ok i've always heard that you should never run as root. a bunch of my friends want to know some of the reasons behind this. i know that when you are running some programs it makes you more vulnerable. i myself have always run as root for the 5 or 6 years that i have been using linux and i have never run into any problems with it. so lets open it up and give me some ideas so i can help out my friends, and maybe make the switch myself

Well, it's not bad, as long as you know exactly what you are doing all the time.

The whole reason behind not using the root account all the time, is because you then have total control over the entire system, and could inadvertently do bad things[tm].

One of the big Unix philosophies is giving you enough privilage to do what you need to do, and nothing more. I don't need to be root to surf the web, so why do it? If you need to install or configure something for the system, it only takes a moment to become root and do so. But running say a web browser, chat program, or other program (especially one that interfaces with the internet) can be dangerous.

That, and it makes viruses, worms, and other malicious logic a lot easier to take effect.

Originally posted by blobaugh
ok i've always heard that you should never run as root. a bunch of my friends want to know some of the reasons behind this.

Just a few things off the top of my head:

-Commands typed in error in the wrong directory (rm*) could potentially wipe out system files/config.
-Changes made to configurations become system wide, and if mistakes are made, it becomes a system wide problem.
-Using a browser or chat program when running as root puts the system at risk from hostile applets.

If your computer is single user, non-public, and isn't being used by others in your household sharing the same account, the risks of accidental system damage might be minimal.

However, if this is your work computer, or your family has access to it, you'd be insane to login as root. All sorts of deadly commands could be stored in your keyboard's backscroll. Just press 'up arrow' half a dozen times and then press 'return' in whatever directory you happen to be sitting in, and see what happens. Perhaps nothing? :rolleyes: Kind of like Russian Roulette though. Try it, and let me know.

My toddler loves to bang on my keyboard. Even in GUI, she's opened applications, filled the screen with garbage, and deleted things accidentally. Her destructive power knows no bounds. :D

Anyway, it's up to you. I can't think of a single good reason to be running a browser as root. Open a term, use su or sudo instead, do what you need to do, and exit.

- T.

Why wear a seatbelt when driving? You could drive around for 6-7 years without one, with no problems.......

Not running as root is about minimising the potential damage to your machine should something bad happen.

What about running programs such as wvdial? By default you need to be root to run them. Is that a good thing or a bad thing? I suppose it is good in a sense that no one can dial out from your machine as a normal user. But what about sitting as root when it's running?

Cheers

Originally posted by mrBen
Not running as root is about minimising the potential damage to your machine should something bad happen. That's an understatement, if Linux users were surfing the web as root all the time I'd think Linux would start to have as many remote root exploits as Windows (as opposed to currently most root exploits consist of requiriing local physical access)

Just like with seat belts, it should be

"Not just a good idea, it's that Law" :D

Originally posted by Arjay
What about running programs such as wvdial? By default you need to be root to run them. Is that a good thing or a bad thing? I suppose it is good in a sense that no one can dial out from your machine as a normal user. But what about sitting as root when it's running?

Cheers

You don't need to be root to run wvdial (at least, on most systems I have used it on). But you do need to ensure that your user has been added to the appropriate group. Certainly Debian works this way - many of the external devices are owned by user root, but by another group to which you can add your user in order to be able to use that device.

I don't like to be a normal user because sometimes i need to do something then it's "you need to be the root" or " you do not have permision" so it's kind of anoying to logout then log back on as the root. so i've been running root for a wile, but just to make sure i don't touch any important folders or files.

~sbbath

Originally posted by Sbbath
I don't like to be a normal user because sometimes i need to do something then it's "you need to be the root" or " you do not have permision" so it's kind of anoying to logout then log back on as the root. so i've been running root for a wile, but just to make sure i don't touch any important folders or files.

~sbbath

The problem is, one day you will forget, and you will break your system.

Either that, or you will get rooted by someone unscrupulous.

People don't say this to be anal, or traditional, or anything like that. They do it because it is a good thing to do, and because they have learned from their mistakes in the past. One of the main security issues with Windows is because of running always as root.

Again - seatbelt analogy: just because _you_ always drive safely, still doesn't mean that you can stop wearing a seatbelt, because there are hundreds of other drivers on the road. Worse, on the internet there are hundreds of people who will deliberate try to 'drive into you'.

Originally posted by Sbbath
I don't like to be a normal user because sometimes i need to do something then it's "you need to be the root" or " you do not have permision" so it's kind of anoying to logout then log back on as the root. so i've been running root for a wile, but just to make sure i don't touch any important folders or files.

~sbbath

You don't have to log out of your user, and then log in as root in a GUI to do something like that. If you need to run a console command, just become root by typing

su -

and then entering your password. If you need a graphical program, it can become more dificult, but at least in kde there is a program called kdesu, which can be used to become root to run a GUI as root.

kdesu <name of program you need to run as root>

gksu <command>

GUI su for the rest of us.

Well the thing with the su commmand i can't get it to work, sorry i forgot to mension that in my last post. Everytime i su it comes up acess denied. I don't know why, i mean i enter the password correctly, but i might be doing something wrong, dose anyone know what or why? I still use that normal user but i use root more because of the command problem

~sbbath

http://www.courtesan.com/sudo/
Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while logging the commands and arguments.

Might need to install this.

Add the user to the "wheel" group. Hopefully there is a "wheel" group present.

Couple tricks I use when I install Linux on someone computer. I grab the usual 'System--FileManager Super User Mode' and drag it to the desktop. It prompts for the superuser password, and you can navigate to anywhere on the system, right click on any file, open with VIM, VI, whatever to make your changes.

For apps that I use a lot that need root, you can drag the application icon to the desktop. If you then right click on properties, you can select 'Launch as a different user' and enter root. When you run it, it prompts for the root password and you are good to go. This is most helpful with Suse because the DISPLAY variable is not set when you su to root in a console, so it is always a pain,

xhost + localhost
su - root
export DISPLAY=localhost:0.0

The above doesn't require this.

One friend I have took to using the super user file manager for all tasks. It was great, never a permission problem, could always do anything, including accidentally deleting most everything off his second hard drive. When he called and asked how he recovers it, I told him you go back in time and don't use the file manager I told you never to use unless you need to.

I guess in this case, running root is about the same as how most run windows as admin. You can do anything, including hosing your system with little effort. The choice, however, is always up to you.

hlrguy

# su root

and type in a password. nice and easy really.

Originally posted by Lucas_Maximus
# su root root is going to su to root? odd :)

$ su -
much easier and even loads roots .bashrc and sets the environment so /sbin and /usr/sbin are in the $PATH ;)

Originally posted by Icarus
root is going to su to root? odd :)

$ su -
much easier and even loads roots .bashrc and sets the environment so /sbin and /usr/sbin are in the $PATH ;)

Both my root and my normal user's .bashrc are identical except for the # at the end of my PS1 statement.

Would it be better to exclude the /sbin and /usr/sbin directories from my normal user's path?

Also, and I guess due to the environment I set for myself, I wasn't aware that plain su without the - didn't load root's .bashrc. I learn something new everyday :)

This is why you don't run as root:

http://www.linuxmafia.com/~rick/faq/index.php?page=virus#virus

See objection number 3 in that whole huge section.

Originally posted by tlyons

My toddler loves to bang on my keyboard. Even in GUI, she's opened applications, filled the screen with garbage, and deleted things accidentally. Her destructive power knows no bounds. :D


I game my toddler his own account, that we can log him into whenever he wants to bang. That way he can't mess up any of our personal settings or delete our documents.
We almost have him using the "Potato Guy" game that comes with KDE.

Originally posted by Pafnoutios
I game my toddler his own account, that we can log him into whenever he wants to bang.

That makes sense. I made mine a Pentium Pro 200 out of spare parts and a computer my neighbour threw out, but she'd still rather play with Daddy's computer.

Daddy doesn't login as root though, so no worries.

This keyboard, however, might have it's lifespan significantly reduced. :D

- T.

Originally posted by Icarus
root is going to su to root? odd :)

$ su -
much easier and even loads roots .bashrc and sets the environment so /sbin and /usr/sbin are in the $PATH ;)

yeah okay i put the # so people would know it was code. :)

I sometimes go into root to deal with permission problems in a GUI way. I used to do it a lot before I found out about su, and started to get comfortable with the command line. I've never done any damage, but I've always been aware of the risks, and I've always followed the rules.

The rules for logging into root are:

1. Have a good reason for doing it
2. Know what you're doing.
3. Don't do anything else while you're in there.
4. In and out ASAP

To which I would add the two cardinal rules:
1. Back up your data
2. Know how to reinstall your system

Logging in as root can be a versatile if dangerous tool for a beginner who doesn't know a better way to get things done-- but always follow the rules!

On my system, whenever I bootup(which is pretty rare), I always start a separate xterm just for root. And I leave it running, Always.(no other users on this comp)

I've found that this is the most efficient way for me to quickly access root(which is suprisingly often) with Very limited risk. The only real risk is local, but then again, anyone with physical access to your machine is already a threat.