Linux - DesktopThis forum is for the discussion of all Linux Software used in a desktop context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm confused. In a terminal, if you enter "su", you will take on root powers. If this is what you are referring to, then it is the same as "working as root".
Distribution: Mandriva 2009 X86_64 suse 11.3 X86_64 Centos X86_64 Debian X86_64 Linux MInt 86_64 OS X
Posts: 2,369
Rep:
What do you exactly mean by working as root ?
Login as root and use the GUI .
Personally I do not like that because the GUI hide a lot of system message .
Beside that becoming su has a time limit that you are root .
I thought it is about 5 min.
Title says everything. I need a couple of reasons for it.
thanks
Homework question, is it??
As others have said, root or even doing an SU to root (same thing), is bad on LOTS of levels. If you're in the / directory, and type in "rm -fR *", as root, EVERYTHING is deleted. If you do it as your own user, it'll not delete much, except YOUR files. You can still have a running system, and recover your data (maybe). There are very few times when you need to su or log in as root. SUDO is better, and as far as I know, to be used sparingly. It doesn't have a time limit (unless you set one), and lets you do things that root can do.
Sudo times out, depending on the settings. I thought su was forever, which is why you need to exit from it.
Well, there's the TMOUT environment variable, but that's a feature of the shell rather than su itself.
Anyway, as for the why 'su' rather than work as root. I've always liked this quote:
Quote:
"If you picture using the root account as wearing a special magic hat that gives you lots of power, so that you can, by waving your hand, destroy entire cities, it is a good idea to be a bit careful about what you do with your hands. Since it is easy to move your hand in a destructive way by accident, it is not a good idea to wear the magic hat when it is not needed, despite the wonderful feeling."
it is more of the fact that Xorg is NOT secure .
now a bit of "bad" code can not do much it it is ran as a NORMAL everyday user
BUT
That same bit of code being ran as ROOT in a root session of Gnome ...
very bad .
There are times when it is nice to be able to login ( or what i do - start a new root session of nautilus from the terminal IN a normal user session ) as root - sometimes ONLY
But this is a very special case . for a normal program install
this works just fine as a normal user
Code:
./configure --prefix=/usr
make
su
( root password)
make install
------------
yum search ????
su -
-- root pass--
yum install ???
----------------
packman -Ss ????
su -
packman -S ????
sudo users can be limited as to the specific commands they can execute and logs can be easily kept of activity. Of course if you just open up sudo to a user, they may as well log in as root - sudo "rm -rf /*" will have the same effects as running rm -rf * as root!
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,197
Rep:
GazL, I like your magic hat quote. On the other hand, I violate that. I typically have a couple dozen open terminal sessions on a variety of servers, and they are typically in root sessions. I'm the principle sysadmin. On the other hand, I'm paranoidly careful about what I type. In certain cases, I'll even issue a prototype of a command listing output rather than executing the rm or whatever. Then, when I'm confident the find or selection is doing what I expected, I'll call back that command line and edit the listing to the rm or whatever. I backup critical files before editing them. I also have a log book for each of the servers and document everything I do. I don't bother if I'm just looking for something or checking logs, but if I'm changing or installing something I certainly document it.
However, on the Ubuntu server and on my Mac, I use sudo. It's easier to play the game as intended on those systems. Sudo has the advantage that it logs.
Also, we typically don't have graphical consoles on the Unix servers. On some of the older ones that do have graphical consoles, the rule is to never log in as root on the graphical console. Log in as yourself, and then su in a terminal window. Exit the su when done.
We typically don't give root access to anyone. We have 2 general sysadmins (my boss is the other), and we control access for others with sudo.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
