LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 06-17-2006, 05:57 AM   #1
Sammael
Member
 
Registered: Jun 2006
Location: Slovakia, currently working in Liverpool UK
Distribution: Gentoo 2006.0
Posts: 97

Rep: Reputation: 15
what's so bad about being logged as root all the time...


Hi,

recently i told someone on some forum somewehere that i am running my distro logged as root. he went nuts...

so what's the big deal about running linux as root all the time? i mean, i understand it pose a great security threat, but hey, my computer is used by me ONLY and only network i'm part of is a few computers of my friends... and for internet i have my firewall switched on... because i thought in fact, i AM the administrator (root) of that particular system, so i do not see anything wrong about being logged in as root all the time.

the main reason for this was the incovenient typing of root passwd every 3 minutes... when i was logged in as ordinary user...

so PLEASE, correct me if i am WRONG...

thx

Last edited by Sammael; 06-17-2006 at 06:16 AM.
 
Old 06-17-2006, 06:13 AM   #2
binary_y2k2
Member
 
Registered: Jul 2005
Location: England, UK
Distribution: Ubuntu 8.04 Server, Kubuntu 12.04
Posts: 698
Blog Entries: 1

Rep: Reputation: 31
It's not a good idea to login as root ALL the time, if you need to use root commands use sudo and if you are in the sudoers file and the sudo group you won't need to type in a pass all the time. But that's really not the point, you don't want to be logged in as root all the time because (besids security risks) you are only human and 1 little typo and, boom, that's your system trashed. Use root only when you need root, which may not be as often as you think.
My distro (Ubuntu) has root account disabled by default, anything you need root for is done by sudo. And if I really need a root shell, I can just type "sudo -i" to get one.
 
Old 06-17-2006, 06:18 AM   #3
Sammael
Member
 
Registered: Jun 2006
Location: Slovakia, currently working in Liverpool UK
Distribution: Gentoo 2006.0
Posts: 97

Original Poster
Rep: Reputation: 15
i am well aware of that, but my point is: is there any other aspect of being logged as root?
 
Old 06-17-2006, 06:18 AM   #4
davcefai
Member
 
Registered: Dec 2004
Location: Malta
Distribution: Debian Sid
Posts: 764

Rep: Reputation: 32
So what happens if one of your friends has some malware which propagates over the network? (i hope you make regular backups).

Or how about if, as root, you're accessing the Internet and you download something nasty by mistake. It's going to run with root privileges.

The interesting thing is that you say you have to type in the password every 3 minutes. Why is that? Do you perform a sysadmin task every 3 minutes? Or are you accessing a directory which needs root privileges? If so change the permissions.

This is a "genuinely interested" answer. You shouldn't have this problem and it is fixable. Please respond.
 
Old 06-17-2006, 08:28 AM   #5
cs-cam
Senior Member
 
Registered: May 2004
Location: Australia
Distribution: Gentoo
Posts: 3,544
Blog Entries: 4

Rep: Reputation: 56
I run as a user and never need my root password. sudo is setup to use my users password and even then, a couple of times per day. You don't need to be root to mount external devices, you don't need to be root to mount and access Windows partitions.

The reason Windows machines get smashed by malware so often is because most of them run as an Administrator user all the time. If you run Win XP under a restricted user account you'll be safe, just as safe as using linux. Don't think for one second that linux is free from malware, that just isn't the case. There are nasty scripts, worms and rootkits that all do shitty things to your computer if you run as root. The list goes on but I don't have time to write a few pages on the topic, if you Google you'll find other people have done that for me
 
Old 06-17-2006, 08:46 AM   #6
nlinecomputers
Member
 
Registered: Aug 2005
Location: Midland, TX
Distribution: Ubuntu
Posts: 125

Rep: Reputation: 15
The danger is if someone manages to access your system they can quickly gain full control of it. I hope you really trust your friends. Because I could put a keylogger on your system in seconds if you are running as root. As for your firewall unless you are running two nic cards and you access your Internet via the second nic then you can't possibly have the correct setup for your firewall to work correctly. What's your IP address dude? I need a new zombie for my bot net. I'd bet serious money you are already compromised and don't even know it.
 
Old 06-17-2006, 09:26 AM   #7
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
Running as root could be likened to running a table saw without the blade guard. It is completely feasible but, statistically, you will eventually get bitten.

If you want to play with fire just to prove that you can get away with it, then by all means--go for it.....I just hope we don't read about you in the Darwin awards one day....
 
Old 06-17-2006, 10:31 AM   #8
boredandblogging
Member
 
Registered: Jun 2006
Posts: 62

Rep: Reputation: 15
I'm with davcefai on this one, what are you doing that requires you to be root? I can't remember the last time I logged in as root to do anything besides install something.
 
Old 06-17-2006, 11:58 AM   #9
Richie55
Member
 
Registered: Nov 2004
Location: UK
Distribution: Mandriva 2010.1
Posts: 128

Rep: Reputation: 15
I've read hundreds of time not to use linux as the root user unless you have to do something that reqires the root accout. I've altered the privaliges on many things so I don't have to keep using the root password.

Anyway my point is I've never had a problem with linux/security/malware and I followed the advice, although I don't know if any problems would have happened if I was root all the time, I'm not going to ignore so many experianced users advis and find out the hard way.

Secondly I've found a few things that have help, from kde-look I found a script that adds a right click option in KDE actions to open a ascii file as root, very useful for lerning what the config files are and altering them. as so I have a short cut on my desktop with the command: kdesu "konqueror" This opens a a home type windows with root so you can drag and drop files from one place to another easaly.

I would also like to ask a question here:
If I have a console open as su to root to do something, then use other apps with the console is still root, but not starting thm from th console, does this affest my security?

Thanks.
 
Old 06-17-2006, 01:15 PM   #10
ethics
Senior Member
 
Registered: Apr 2005
Location: London
Distribution: Arch - Latest
Posts: 1,522

Rep: Reputation: 45
Quote:
Originally Posted by Richie55
I've read hundreds of time not to use linux as the root user unless you have to do something that reqires the root accout. I've altered the privaliges on many things so I don't have to keep using the root password.
BAD! use sudo
Code:
man sudo
changing permissions gets you in a whole heap of trouble and renders the effectiveness of root to zero, as anyone able to access YOUR account can run system critical things.

Quote:
Originally Posted by Richie55
I would also like to ask a question here:
If I have a console open as su to root to do something, then use other apps with the console is still root, but not starting thm from th console, does this affest my security?

Thanks.
The above confused me a little but basically su'ing in a console renders you as root in THAT console session, anything run from it will be done so with root credentials, anything run OUTSIDE of that console will run as your normal user.
 
Old 06-17-2006, 03:12 PM   #11
Richie55
Member
 
Registered: Nov 2004
Location: UK
Distribution: Mandriva 2010.1
Posts: 128

Rep: Reputation: 15
Hey thanks, you know I've never know what sudo is, looks like it is actually quicker than su.

Sorry it was a confusing question, Thinking of a better way of putting it, if I'm logged into the console with su root, but not doing anything, does the fact root is logged in raise a security issue?

Thanks.

Last edited by Richie55; 06-17-2006 at 03:13 PM.
 
Old 06-18-2006, 12:14 AM   #12
davcefai
Member
 
Registered: Dec 2004
Location: Malta
Distribution: Debian Sid
Posts: 764

Rep: Reputation: 32
Quote:
does the fact root is logged in raise a security issue?
It shouldn't, as only processes launched from within that window should be running with root priviliges. After all a lot of processes are running with high r privileges in the background too.

As always, security and convenience do not map. My personal view is that I want/need to be secure and will sacrifice some convenience for this. Otherwise I'd run Windows.

I run all apps as user except for backup, file manager and k3b, which I sudo. However I often have a root terminal open for mounting and other things.

I wish the original Question Asker would come back to the discussion. I suspect that his attitude to root is a carry through from a Windows environment. In windows I run with admin priviliges all the time otherwise I may as well not start the PC.
 
Old 06-18-2006, 01:34 AM   #13
cs-cam
Senior Member
 
Registered: May 2004
Location: Australia
Distribution: Gentoo
Posts: 3,544
Blog Entries: 4

Rep: Reputation: 56
Quote:
However I often have a root terminal open for mounting and other things.
As I said, you don't need to be root to mount partitions. Just need to set up your fstab properly and any old user can do it.
 
Old 06-18-2006, 06:39 AM   #14
davcefai
Member
 
Registered: Dec 2004
Location: Malta
Distribution: Debian Sid
Posts: 764

Rep: Reputation: 32
Quote:
and any old user can do it.
But how about the youngsters?

(sorry, couldn't resist!)

By the way, happy Father's day to all fathers.
 
Old 06-18-2006, 01:37 PM   #15
marsm
Member
 
Registered: Aug 2005
Distribution: Ubuntu
Posts: 62

Rep: Reputation: 15
Quote:
Originally Posted by Richie55
Sorry it was a confusing question, Thinking of a better way of putting it, if I'm logged into the console with su root, but not doing anything, does the fact root is logged in raise a security issue?
Typing the full 16+ characters for my root password everytime I want to use something in /sbin just isn't an option, so I always have a terminal with su running.

The only security issue I can think of is: you mark rm -rf / with your mouse, then switch to the desktop with the root window open, copy it into there with a middle-click and then hit enter ... unless you're showing suicidal tendencies or want to show your box who the boss is once in a while, it seems unlikely that it's going to happen, huh?
 
  


Reply

Tags
user


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postgresql is giving me a VERY BAD time, help very much needed AlexSapec Linux - Software 1 02-22-2006 08:30 AM
First Time Poster Installing Suse... bad disk? surfsteve Suse/Novell 6 02-01-2006 09:50 AM
First time in 7 years isn't bad I suppose... fouldsy General 1 10-26-2005 04:13 PM
NetRaid 1M . Got bad time whit Kernel 2.6 ? Adylas Linux - Hardware 8 07-22-2005 08:21 AM
/me messed up grub.... (really bad this time....) x12344321 Linux - Software 3 04-19-2004 06:42 PM


All times are GMT -5. The time now is 10:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration