LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Why not run always login as root? (https://www.linuxquestions.org/questions/linux-general-1/why-not-run-always-login-as-root-206327/)

KaptinKABOOM 07-17-2004 03:26 PM

Why not run always login as root?
 
On my home system, and one of the computers in my work place, I login and use the root account as if it were well pritty much My login account. In the workplace I can understand that it is a good idea to not do this becuase it can lead to a compramise in security if you left the computer on without logging out or a number of other things.... But for my home machine I cannot really se anything wrong with it.

So in general I was just wondering how many people on their personal machines just log in as root all the time? and also what are somne good reasons for/against this practice?

zz9pluralzalpha 07-17-2004 03:39 PM

Should you be unfortunate enough to find yourself at a command prompt, it can be a little dodgy... e.g.

Code:

rm -Rfv /*
instead of
Code:

rm -Rfv ./*
Not very likely but not worth the risk when you can use sudo. Most distros don't come setup to create ordinary users with sudo privalidges. They really should.

ranger_nemo 07-17-2004 03:45 PM

It's not just the damage to your data or system, it's the security of the whole internet. Look at all the zombified boxes that have been used in the past to attack websites and infrastructure. If somebody slips you a nasty, and you run it as root, it gets full control of you system, and can be used to do whatever that somebody wants.

Jose Muņiz 07-17-2004 04:39 PM

Yes exactly. By not running as root you are forcing the important operations on your computer (delete important files, start/stop some services, etc) to be done once you use a password for it. In that way there's no way a virus can do that harm. It would need your password.

And well it actually makes you be more organized. Because in that way you store some things in different places depending ont he permissions, etc.

However, some things in my fstab like my CD unit, I allow every user in my computer to mount it and umount it at will. But I do like how things are done otherwise.

osvaldomarques 07-17-2004 06:40 PM

Hi KaptinKABOOM,

As already said, the most important thing is protect yourself of little mistakes of the day to day. I have a customer where mainly all administration routines are automatized. Each customer open his/her session, works and nobody cares about temp files, disk space and etc. However, sometimes, for any hardware or software glitch, anybody has to execute some administrative function like as remove some lock file which was left for some reason. When the most experienced user went to vacation, he passed his cook book to another person. That days. 1994, the home for root in the system V was "/" (root, of course). So, that person got the cook book, opened a root session and entered
Code:

rm /usr/printers/ *
, closed the session and went to his normal affairs. A half hour late I was called because the system was hang. That time, installation were done from qic tape. There was no cds, etc. I spent two days to bring the system back. Today the things are faster and more comfortable but, your lost data is lost.
This kind of mistake on root make us miserable, as any user you will just see one or many messages alerting you it can't obey you.
Other issue is familiarity. If you always can do all on your main system without acknowledge because you are root, when you go to another system, you will feel yourself as a "fish out of water" because all you frequently does will be denied to you. All the instructions you give to somebody won't work because they probably don't work normally as root.
To talk about security, is to be redundant! No one user instead of root can do great harm to your system.

Good luck.

Mega Man X 07-17-2004 07:28 PM

It can also be quite annoying to run some applications as root. While some won't open at all, some (as Xchat) will pop up a text warning you to do not run it as root, etc...

KaptinKABOOM 07-17-2004 08:16 PM

Ehhh yeah I am seeing that running as root might not be such a good idea I guess IT cannot be that much harder to make myself an account but honeslyt I like having total and comeplete control over my computer, the idea of having to type a password every time I change permissions of a file or delete a file is kind of well distasteful to me. Although on the other hand the Idea that it's generally more organized to make another account does make alot of sense.

zz9pluralzalpha 07-18-2004 06:50 AM

Code:

man sudoers
There's a NOPASSWD option. You just have to type sudo whatever to execute whatever as root. E.g.

Code:

ADMIN ALL = (ALL) NOPASSWD: ALL
And of course, you can always su - root when you need to. You still have total control.

frob23 07-18-2004 07:23 AM

You won't need to enter a password each time you want to change permissions or delete a file. Most of the files you will be working with you will own... so you can do what you want to them. Now... if you want to delete a library in /usr/lib or something... then you will need to enter a password.

Don't be confused. You still have complete control over your machine. You are just segregating that power into the areas where you need it and the ones you don't.:cool:


All times are GMT -5. The time now is 06:34 AM.