probably shouldn't have access to it in the first place. But it's your computer... so I won't tell you how to live your life. But you'll find yourself hard pressed to ever join the "priesthood."

Well, here's one practical reason. If you run format c: on your single user PC you'll smack yourself on your forehead in frustration, dig out your backups (you do back up right?) and get back on line in a few hours.

If I, as root, do something that takes down one of my servers, I stop many people from doing their work and the cost is exponentially more. Even if I get my system back up in a couple of hours the cost is the number of users waiting multiplied by those couple of hours added to the cost of the data lost between the system going down and the last back up. Plus the cost of me looking for a new job...

Do I run as root? Yes, on this machine as it's the one I try things for people when they ask on a forum.

Am I on a company network? No

Do I have backups? Yes!

When is the last time I trashed the box? This afternoon,
the yum update wouldn't proceed because of a neon dep. So, I excluded that package and the machine wouldn't boot into X after that. Took ten minutes to restore from my latest partimage backup.

Do I run as root on all boxes? No, don't need to.

Do I think everyone should run as root? No, don't need to.

Ultimately, you are the boss and it's up to you.

There is absolutely no way an experienced user needs anyone's okay to run his computer anyway he/she wants. You are trolling. It is completely unreasonable for people to suggest everyone run their *nix computer as root. Also note your smug dismissal of the seatbelt analogy.
I vote complete troll.

Trolling? No I'm not.

I am very much interested in this debate as previous arguments have been very hazy and more about people's feelings rather than practical pitfalls.

If you are questioning whether I am a serious linux user or a troll, please take a look at my previous posts and the tone of them. My current project involves the creation of a linux based audio/video player using technologies such as mono, sdl.net, gtk and pango.

If you thought my answer to the moderator was cheeky, well it wasn't intentional, just light hearted as his was.

With that, back to the debate at hand. And thank you all for the reponses so far. There is some good advice in them.

Okay, address the issue of ignoring obvious safety features.

Well since posting this and reading the various responses, two things seems to be quite obvious and interesting:

1) Running as root if you are an administrator in charge of a network is definately a bad idea. As I think about it more, I would put this down to some particular dangerous situations, eg: If a server was mounted on a folder under another server, and rogue delete removed it, the potentional is there to destroy information across multiple machines. I see this as quite valid.

2) The second type of argument presented here is the use of a user account and the occasion of skipping into root with su or sudo. Where I probably discredit these so far is that using su shows an intention of action. Whether I am doing a su or am already logged in as root, I am going to perform the same action either way and the results of my actions will be same, will they not? Or am I mistaken about sudos power?

I think you are right that su - is just as dangerous as logged in from the get-go as root. That yum update would have been just as bad in a su - situation.

Just for good practice sake, I don't promote the idea of running as root any more than needed.