Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi Charles, with the understanding that "root can do ANYTHING!" let me ask you:
Does your screensaver need root privileges?
Does your clock applet need root privileges?
Does your music jukebox need root privileges?
Does your sudoku game need root privileges?
Various people will give different answers---here is mine only: The GUI environment makes things easy---dragging files to copy, move, delete, etc.---. That means that is also makes it easy to do BAD things. If I am in a terminal, I tend to think more like an admin---even if I have not switched to root.
So---yes, it is not a good idea (But I have KDM set to allow root login.)
I think that if you happen to be the only user, as I am, there is no reason to set root logins to false. Unless you have a habit of either doing unwise things or logging in as root inadverdently, surely you can trust yourself to stay out of root. Is it really necessary to hide root from yourself?
I think that if you happen to be the only user, as I am, there is no reason to set root logins to false. Unless you have a habit of either doing unwise things or logging in as root inadverdently, surely you can trust yourself to stay out of root. Is it really necessary to hide root from yourself?
It is not about preventing freedom... it is about providing a "sane default."
I wasn't wanting to start up the old debate about why we should or should not work as root.
I wanted to know what are the specific dangers of running GUI/desktop as root. Is it any more dangerous than using root at the command line?
In the Windows world, sysadmins of corporate trees of domains -- responsible for perhaps tens of thousands of servers and workstations around the globe -- routinely work from a GUI/desktop without AFAIK frequent disasters. Is there something about Linux GUI/desktops that makes them less secure than Windows?
It happens so often that someone posts about never using a GUI/desktop as root and usually get a few sage nods of agreement. Maybe it's good advice; I'd just like to know "why?"
I wanted to know what are the specific dangers of running GUI/desktop as root. Is it any more dangerous than using root at the command line?
Yes. See post #2. When you log in as root, every single application and process, from your sudoku game to your instant messenger, has complete and unrestricted access to make system-wide changes affecting all users, with no prompt to the user.
To give one specific example, if you browse the web while logged in as root, then a malicious webpage has full and complete access to your machine. If you are logged in as a regular user, only your /home is compromised.
To me, the question is not "why would you not surf the web as root?" but "why would you surf the web as root?"
A way I've always found best to describe it, much to some people's annoyance, is to compare it to Windows XP:
Root is like Administrator - he can do anything and everything, without a care in the world. If someone gets hold of your root password and can log in, so can they.
Normal users are like the limited users on XP, with the exception that they can use su/sudo/gksu/kdesu so run commands with root privileges as necessary. (And they don't have the screwed up XP file permissions, but that's hardly relevent.)
Yes. See post #2. When you log in as root, every single application and process, from your sudoku game to your instant messenger, has complete and unrestricted access to make system-wide changes affecting all users, with no prompt to the user.
To give one specific example, if you browse the web while logged in as root, then a malicious webpage has full and complete access to your machine. If you are logged in as a regular user, only your /home is compromised.
To me, the question is not "why would you not surf the web as root?" but "why would you surf the web as root?"
Ah, thank you -- the penny is beginning to drop <== closest smiley we have to a penny.
It hadn't crossed my mind to access the Infernet as root! That would be unthinkably insecure I was only thinking of running sysadmin tools like a local file browser ...
To give one specific example, if you browse the web while logged in as root, then a malicious webpage has full and complete access to your machine. If you are logged in as a regular user, only your /home is compromised.
For the longest time the really big danger/dumb thing was to irc as root.
Irc clients tend to be worse than web-browsers when it comes to security stuff
Some irc servers will kick you out with a nasty message to educate yourself if you try and connect as root even.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.