Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Even on these forums every now and then some smartass declares "it is my computer, I do what I want". Well, that's the thing, run it as root and it won't be yours any more.
Anyone who is prone to listen to advice like this...
...deserves what is coming to them in the long run.
btw, i've seen this before and whether that guy is serious or not, don't gratify him with clicks. i did, again. my bad.
I seriously can't tell if this guy, the ROOT IDIOT is serious or not but one of these days he will run something really bad as root and I hope he revises his site to "garyshood.com/NeverRunAsRoot".
I seriously can't tell if this guy, the ROOT IDIOT is serious or not but one of these days he will run something really bad as root and I hope he revises his site to "garyshood.com/NeverRunAsRoot".
that article has been there since 2008. guy probably gave up on linux ages ago and uses a much more macho operating system nowadays.
and i'll say it again, don't gratify him with clicks, use the webarchive instead if you must: https://web.archive.org/web/20081119...hood.com/root/
Certain distributors think they own the drive, but they don't. Distribution is not the army and has no authority over the user's hdd/ssd/flash storage.
Unless the distribution pays for the drive plus the government tax for the drive, they have no say in what goes in and out of the drive.
Fact is, the drive is user's responsibility. If the user decides he wants root, the distributor can only advise against it and there's nothing else he can do about it.
Sudo is a grey area, I never use it because I want a clear distinction between user and root, and sudo just adds privilege where from security perspective there should be none.
Some people use it properly, but the majority just adds sudo rights to their user account, and let every program that runs under the account have sudo rights.
Then the distributor thinks it's a problem with distribution policy and issues a "fix" when it's clearly a user problem that should be solved locally.
Kinda like that one time when someone notified mozilla their browser is so broken it belongs in the sandbox, and they "fix" it by making the browser a host for the sandbox that holds another browser.
It's redundant on systems that do privilege separation properly, and only useful for enforcing a policy upon the user.
On all of my systems, regardless of operating system, my primary login is not an Administrator or a member of the wheel group. It cannotsudo su.
I have an "ordinary Joe" user-id for each "hat" that I wear during the course of the day. Each client's projects are managed from a separate user-id. Accounting and other business activities are managed from another. And, I surf the web from yet another.
The /home directories of each cannot be seen by any other. There is one /drop-box folder with a "write-only" folder owned by each user: you can put a file there, no matter who you are, but you can't see what's in it. Only the owner may retrieve files from his drop-box folder. (N.B.: This has nothing to do with the commercial file-sharing service by the same name.)
And then, there is the one "Clark Kent®" user ... the one and only one which can become "Superman.®"
I know that nothing will ever ask me for an administrator password, and I never give one.
- - -
Why on earth do I do such an "inconvenient" thing? Because: "computers are terrible at saying 'yes,' but fantastic at saying 'no.'"
Formally, this is referred to as "The Principle of Least Privilege." By placing strict and OS-enforceable limits around what a process can do ("maliciously" or otherwise), you effectively prevent these from being possible.
You have created a "bright-line rule," and computers are excellent at enforcing bright-line ("yes (1)" or "no (0)") rules.
Last edited by sundialsvcs; 03-27-2017 at 08:17 AM.
The last speaker, sundialsvcs, describes a very healthy attitude to the topic at hand.
Running as root unnecessarily is similar to such safe pursuits as playing with fire, or DUI - and anybody who does this, deserves the problems that are quite capable of showing up as a result. Someone in this thread tried it for a week with no ill effect, which is about as intelligent as an argument as if a notorious drunkard would say that he had never crashed a car while driving drunk: Whether a given example did by chance go well, is no reason why anyone should take such a stupid risk in the first place.
With all the known exploits these days, keep your valuable data on external storage that is disconnected. And be prepared to re-install often. But I don't run gentoo and try to avoid arch for issues like that. It's too much effort to re-install and configure to taste. I can do a fresh debian install and be rebooted and logged in with a gui web browser in under an hour, even on a relatively slow connection. With fast.com clocking me at about 450Kbps, but that normally throttles to 120Kbps for any transfer that lasts longer than ten seconds. And speedtest.net showing 0.8Mbps down and 0.2Mbps up. The down is normally faster, but it's the weekend. The service was originally sold as 2 megs. I asked if they were pretty, but never got a reply email.
Per the link from the OP, the only sane recovery is to re-install. Once compromised you don't know how they got in, or what they changed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.