By default root (UID 0) is the most powerful user on the system. The general rule of thumb is to tell new users to only use the root ID when necessary. I take exception to that rule.

I started in unix over a decade ago and have always logged in and su'd to root and stayed there for everything. As a system admin root is needed for most of what I do anyway, but I can see the confusion by new users about when to use root and when not to use it. I feel it would be easier to advise them to use root all the time but be careful.

How about you, do you su to root as soon as you log in, or do you log in directly as root and stay with that ID through your session?

I'll stick with the rule of thumb. Yes, a sysadmin needs to use root capabilities a lot more than a casual user. If that's all you do, you are ok staying as root.

But that's for you as sysadmin. Advising users to run as root can cause real trouble. Remember that most users scatter themselves across the whole internet world where lots of crackers lurk.

If you think that your users are not capable of understanding when to use or not use root, you should have them never use it. Change the root password and don't tell them what it is. Then you do all their sysadmin work. If they can't figure out when not to use it, they also won't be able to keep themselves safe from the wolves.

Systems are created with a distinction between "root users" and "regular users" for a very good reason. The average USER of a computer could get in big trouble by having root powers.

I would simply turn the question around: A typical user is going to get comfortable with a system and then eventually find they need to take on root powers to configure something. The presumption in the "conventional" setup is that they feel they are in enemy territory when running as root---and want to get out ASAP. That's part of the protection from mistakes. I submit that changing this standard practice has no real benefit--only increased risk.

I'm speaking only for the new linux user working on his own desktop. A one user system. New users get stuck in so many different areas and get confused when they do and don't need root. Being root most of the time could remove those hurdles. I feel it might help lower the new user frustration level. And make them understand that with power their are consequences.
I once saw a fellow admin issue a rm * command not knowing he was n the / dir. Whooops. Blew everything away. He tried to control C but it was too late. Reload the OS and hope you have a good backup at that point.

I agree 100% about users on a server. I will not give root to any of them unless they are a fellow sysadmin.

I would say "stay away from root".

Just a lack of concentration (resulting in a typo) has resulted in .c files being destroyed instead of .o files and a days work down the drain; this as a regular user.

Similarly I accidently pressed the spacebar while typing an rm -r command separating the character '/' from the rest of the filename; thank god I was not root at that moment because it would have wiped the system clean.

In a multiuser system nobody should know root password except SysAd. Besides that the users should not be able snooping at each other private directories, they can inadvertently corrupt the system. And if the system connected to the outside word, making root public knowledge is an invitation for the hackers.

If it is necessary - employ 'sudo' for selected users, enabling them to execute few privileged commands.

Even in a single user system, there's no a really good reason to be root all the time. Regardless of years of experience everybody makes mistakes, and being a root it might be a fatal one.

I agree it is not to be taken lightly ... but mistakes made like that are not easily forgotten ...so you learn from them.

I am a sysadmin. I spend as little time in root as I can. I leverage groups and acls to minimize the time I have to be root. I also make extensive use of sudo and su (as we disable root logins over ssh).

Right now I'm on an ubuntu box as my primary workstation. The only times I ever become root on my local system are when I'm mounting and unmounting miscellaneous devices, editing apache/samba/other service configs for my various test installs, or installing updates.

If I, as a professional sysadmin, can spend something like 80% of my time as a non-root user, I should think that you, as someone who's not randomly mounting and unmounting shares and volumes or constantly testing various software would have even less of a need for it. And in the case of both the debian and redhat families, it'll tell you pretty unambiguously when you try to do something that needs root.

I don't honestly see a problem with living as a user in linux. The principle of least privilege seems to be pretty easy to adhere to.

Point a pistol straight at your foot and pull the trigger.

Go ahead. Try it.

"Since you are 'root', with all powers in all of computerdom," then You (with the capital-"Y" appropriate in reference to Deities) have the full and unquestioned authority to pull that trigger and the computer will obediently carry out anything that You ask.

Congratulations: "Y"ou have just blown-off your own foot.

"Oops?" you say? "I didn't mean to do that?" Tough-cookies. "Y"ou just did it.

----

This is exactly why those of us who possess the unquestioned and unquestionable right to command this-or-that computer system to do this-or-that, and to be obeyed, studiously and determinedly avoid exercising that power whenever possible. We not only do not "log on as 'root'," we set-up various limited accounts for ourselves and switch among them depending on what we are doing at the time!

Even though, at any time, we could log on as 'root' and, you know, "feel the power..."

A computer, after all, is just a machine ... and machines are dumb. If you, when logged on as 'root', tell a Unix/Linux system to delete every single file in the system (including "Linux itself"), it will do it! And as a consequence, you will be "scro-o-o-o-oo'd!"

So, that's why you consciously limit your own powers. When the computer knows to treat "Y"ou as "just an ordinary mortal," it protects you ... from yourself.

And if you don't believe me, just wait until you must explain to your [boss | spouse | favorite person of the opposite sex | pet poodle] why you must now spend your entire weekend mopping-up from the consequences of the fact that you accidentally told your computer to do an incredibly-stupid thing and it did it...

---
(Show of hands, please, from the Peanut Gallery? Thank you. Yeah, me too...)