Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 12-27-2006, 12:39 PM   #1
Registered: Oct 2006
Distribution: Slackware 11
Posts: 46

Rep: Reputation: 15
Logging on as Root

Is it really so bad to sign on your system as root? I was installing something the other day and it said I was taking chances being signed on as root. I also read here and there that it is a bad idea, but how many people actualy dont sign on as root?
Old 12-27-2006, 12:48 PM   #2
LQ Guru
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094

Rep: Reputation: 272Reputation: 272Reputation: 272
I don't and I would bet that most anyone with more than 10 posts here doesn't sign on as root either...

Signing on as a "Super User" like root is one of the reasons why Windows security is so bad. Think of it this way: you go to a website and that website has some java script that will delete a bunch of files on your machine (not a java programmer, so maybe that's not possible). If you are root, then that script can do whatever it wants. If you are joeblow, he can only delete files he owns. He can't modify system files or rm -fr / (delete the entire file system structure).

And that's beside the fact that if anyone cracks your password while you login as root that they have total control of your machine.

Last edited by pljvaldez; 12-27-2006 at 12:49 PM.
Old 12-27-2006, 01:04 PM   #3
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
If you use the root account for normal computer tasks then you may as well be using Windows XP Home. One of the main reasons that people and businesses use Unix or Linux is because of the security. Much of that security is based on separation of privileges. In other words the normal user account(s) cannot perform certain tasks. These tasks include reading files from other people's accounts, installing software at the system level, and changing system configuration settings. If you use the root account to browse the web, for instance, then a malicious Java script could install a program on your system. If you are browsing the web in a normal user account then that same malicious Java script can only put files into places that your user account is permitted to write into. If you are smart and have your home directory on a separate partition and mounted with the noexec option then the malicous Java script cannot run any software that it downloads into your user account home directory. You can do the same thing with the /tmp and /var/tmp directories. That would make it very difficult for a malicous Java script to download and run software on your machine.

Software installation isn't your only concern. Java scripts can work within your web browser to scan your files and download any files that appear to be interesting. If you keep your finances on your computer then financial software always keeps its information in well known places and in files with well known names. It is possible for Java or Java Script applications to look for these sorts of files. If you keep your resume on your computer then the same thing is possible. This is why, even when you use Linux or Unix, you should have one account that is for network access and another account with your personal information. The network access user account should not be able to see the filee in the home directory of the account that has your finances and resume and your email.

So the point of NOT using the root account for normal computer usage is to establish a level of security that is generally not available using other operating systems.

As I implied, even Linux security can be enhanced after it is installed. You can make a container file for the /tmp directory and another for the /var/tmp directory and mount them through a loop device with the noexec option. You can keep your home directory on a partition separate from the / partition and mount it with the noexec option. You can change the permissions on the /home directory to be owned by root:users and with access of 710 or 740. If you do these four things then your Linux system will be 1 million percent more secure than most Linux systems.

So you don't use the root account for normal computer usage because you want the separation of privileges that comes with using a normal user account for normal tasks.

Last edited by stress_junkie; 12-27-2006 at 01:14 PM.
Old 12-27-2006, 01:05 PM   #4
Robert Diggs
Registered: Dec 2006
Location: Florida
Distribution: The ones that come in magazines and books.
Posts: 136

Rep: Reputation: 15
It can be if you're on the internet. If you're logged on as a SU (root/super user) and somebody tries to execute a command that would normally not be executable as a user. It's for your safety, really. If you're not on the internet, I wouldn't worry about it. The only way I would worry about it is if you have other people who use the computer along with you. It's possible they could execute something as an SU and it coudl screw you over.


Old 12-27-2006, 01:12 PM   #5
LQ Veteran
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
The separate root (or admin) account protects you from the outside, but also from yourself Part of the power of Linux is the ability to totally mess up a system with a few simple commands. Especially in the CLI, there is no undo, trash, etc. What is done is done, and mistakes are reversible only with great effort--if at all.

Turn the question around: Is there any good reason TO run as root? I know of none. In the CLI, I can become root in 10 seconds ---- small price to pay for the protection provided.
Old 12-27-2006, 02:54 PM   #6
Registered: Oct 2006
Distribution: Slackware 11
Posts: 46

Original Poster
Rep: Reputation: 15
Ok, I made a regular user account, lesson learned.
Old 12-27-2006, 05:23 PM   #7
Senior Member
Registered: Sep 2004
Location: Nashville
Distribution: Manjaro, RHEL, CentOS
Posts: 2,098

Rep: Reputation: 102Reputation: 102
As mentioned the only time I run as root is for installing software. Other than that no need to. It is also a good habit to get into, some company admin's get jumpy for logging in as root as well as they should be. And while you may think you won't do nothing bad, there comes that one time when you get proven wrong. I have done that recently on a test machine at home.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
logging in as root tm2383 Mandriva 9 12-19-2006 04:06 AM
logging in as root unklekoolaid Ubuntu 9 09-01-2006 11:10 AM
logging in as root M O L8ingN2dust Ubuntu 24 01-16-2006 04:49 PM
using red-carpet without logging out and logging as root. packman Linux - Software 1 12-09-2002 02:55 AM
Logging in as root Optimus Linux - Newbie 16 07-10-2002 11:37 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:20 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration