Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Is it really so bad to sign on your system as root? I was installing something the other day and it said I was taking chances being signed on as root. I also read here and there that it is a bad idea, but how many people actualy dont sign on as root?
I don't and I would bet that most anyone with more than 10 posts here doesn't sign on as root either...
Signing on as a "Super User" like root is one of the reasons why Windows security is so bad. Think of it this way: you go to a website and that website has some java script that will delete a bunch of files on your machine (not a java programmer, so maybe that's not possible). If you are root, then that script can do whatever it wants. If you are joeblow, he can only delete files he owns. He can't modify system files or rm -fr / (delete the entire file system structure).
And that's beside the fact that if anyone cracks your password while you login as root that they have total control of your machine.
If you use the root account for normal computer tasks then you may as well be using Windows XP Home. One of the main reasons that people and businesses use Unix or Linux is because of the security. Much of that security is based on separation of privileges. In other words the normal user account(s) cannot perform certain tasks. These tasks include reading files from other people's accounts, installing software at the system level, and changing system configuration settings. If you use the root account to browse the web, for instance, then a malicious Java script could install a program on your system. If you are browsing the web in a normal user account then that same malicious Java script can only put files into places that your user account is permitted to write into. If you are smart and have your home directory on a separate partition and mounted with the noexec option then the malicous Java script cannot run any software that it downloads into your user account home directory. You can do the same thing with the /tmp and /var/tmp directories. That would make it very difficult for a malicous Java script to download and run software on your machine.
Software installation isn't your only concern. Java scripts can work within your web browser to scan your files and download any files that appear to be interesting. If you keep your finances on your computer then financial software always keeps its information in well known places and in files with well known names. It is possible for Java or Java Script applications to look for these sorts of files. If you keep your resume on your computer then the same thing is possible. This is why, even when you use Linux or Unix, you should have one account that is for network access and another account with your personal information. The network access user account should not be able to see the filee in the home directory of the account that has your finances and resume and your email.
So the point of NOT using the root account for normal computer usage is to establish a level of security that is generally not available using other operating systems.
As I implied, even Linux security can be enhanced after it is installed. You can make a container file for the /tmp directory and another for the /var/tmp directory and mount them through a loop device with the noexec option. You can keep your home directory on a partition separate from the / partition and mount it with the noexec option. You can change the permissions on the /home directory to be owned by root:users and with access of 710 or 740. If you do these four things then your Linux system will be 1 million percent more secure than most Linux systems.
So you don't use the root account for normal computer usage because you want the separation of privileges that comes with using a normal user account for normal tasks.
Last edited by stress_junkie; 12-27-2006 at 02:14 PM.
Distribution: The ones that come in magazines and books.
It can be if you're on the internet. If you're logged on as a SU (root/super user) and somebody tries to execute a command that would normally not be executable as a user. It's for your safety, really. If you're not on the internet, I wouldn't worry about it. The only way I would worry about it is if you have other people who use the computer along with you. It's possible they could execute something as an SU and it coudl screw you over.
The separate root (or admin) account protects you from the outside, but also from yourself Part of the power of Linux is the ability to totally mess up a system with a few simple commands. Especially in the CLI, there is no undo, trash, etc. What is done is done, and mistakes are reversible only with great effort--if at all.
Turn the question around: Is there any good reason TO run as root? I know of none. In the CLI, I can become root in 10 seconds ---- small price to pay for the protection provided.
As mentioned the only time I run as root is for installing software. Other than that no need to. It is also a good habit to get into, some company admin's get jumpy for logging in as root as well as they should be. And while you may think you won't do nothing bad, there comes that one time when you get proven wrong. I have done that recently on a test machine at home.