Logging in as Root
 

I know I have been told not to do it.

I want to know if you create two user root and you normal user do you need to give two different password?

Thanks

UPDATE: Could you have a file manager to be able to open it as root (Like Thunar) I think I will make things easier to administrate and anything you move or open it will open it as root.

One Password, Multiple Accounts
 

You can use the same password for multiple user accounts, even root.

On some development systems I create several accounts and use the same password for ALL of the accounts. Security is not an issue and I'm the only one using the system. It makes it simple for me.

It is considered safest to always use an account with "user" privileges. Then, when you need to do something "out-of-the-ordinary", you acquire root for that task only and then relinquish it as soon as you can. Nowadays the best technique for this is to use the sudoers file and sudo-capability.

For your second question, you can run any application (even X-windows app) from your normal account as "su -c the_app_name" from a terminal session, or more graphically via gksu. I think there is also a gksudo too.

Whoever told you that is being silly. Routine root access is normal in any 'nix system. Sure, think and read twice before pressing Enter, just like carpenters live by the adage "measure twice, cut once." :)

I use the root account often. Sometimes with su, sometimes with su -, sometimes with sudo, and sometimes through the sudoers list. I run a home network. My normal account and root account passwords are the same.

That said, if you use a portable computer, then having different passwords is a reasonable idea. Security is often a compromise between convenience and protection.

Desktops like Xfce, KDE, Trinity, etc., provide their own mechanism to open file managers and other apps directly as root. So doing that is not a major problem. :) KDE is kdesu, Trinity is tdesu, I don't know the Xfce way. If you want to use a console file manager, such as midnight commander, use the 'su -' command to ensure the root account uses root environment variables and not user variables.

That simply is not a (security) best practice. Before you counter that you think that what you do in your LAN is your problem alone please be aware that once a machine is part of a public network it has the potential to become everyones problem.

loging into the GUI at root is normally not a good idea
x11 is not secure

however sometimes it might be needed
-- however !!!
starting as a normal user and THEN in the terminal becoming root is preferred
now on all my systems a CAN login as root at boot
-- but I very very rarely do that

at time of install i do login as root
to set the root gui theme to something hideous
an "eye sore" like "high contrast"

that way i KNOW very fast that i am running some gui tool as root

also i make sure that the /root/.bashrc has PS1 set to be RED

that way i KNOW rather fast that i am root in the terminal
two root users ?
not a good idea

set up "sudo" and ONLY give that other person the permissions that they NEED and ONLY what they need .


on my mostly single user system ( some other people use it sometimes)
my "normal" user password is rather easy
BUT
the root pass is NOT
it is a 16 character string that I memorized

Best practice? Maybe, maybe not. Sane? For me, yes. For others? Some yes, for some, no.

All of my systems run an iptables firewall. All systems are behind a Linksys router running DD-WRT with all services disabled, which is behind a VOIP router, which is behind an ISP CPE that is encrypted with all ports disabled. All of which are on different subnets. Potential for intrusion? Sure. Likely? No. Anybody who bangs through all of those layers has far more skills that I can stop with a simple password. Exactly how is this "everyone's problem"?

Ogres are like onions. They have layers. :D (From the movie Shrek.)

I think the chance that an infected (or taken-over) machine can then be used as a springboard for other activities, like distributed denial-of-service (DDOS), or email spam or the like is the concern. A weak machine (easy password) is a gift to some really nasty people in this "Wild-west" internet world.

Or simply has written an exploit for your favorite browser, chat software or whatever services you use that are communicating with the net.

Point taken. But the subject is password security.

Even if someone were to compromise your user's account, sharing the same password would offer no advantage in gaining root access than using different passwords.

Except that sharing the same password is anticipated, and said password will probably be the first one the attacker tries to use.

Need to? No.

Good idea? For sure.

Except that the attacker has no way of determining the user's password. He could change it, but that would not change the root account's.

You don't need to log on to root. It is a poor practice to use. Learn proper ways.

Modern distro's allow you to either use sudo or launch apps as superuser.

Root is a generic name for admin or superuser. It could be that many users have root access or full control or superuser account privileges. Not really a good reason to do that. Use least privileges needed to do tasks.

Proper ways... love it.

In my home lan, I am currently logged in as root (two consoles) on one laptop; the first, compiling a program; the second, to monitor my free space, this compile takes a lot of space. I am also logged in as root on another laptop also compiling a program. On this desktop that I am typing on I am logged in as me. I do have a terminal session open and I am logged in as root via "su -". I did that just for the heck of it. Oh what the heck, I just Ctrl-Alt-F2'd and logged in as root on another text console.

One need not fear root. One needs to log in as root to do a lot of administrative task, how you get there matters not.*Once you have root, regardless of how you got there your can hose your machine.

Edit: I also use the same password for root and my user login on my home lan. At the office never.

Lets get BACK to the OP's question
-- to log in as root or not login as root ,that is the question ....
is a DIFFERENT TOPIC

I log in as root to do system maintenance, otherwise I use my power user account that has near admin level privileges.

I use root to do system maintenance (which may include building packages).

Normal operations are under a non-privileged user.

It is exceedingly rare that I run a gui as root.

As long as you have a policy of logging into root only when you have things to do that only root can do I don't see a problem.

It helps if root's WM isn't too fancy since that will give you an incentive to log out of root and back in as a user when you do your user stuff.

My own attempt to return to the OP's question...

Whoever told you to never login as root simply does not know what the root user account is there for. It is equivalent to someone telling you to never raise the hood on your car (or bonnet for you UK types)! It is just silly, ignorant advice!

The best, and only advice is to learn why the root user account exists, then make use of that as and when it is applicable for your own purposes!

I could not find a really useful online link to point you to, unfortunately, so let me tell you in my own simplest terms why the root user exists, and I quote myself...

So the clear rule to follow is...

1. Do your normal computing tasks as a non-root, non-all-powerful user, because it keeps you out of trouble.
2. When you need to do things not allowed to non-root, non-all-powerful users, login as root or obtain root permission via sudo, to do them, with the full knowledge that you can do harm if not careful - just like working under the bonnet of your car.

There is nothing more mysterious to it than that.

So, with that perspective - should your root user have a different password? Usually, but it is entirely up to you.

Because you specifically said that you will have two users, root and a normal user I have to think that your computer is for a single user, probably yourself. If that is the case and others will not have physical access to your system, then you are probably safe enough using the same for both (I often do).

On the other hand, if other people will have access to your machine, or if you take it out in public or use it on unsecured networks - why not give root a brain-twister password just for that little extra security? It really is a very tiny inconvenience to type a few extra characters on the odd occasion!

Finally, it is possible that the person who told you to never login as root actually meant to say that you should never login as root from a graphical login (i.e., the top level form of saying to never run X applications as root), which is generally good advice.

Why? Two main reasons:

1. Because X is not secure, so when you run it as root you give it godlike power to run amok!
2. Everything that you click on with your mouse under X will also have root permission. GUI apps, games, browsers, you name it, simply are not designed with much consideration for restraint when given such power!

So when root, stay in a shell environment where you are less likely to do bad things unintentionally!

It has been answered. In the second post (sans the Update to post 1). I will answer it again.

No you do not, you can use the same password for root and an other user(s).

Yes it is possible to do that. See here: SlackBuilds.org - rootactions_servicemenu

Sometime you need to; e.g., when a patch is for a daemon or other software that would be executing, I take the system to single user mode (init 1), apply the patch(es), then reboot (init 6), a habit (good or bad) I developed years ago.

Good idea to log in as root? Well, yes and no -- as a general practice, no (use su - from your own account), sometimes necessary but keep it down to a dull roar.
Really ought to have a root password and a user password that are different -- it's not a big deal, it's easy, and you just ought to do that. Doesn't matter if you're on a LAN that has no connection to the outside world, it's just a good idea.
Well, yeah, but it's just as easy to open a terminal and type something, isn't it? You learn more that way, too -- try to avoid click-'n'-drool, it impresses the unwashed. :rolleyes:

Hope this helps some.

Just noticed you work with Thunar. Thunar has a quite nice feature, called Custom Actions, which basically are the ability to create extensions for it. In the examples on the page I linked to you will find the custom actions "Opening a root terminal", "Opening a root Thunar" and "Editing as root". If you extend your Thunar with those (replace the gksu command with kdesu or install gksu from SlackBuilds.org) you can run your Thunar under your normal account, but if necessary use those actions.

Indeed, on all my personal systems, and those I set up for others, I re-use the normal user's password, and simply add 2 characters (one in front, one at the end, or two in front, or at the end, ya gettin' the drift...?)

I keep it consistent throughout my installs so I can determine the root pw if the normal user is aware of his/hers.

cheers,

Except that users which tend to set their root and non-root passwords as identical are also often the ones who use the same password on all their online accounts; a phishing attack would thus allow an attacker to obtain one password, attempt it for the user's machine account, and - if successful - then attempt it for root access. Not to mention dictionary attacks, keyloggers, and the like. Yes, there are numerous ways of determining the user's password. Hence why password diversification is important.

Woow we to start, I guess will be thanking everyone, lots of reply.

I will try to go one by one later and maybe give re-asked if needed.

Where I am now: I still don't like the idea to have to remember more password if I don't needed it.

That was the king of question I was looking for how people could gain my user password and then well try it as root. But I notice that the application give message "Dont run as root" so it could mean that application could hold data from my keyboard and then transmit, well it will get it when I type the root password to do something.. right? Just I dont know that much about linux as kernel level how it works so maybe there could be someone could gain access to my keyboard data, for example...

I have been logging in my X11 as root seen I am on Slackware boot but I haven't being using many programs just getting on with the minimum and trying to get used to and get programs working.

from the normal GUI which should not run as root and I have been doing it as root its only a few programs which I was not intended to do it but I had not the time to trying everything working as user-no admin privilege + plus learn about user administrator.

Also I looked at the root folder and it look like my old used folder so I thought I may have problem when I am as normal user.

I think this is a bad design! This should be the other way a around when you have using you machine as Desktop, I hate when you are at Bank and someone ask you we need to ask you some security questions, I am there what more do you want to ask for? 1000 signs of Identity or more there in front of you! Why to ask you more questions? Its the same with this issue X11 should run all application to minimal security and you give access to what is needed at maintenance time. After logging as root that is the computer should know you are the al mighty not more questions to permissions in my opining. Last months have been much better in that way, like open the terminal and have to look for a command I don't remember or the cd to move in folders. As root is very nice where ever I navigate I right click and there is my terminal to run whatever I told it to run no questions not passwords. Also I find it quite useful to keep space on the desktop what ever terminal I am not using it I am close it down so it I need to again I right click and there is it as root to carry on. Also never was easier to run a VM no need to look for permission groups and all that. I have to say I have enjoy more my slake-ware experience as X11 logging in as root. But after all that dont get me wrong I love the terminal stuff get dont very quickly and I also love shell programming I think its very powerful. I just dont like to keep typing my password several times during the day and I dont like to do everything in only one terminal and I dont want to leave a terminal open just because is the root terminal.

I could go all night here but maybe you have even stop ready, all things nagging, I will move to create my user and try all out and find a systems which will be more secure and I still can find my way around! ;-) Thanks