LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-10-2010, 07:10 AM   #1
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,551
Blog Entries: 28

Rep: Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176
GUI as root or not and why?


Hello

LQ posts have often stated that root should not run a GUI desktop. What is the reason for this?

Best

Charles
 
Old 02-10-2010, 07:26 AM   #2
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,921

Rep: Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049
Hi Charles, with the understanding that "root can do ANYTHING!" let me ask you:

Does your screensaver need root privileges?
Does your clock applet need root privileges?
Does your music jukebox need root privileges?
Does your sudoku game need root privileges?
 
Old 02-10-2010, 07:57 AM   #3
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
Various people will give different answers---here is mine only: The GUI environment makes things easy---dragging files to copy, move, delete, etc.---. That means that is also makes it easy to do BAD things. If I am in a terminal, I tend to think more like an admin---even if I have not switched to root.

So---yes, it is not a good idea (But I have KDM set to allow root login.)
 
Old 02-10-2010, 08:06 AM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
If your distro has a gui configuration utility, then you can use that graphical utility. For example openSuSE's yast2 and Mandrakes MCC.

If your distro uses policy kit, check if there is a policy where you can approve automatic online updates as a regular user.

You could even ssh -X into a machine remotely, then either su to root or use kdesu/gnomesu to launch that systems gui administration program.

So you can have the convenience of a graphical interface without logging in to a desktop environment as root.

Last edited by jschiwal; 02-10-2010 at 08:08 AM.
 
Old 02-21-2010, 11:45 PM   #5
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,875

Rep: Reputation: 62
I think that if you happen to be the only user, as I am, there is no reason to set root logins to false. Unless you have a habit of either doing unwise things or logging in as root inadverdently, surely you can trust yourself to stay out of root. Is it really necessary to hide root from yourself?
 
Old 02-22-2010, 10:28 AM   #6
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,921

Rep: Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049
Quote:
Originally Posted by newbiesforever View Post
I think that if you happen to be the only user, as I am, there is no reason to set root logins to false. Unless you have a habit of either doing unwise things or logging in as root inadverdently, surely you can trust yourself to stay out of root. Is it really necessary to hide root from yourself?
It is not about preventing freedom... it is about providing a "sane default."
 
Old 02-22-2010, 10:42 AM   #7
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,551
Blog Entries: 28

Original Poster
Rep: Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176
Thanks all for your replies

I wasn't wanting to start up the old debate about why we should or should not work as root.

I wanted to know what are the specific dangers of running GUI/desktop as root. Is it any more dangerous than using root at the command line?

In the Windows world, sysadmins of corporate trees of domains -- responsible for perhaps tens of thousands of servers and workstations around the globe -- routinely work from a GUI/desktop without AFAIK frequent disasters. Is there something about Linux GUI/desktops that makes them less secure than Windows?

It happens so often that someone posts about never using a GUI/desktop as root and usually get a few sage nods of agreement. Maybe it's good advice; I'd just like to know "why?"
 
Old 02-22-2010, 11:05 AM   #8
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,921

Rep: Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049
Quote:
Originally Posted by catkin View Post
I wanted to know what are the specific dangers of running GUI/desktop as root. Is it any more dangerous than using root at the command line?
Yes. See post #2. When you log in as root, every single application and process, from your sudoku game to your instant messenger, has complete and unrestricted access to make system-wide changes affecting all users, with no prompt to the user.

To give one specific example, if you browse the web while logged in as root, then a malicious webpage has full and complete access to your machine. If you are logged in as a regular user, only your /home is compromised.

To me, the question is not "why would you not surf the web as root?" but "why would you surf the web as root?"
 
1 members found this post helpful.
Old 02-22-2010, 11:46 AM   #9
TheStarLion
Member
 
Registered: Nov 2009
Location: UK
Distribution: Gentoo
Posts: 472

Rep: Reputation: 41
A way I've always found best to describe it, much to some people's annoyance, is to compare it to Windows XP:

Root is like Administrator - he can do anything and everything, without a care in the world. If someone gets hold of your root password and can log in, so can they.
Normal users are like the limited users on XP, with the exception that they can use su/sudo/gksu/kdesu so run commands with root privileges as necessary. (And they don't have the screwed up XP file permissions, but that's hardly relevent.)

HTH.
 
Old 02-22-2010, 12:48 PM   #10
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,551
Blog Entries: 28

Original Poster
Rep: Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176
Quote:
Originally Posted by snowpine View Post
Yes. See post #2. When you log in as root, every single application and process, from your sudoku game to your instant messenger, has complete and unrestricted access to make system-wide changes affecting all users, with no prompt to the user.

To give one specific example, if you browse the web while logged in as root, then a malicious webpage has full and complete access to your machine. If you are logged in as a regular user, only your /home is compromised.

To me, the question is not "why would you not surf the web as root?" but "why would you surf the web as root?"
Ah, thank you -- the penny is beginning to drop <== closest smiley we have to a penny.

It hadn't crossed my mind to access the Infernet as root! That would be unthinkably insecure I was only thinking of running sysadmin tools like a local file browser ...
 
Old 02-22-2010, 04:15 PM   #11
kschmitt
Member
 
Registered: Jul 2009
Location: Chicago Suburbs
Distribution: Crux, CentOS, RHEL, Ubuntu
Posts: 96

Rep: Reputation: 23
Quote:
Originally Posted by snowpine View Post
To give one specific example, if you browse the web while logged in as root, then a malicious webpage has full and complete access to your machine. If you are logged in as a regular user, only your /home is compromised.
For the longest time the really big danger/dumb thing was to irc as root.

Irc clients tend to be worse than web-browsers when it comes to security stuff

Some irc servers will kick you out with a nasty message to educate yourself if you try and connect as root even.
 
  


Reply

Tags
desktop, root


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
log into the gui as root ronss Suse/Novell 2 07-31-2007 12:44 PM
root login to GUI Red Barchetta Linux - Newbie 1 03-19-2007 04:58 AM
root permissions via GUI nick1 Linux - Newbie 2 03-01-2006 02:37 PM
Help with using GUI as root Nei125 Linux - Newbie 6 02-25-2005 03:39 PM
no GUI except as root gvaught Debian 8 07-04-2004 07:41 AM


All times are GMT -5. The time now is 07:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration