LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-27-2006, 01:39 PM   #1
tim1348
Member
 
Registered: Oct 2006
Distribution: Slackware 11
Posts: 46

Rep: Reputation: 15
Logging on as Root


Is it really so bad to sign on your system as root? I was installing something the other day and it said I was taking chances being signed on as root. I also read here and there that it is a bad idea, but how many people actualy dont sign on as root?
 
Old 12-27-2006, 01:48 PM   #2
pljvaldez
LQ Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094

Rep: Reputation: 271Reputation: 271Reputation: 271
I don't and I would bet that most anyone with more than 10 posts here doesn't sign on as root either...

Signing on as a "Super User" like root is one of the reasons why Windows security is so bad. Think of it this way: you go to a website and that website has some java script that will delete a bunch of files on your machine (not a java programmer, so maybe that's not possible). If you are root, then that script can do whatever it wants. If you are joeblow, he can only delete files he owns. He can't modify system files or rm -fr / (delete the entire file system structure).

And that's beside the fact that if anyone cracks your password while you login as root that they have total control of your machine.

Last edited by pljvaldez; 12-27-2006 at 01:49 PM.
 
Old 12-27-2006, 02:04 PM   #3
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
If you use the root account for normal computer tasks then you may as well be using Windows XP Home. One of the main reasons that people and businesses use Unix or Linux is because of the security. Much of that security is based on separation of privileges. In other words the normal user account(s) cannot perform certain tasks. These tasks include reading files from other people's accounts, installing software at the system level, and changing system configuration settings. If you use the root account to browse the web, for instance, then a malicious Java script could install a program on your system. If you are browsing the web in a normal user account then that same malicious Java script can only put files into places that your user account is permitted to write into. If you are smart and have your home directory on a separate partition and mounted with the noexec option then the malicous Java script cannot run any software that it downloads into your user account home directory. You can do the same thing with the /tmp and /var/tmp directories. That would make it very difficult for a malicous Java script to download and run software on your machine.

Software installation isn't your only concern. Java scripts can work within your web browser to scan your files and download any files that appear to be interesting. If you keep your finances on your computer then financial software always keeps its information in well known places and in files with well known names. It is possible for Java or Java Script applications to look for these sorts of files. If you keep your resume on your computer then the same thing is possible. This is why, even when you use Linux or Unix, you should have one account that is for network access and another account with your personal information. The network access user account should not be able to see the filee in the home directory of the account that has your finances and resume and your email.

So the point of NOT using the root account for normal computer usage is to establish a level of security that is generally not available using other operating systems.

As I implied, even Linux security can be enhanced after it is installed. You can make a container file for the /tmp directory and another for the /var/tmp directory and mount them through a loop device with the noexec option. You can keep your home directory on a partition separate from the / partition and mount it with the noexec option. You can change the permissions on the /home directory to be owned by root:users and with access of 710 or 740. If you do these four things then your Linux system will be 1 million percent more secure than most Linux systems.

So you don't use the root account for normal computer usage because you want the separation of privileges that comes with using a normal user account for normal tasks.

Last edited by stress_junkie; 12-27-2006 at 02:14 PM.
 
Old 12-27-2006, 02:05 PM   #4
Robert Diggs
Member
 
Registered: Dec 2006
Location: Florida
Distribution: The ones that come in magazines and books.
Posts: 136

Rep: Reputation: 15
It can be if you're on the internet. If you're logged on as a SU (root/super user) and somebody tries to execute a command that would normally not be executable as a user. It's for your safety, really. If you're not on the internet, I wouldn't worry about it. The only way I would worry about it is if you have other people who use the computer along with you. It's possible they could execute something as an SU and it coudl screw you over.

Regards,

Brandon
 
Old 12-27-2006, 02:12 PM   #5
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
The separate root (or admin) account protects you from the outside, but also from yourself Part of the power of Linux is the ability to totally mess up a system with a few simple commands. Especially in the CLI, there is no undo, trash, etc. What is done is done, and mistakes are reversible only with great effort--if at all.

Turn the question around: Is there any good reason TO run as root? I know of none. In the CLI, I can become root in 10 seconds ---- small price to pay for the protection provided.
 
Old 12-27-2006, 03:54 PM   #6
tim1348
Member
 
Registered: Oct 2006
Distribution: Slackware 11
Posts: 46

Original Poster
Rep: Reputation: 15
Ok, I made a regular user account, lesson learned.
 
Old 12-27-2006, 06:23 PM   #7
jstephens84
Senior Member
 
Registered: Sep 2004
Location: Nashville
Distribution: Manjaro, RHEL, CentOS
Posts: 2,098

Rep: Reputation: 102Reputation: 102
As mentioned the only time I run as root is for installing software. Other than that no need to. It is also a good habit to get into, some company admin's get jumpy for logging in as root as well as they should be. And while you may think you won't do nothing bad, there comes that one time when you get proven wrong. I have done that recently on a test machine at home.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
logging in as root tm2383 Mandriva 9 12-19-2006 05:06 AM
logging in as root unklekoolaid Ubuntu 9 09-01-2006 12:10 PM
logging in as root M O L8ingN2dust Ubuntu 24 01-16-2006 05:49 PM
using red-carpet without logging out and logging as root. packman Linux - Software 1 12-09-2002 03:55 AM
Logging in as root Optimus Linux - Newbie 16 07-10-2002 12:37 PM


All times are GMT -5. The time now is 08:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration