LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-21-2004, 05:32 PM   #1
peacebwitchu
Member
 
Registered: Apr 2004
Distribution: Debian
Posts: 185

Rep: Reputation: 30
# 1 newbie rule don't run as root.


I see alot of questions asking if it is alright to run as super user all the time so I thought I would take this time since this is the newbie forum to say that it isn't alright to run as root.
I think we need to ingrain this into new users so we don't end up with a windows situation
meaning we uphold the security of linux and take it as our responsibility to keep it secure.
There are many ways to do most everyday task as a normal user mostly by using "su" and "sudo". If you need help running something in a safe manner please post it to the forum.


Thanks
 
Old 05-21-2004, 08:28 PM   #2
captainfreedom
LQ Newbie
 
Registered: Mar 2004
Posts: 28

Rep: Reputation: 15
Re: # 1 newbie rule don't run as root.

I don't know, I heard it's relatively easy for a virus to give itself root privilages once it's running on your machine at all
Quote:
Originally posted by peacebwitchu
I see alot of questions asking if it is alright to run as super user all the time so I thought I would take this time since this is the newbie forum to say that it isn't alright to run as root.
I think we need to ingrain this into new users so we don't end up with a windows situation
meaning we uphold the security of linux and take it as our responsibility to keep it secure.
There are many ways to do most everyday task as a normal user mostly by using "su" and "sudo". If you need help running something in a safe manner please post it to the forum.


Thanks
 
Old 05-21-2004, 09:13 PM   #3
Mathieu
Senior Member
 
Registered: Feb 2001
Location: Montreal, Quebec, Canada
Distribution: RedHat, Fedora, CentOS, SUSE
Posts: 1,403

Rep: Reputation: 46
It is true that perfoming everyday tasks as a normal user as oppose to being root will help protect a system (including protection from user mistakes.... )

However, this is not a silver bullet.
Proper permissions on the file systems, up-to-date packages, secure passwords, etc... need to be applied in order to have a secure system.

Do keep in mind that security holes have been found in some Linux services (software) including Apache and SSH.
Therefore it is possible for a worm to infect a server running un-patched services.
For example, back in late 2002, a worm using an OpenSSL buffer overflow exploit was created which infected Linux systems running Apache.

Although I do believe Linux is a much more secure system then windows in the way that updates can be applied across systems much more rapidly and easily.
 
Old 05-21-2004, 11:22 PM   #4
peacebwitchu
Member
 
Registered: Apr 2004
Distribution: Debian
Posts: 185

Original Poster
Rep: Reputation: 30
This is not true Captn'. if their was a Linux virus it would have to exploit a vulnerability in the os to run as root if you executed it as a normal user. A linux box patched with the latest updates the chances become very small that this would happen. But properly hardening a box is out of the scope of this thread.

Apache and openssh currently drop privs so if they are exploited you don't get much.
 
Old 05-22-2004, 01:23 AM   #5
IceStorm
LQ Newbie
 
Registered: May 2004
Location: Dallas
Posts: 7

Rep: Reputation: 0
Quote:
Originally posted by peacebwitchu
A linux box patched with the latest updates the chances become very small that this would happen.

Not to defend any OS, but the same holds true for Windows as well. Most viruses take advantage of Windows servers that have not been updated.

To me, security all comes down to the personnel first. Then the software second. But I'm just a rookie.
 
Old 05-22-2004, 02:22 AM   #6
J.W.
LQ Veteran
 
Registered: Mar 2003
Location: Boise, ID
Distribution: Mint
Posts: 6,642

Rep: Reputation: 85
The title of this thread is excellent advice -- Don't run as root. There are certain specific actions that do require you to become root, but as a general rule, you should always run as an ordinary user, not root. As one who has made more than my fair share of mistakes, I am 100% certain that anyone else who has accidentally run a recursive rm command from the wrong directory will back me up on this.

There was a great line that another LQ'er had, that said something like: Running as root is like wearing a giant robot suit. You can do anything you want and nobody can stop you, but if you accidentally step on something that you didn't mean to, it'll be destroyed just the same. Therefore be very very careful anytime you are wearing the giant robot suit. I just love that line. -- J.W.
 
Old 05-22-2004, 03:33 AM   #7
duncanbojangles
Member
 
Registered: Jul 2003
Posts: 34

Rep: Reputation: 15
I run as root all the time. I know I shouldn't, but in the past year or so I've never done anything I didn't mean to, or in the few times it's happened, not been able to undo something. I don't know why, but once my box was up and running, I never switched to the "normal" unprivelaged user, and just saved everything in /root . I kinda regret it now (not really, just a wee bit) 'cause a while ago I tried to switch to a "normal" user but I got annoyed at not being able to do anything. Not to mention that when I started I just chmod'ed everything 777. Oh, well, I'll just backup and install Slackware 9.1, eventually. Until then, let's hope I don't do anything dumb!
 
Old 05-22-2004, 04:15 AM   #8
J.W.
LQ Veteran
 
Registered: Mar 2003
Location: Boise, ID
Distribution: Mint
Posts: 6,642

Rep: Reputation: 85
Quote:
Originally posted by duncanbojangles
I run as root all the time.
Warning: No Lifeguard On Duty

What you're doing is more or less equivalent to not wearing a seat belt while driving a car. True, the chances are pretty tiny on any given day that anything bad might happen, but if something bad does happen there won't be any chance for recovery and you'll regret it for a long time afterwards. Good luck. -- J.W.
 
Old 05-22-2004, 06:14 AM   #9
peacebwitchu
Member
 
Registered: Apr 2004
Distribution: Debian
Posts: 185

Original Poster
Rep: Reputation: 30
I've been a UNIX (AIX, Solaris) Sys Admin for 10 years believe me you will regret it.
 
Old 05-22-2004, 07:15 AM   #10
jong357
Senior Member
 
Registered: May 2003
Location: Columbus, OH
Distribution: DIYSlackware
Posts: 1,914

Rep: Reputation: 52
Yea, I run as root 24/7 as well. Been doing for 3 years.... If your stupid enough to do a 'rm-rf /' then you deserve it. I run a fairly tight iptable setup as well... Not a single problem over here. Thats not to say that it won't ever happen, but it hasn't yet. My advice is, do whatever the hell you want. It's your computer. It always pisses me off when OpenBSD tells me not to run as root.... Image that.. Your own computer telling you what you should and shouldn't do.... Don't be stupid and keep an eye on your running services, think before you type and run a firewall and there is no reason whatsoever not to run as root. If I had a dime for everytime that I would have had to 'su' in the past 3 years, I'd be a rich man... That just gets annoying not being able to sneeze with out it telling you that you don't have sufficent permissions... My 2 cents anyway... Still I suppose it's sound advice, especially for noobs...
 
Old 05-22-2004, 07:26 AM   #11
Rico16135
Member
 
Registered: Aug 2003
Location: Texas, USA
Distribution: Slackware 9.1, SuSE 9.1
Posts: 245

Rep: Reputation: 30
geez, you seem to be taking it personal.

Running as root is retarded. Linux in my eyes is a healthy tropical island in a world of infestation. Adopting the same principles as the world would threaten the sanctuary that is linux.

Its bad practice to run as root. Any major linux player will tell you that. Just cuz you do it doesn't mean its a good idea. Its good practice, and that's what the newbies should hear.

Last edited by Rico16135; 05-22-2004 at 06:30 PM.
 
Old 05-22-2004, 08:36 AM   #12
jong357
Senior Member
 
Registered: May 2003
Location: Columbus, OH
Distribution: DIYSlackware
Posts: 1,914

Rep: Reputation: 52
No, I'm not taking it personal at all... I'm very passive about this subject. All I was saying is, "Do what you want to"... All it takes is a little brains and your safe. Much safer than you would be on other platforms... I never said it was a good idea either. I just stated that it really doesn't matter... As long as you have common sense, then you'll be allright. What defines a "major linux player" anyway.... I didn't know there was such a thing... And whats so retarded about running as root? And newbies should do what ever they feel like doing. Free will is good practice as well...
 
Old 05-22-2004, 09:08 AM   #13
peacebwitchu
Member
 
Registered: Apr 2004
Distribution: Debian
Posts: 185

Original Poster
Rep: Reputation: 30
Rico16135, you get exactly what i'm trying to say. I feel like this is the correct place to instill good unix fundementals to people that are just learning. It's amazing that I have run linux as my primary Desktop os since 95 and rarely have the need to run as root and have never had the need to run the X environment as root. I've been in the UNIX field for a decent amount of time and have friends that are kernel developers and members of various open source projects ie X.org dating back to att Sys V days etc.. and we help newbies through our local lug and this is one of the first things we teach. Before they can even concieve the thought of generally hardening a linux box.
 
Old 05-22-2004, 10:09 AM   #14
captainfreedom
LQ Newbie
 
Registered: Mar 2004
Posts: 28

Rep: Reputation: 15
I don't tun as root, but I normally have a term window open logged in as root, so wouldn't it be possible for a virus, or hacker to somehow use that window to gain control? Just curious

Quote:
Originally posted by peacebwitchu
This is not true Captn'. if their was a Linux virus it would have to exploit a vulnerability in the os to run as root if you executed it as a normal user. A linux box patched with the latest updates the chances become very small that this would happen. But properly hardening a box is out of the scope of this thread.

Apache and openssh currently drop privs so if they are exploited you don't get much.
 
Old 05-22-2004, 06:38 PM   #15
Rico16135
Member
 
Registered: Aug 2003
Location: Texas, USA
Distribution: Slackware 9.1, SuSE 9.1
Posts: 245

Rep: Reputation: 30
I wouldn't worry too much about that captainfreedom. You'll be just fine.

jong357 -
major linux players = Linus Torvalds, Miguel de Icaza, etc.

ahh.. you are correct that free will is a good practice. But free will with no rules is anarchy. And any logical person can tell you that doesn't work in society. A safe computing enviornment for joe shmoe means a safer computing enviornment for me. And even you jong. Come on man, how can you say that isn't a good thing?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
newbie - firewall rule danimalz Linux - Security 3 07-30-2005 08:25 AM
Run First As Root? Terje Linux - Software 1 01-10-2005 09:13 AM
I have to ssh -l root to run root processes!? paul.nel Red Hat 3 11-15-2004 12:55 PM
newbie;I am a linux newbie who has installed slackware and have run into a few proble MollyJolly Slackware - Installation 6 06-01-2004 12:21 PM
LimeWire installed as root, can't run if not root sulzla Linux - Newbie 1 07-01-2003 08:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration