Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Hardy (Gnome on Ubuntu 8.04) on Compaq N600c laptop
Posts: 323
Rep:
I'm gonna flog this question some more
I, a lowly emmigrant from the land of drive letters and start buttons, am still seeking enlightenment on an age old question:
why can't I just be root? (or something like it).
They say it's "not safe". But why is it safe in the "less secure" operating system alternative? This is an earnest question, not a rebuttal. In 13 years of internet use, I've never suffered more than a couple of dopey emails and some dopey adware. I've always been "administrator" (or something like it). I suppose, as a newbie, I can imagine doing something knuckle-headed like formatting my own partition, but "sudo" is hardly a guard against that.
Why is it so important?
Well, I perfectly well understand that this will make no sense to many, but to some of you, the idea of saving 5, maybe even 3 keystrokes--per action-- is a very welcome one. If you're not among us, you may want to move on to the next thread. But it's quite welcome, as far as I'm concerned. What's more, I can't even create directories on my own hard drive. My hard drive. If this sounds petty, you can try this excercise: for one day, say "pretty please" every time you want someone to do even the very simplest thing--pass the sugar, for example--or even just ask them a basic question. Do this at work, and at home--do it with every person you speak to.
I know I can launch things like Konqueror as root and such, but then I can't run most apps from it. My laptop is not a server, it's a laptop. I'd like more control without saying pretty-please each time.
But why is it safe in the "less secure" operating system alternative?
It's not safe there. Why do you think the virus and spyware fiascos are so ubiquitous there. The fact that Windows users have been trained to be idiots, doesn't make the OS secure.
If you're so bothered by logging in as root, set up sudo.
Also, you can launch any app you wish as root, but it's stupid.
And the advice for Linux and Windows is really no different---in either system there is higher risk running as root, admin, etc.....This is not a matter of debate: The more you are able to do, the higher the probability of a mistake. (I'm pretty sure it's one of the three laws of thermodynamics... )
One thing you must remember when using Linux or any nix, is that your using a system that was designed from the ground up as a multi-user system. Windows was not designed that way. Thus the idea of root is not always about protecting you from you, but protecting the system from everyone else.
Now on the same hand, running your computer as root is dangerous for a multitude of reasons. rickh's allusion to viruses is a very large reason but certainly not the only one. Linux viruses do exist. Very few is any in the wild, but they are there. Linux isn't 100% secure, don't be fooled. But running your computer as root, or as administrator, only makes they're attempt to gain control of your computer that much easier. The danger from other people aside running as the lowly user has other advantages. Even though your now living in an opensource you probably rarely check the source code of the programs you run. If a program you run goes nuts and starts trying to delete files running the program as user will save you a major headache. Since it will be limited to a very small group of files it has write access to.
And all of that is really just for starters. There are more reasons, almost all of them security reasons. Not to mention protecting yourself from yourself. You may know what your doing, but everyone does stupid crap every now and then.
In the end i guess rickh is right. If you don't like don't do it. Just run as root anyway. If a program refuses to run as root don't use it. Rox is a file manager, for example, that will run as root.
Last edited by Penguin of Wonder; 04-04-2007 at 10:31 PM.
Technically you should run as a limited user in Windows as well but the problem there is there are certain tasks that simply can't be run as a limited user. I'm not talking about system critical item, but regular user apps like games. Windows user system (at least before Vista) is extremely crippled. Running as a limited user is quite annoying to say the least.
In Linux there is no problem. Once you have a program setup there is no reason to ever run as root to run it.
Also running as a limited user has more advantages than just keeping intruders from screwing up your OS. I cannot tell you how many times I've been glad that I was running as a user. There is many times I could of ended up screwing up my own system.
There are a variety of reasons why it's a bad idea to run as root, but for me one of the key reasons is simply that Linux assumes the user know what he/she is doing, and if you delete or move a directory/file, you won't get a cutesy little popup asking "Are you sure?". Instead, your directories/files will be deleted or moved. If you realize (typically just as you press Enter) that you actually didn't want to run that command, you don't get to "undo" it or restore from the Recycle Bin. Instead, whatever's done is done, and it's really easy to create massive problems for yourself just by your own carelessness. Heck, with only about 10 keystrokes you can not only kill all your personal data but also trash your system to the point where your only recovery option is a total reinstall. Running as a regular user protects you from your own errors/mistakes.
As for being unable to create new directories on your hard drive unless you are root, that's simply not true. Regular users can easily create as many new directories as they'd like, with no special actions needed by root. Of course, if as a regular user you are trying to create directories directly under / other system directory rather than your /home directory, then Yes, that attempt will fail unless you are root. That's hardly a bad thing though, because on a multi-user operating system (ie, Linux) users should be restricted to accessing only their own data (along with any data they've been granted access to). To do otherwise and allow all users full authority to do anything they wanted with the system would render that system unusable in no time flat.
Controls on regular users really aren't a bad thing. You might consider doing some reading on *nix file permissions to gain a better understanding of the reasons behind them.
The phrase 'we just root'd their box', means they now have control of that box. It is just an extra layer of security, to not run as root.
I just mentioned this in another thread but here it is again xhost +localhost is your friend.
xhost +localhost
su -
konqueror
You would do that from the command line, a terminal perhaps like kconsole.
X has security flaws so on a multiuser system you would not want to do this, but single user systems when you must run an app that needs the root level and an x interface it will generally be ok. The reason X is secured per user is a valid one though.
To compromise a system generally you are after a buffer overflow to execute some shell code in the input or to send data to some program which will allow you to execute any command you wish, now if the program is running as root the command will execute with root privilege but had it been running as a normal user it would execute only with the user privilege.
So by not being root you buy yourself a little time - once they have the user they can still use the system but cannot hide their tracks, so they then try to escalate privilege generally by going after root suid'd applications this can make some noise on your system. And applications designed to be run as root only tend to be more security conscious, which is why they tend to be cli apps there are just fewer holes in code designed to be run with the minimal input->process->output model of cli.
The other beautiful reason is this one:
Once you get up to speed with unix you will do most of your day to day work on the command line, be it vim or emacs (I am assuming developer work or admin work), yeah you can use drag and drop guis but they are slow compared to quick keystrokes combined with tab completion, utility apps, and shell scripting. So, you often set up projects and remove them using the command line.
an rm -rf / ~projectScratched will remove your entire system (nb the typo of the space) if you are root. But, if you are just a humble user you will be saved, now you can do this quite easily with a GUI but it will be more obvious so you are more likely just to knobble a critical file rather than knock out an entire system, but do remember GUI apps have a lot more security holes.
I personally change my prompt string (PS1) colour to red for root so I remember to be a little more careful.
It is also nice to have a separate admin user. I can keep configuration files and send mail to that user that is admin specific to the system.
Some people have users for work, personal and gaming, it is not a bad way to keep things separate, even if you are the only one using that host.
I want to flip this discussion on its head and have people tell us the time it was so critical to be root.
The only thing we have here is that you wanted to make a directory somewhere arbitrary on your system, ok well first of all it cannot be arbitrary certain locations are reserved and for good reason. A computer system should be kept separate from day to day user activities as you learn more you will appreciate that separation; backup, security, stability are all the reasons why.
The ~ (user home) directory is the location that is your play pen, you can do what you like from there by way of creating directories etc.
Now what often comes up is they want a separate partition for say music/image/movie files, now they could either be doing this on a separate hard drive or perhaps they left a little space on their internal drives. What can be done for this is to create a mount point, often /mnt/music and mount the device to this directory. Then I set the perms on that directory to allow users or perhaps just to that user, then symlink that into the home directory ln -s /mnt/music ~/music or just use the /mnt/music directory directly.
If you are using Ubuntu and the daft sudo thing then I do understand - I personally think Ubuntu is doing the right thing but I do not use Ubuntu because of it. I would install Ubuntu though for people. The reason is this - when giving tech support over the phone it is better they never become root I would prefer someone who did not know or want to know much about admining a computer system which they own, ever be left at a root prompt.
Instead I would prefer to say sudo blah blah and let them type a password each time, then get off the phone and them not have a flashing root prompt.
But, would I like to type sudo blah blah when admining a system, hell no, so I don't use Ubuntu, and if I was admining a Ubunutu system directly I would sudo su - first.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.