View previous topic :: View next topic |
Author |
Message |
scotoma n00b
Joined: 07 Jan 2005 Posts: 39
|
Posted: Sat Jan 22, 2005 3:01 am Post subject: why no root? |
|
|
can someone help me understand the disadvantage of running as root all of the time? I was told to create an account that is not root to run under for most tasks, but why?
Thanks in advance! |
|
Back to top |
|
|
seank l33t
Joined: 08 Jul 2004 Posts: 686
|
Posted: Sat Jan 22, 2005 3:07 am Post subject: |
|
|
Well, first thing is you could make a mistake in the terminal and totally b0rk your system. Second thing would be that running programs that connect to the internet as root is quite dangerous. |
|
Back to top |
|
|
Riftwing Apprentice
Joined: 06 Oct 2002 Posts: 293
|
Posted: Sat Jan 22, 2005 3:46 am Post subject: |
|
|
It possible to exploit programs to have them crash to a prompt. Now if that program happens to being running as root, it will drop them into a root prompt and they will have root access to your computer. _________________ Good, bad, I'm the guy with the gun. - Ash, Army of Darkness |
|
Back to top |
|
|
Pink Veteran
Joined: 24 Jul 2003 Posts: 1062
|
Posted: Sat Jan 22, 2005 6:19 am Post subject: |
|
|
It is the fundamental difference between windows and linux (well, a badly configured windows anyway).
Root has access to every file on your hard drive - it can delete them, change them, move them and rename them. Get a 'virus' (I put that in inverted commas as I use the term loosely for descriptive purposes only) and with root access anything can happen - again, look what happens in Windows with a malicious prog: file deletions, renaming, adjusting and so on, a complete system comprimise.
A user only has access to those files that you allow. Usually users have write access (i.e. can change or delete them) only to those he/she created in their home directory. This would be a loss in a comprimised system, but hopefully a backup would have been made and no system damage would have been caused and if the malicious prog was not discovered, nothing serious could occur.
The other thing that linux has is groups. For example those users in a printer group (which can be created if it does not exist) would be able to print things - those not in the group would not. You can have a group for anything you like, such as accessing the internet and so on.
You should never have to log in as root either. I haven't in a couple of years. If I need to do something as 'root' such as install a programme I open a terminal, type in 'su' (for 'super user'), enter my root password and then install the prog (emerge progname) or compile a kernel or whatever. Then exit the terminal when that has finished.
See why having normal users is a safer and more secure way of doing things?
You are also bound to see people who say 'I've been using Linux since 1996 and I've always been root and never had a problem'. Don't listen or be concerned about what they do. I also know people who use windows and have never had a virus and I know people who don't wear seat belts in cars, neither of which I would recommend to anyone.
As you seem to be a newcomer to Linux may I say Welcome |
|
Back to top |
|
|
Vann Guru
Joined: 04 Aug 2002 Posts: 357
|
Posted: Sat Jan 22, 2005 6:55 am Post subject: |
|
|
Other people have mentioned the technical reasons, but there's another, often ignored issue. Using root as your primary login makes you lazy. You're apt to leave file strewn all about the filesystem, or alter things in inappropriate ways and then forget about them. This happens on Windows all the time, where someone's music/videos/whatever are in several locations on the hard drive. If you run as a normal user it forces a very minimal set of 'good behaviors' on you that will probably save you a lot of headache down the road. |
|
Back to top |
|
|
lightvhawk0 Guru
Joined: 07 Nov 2003 Posts: 388
|
|
Back to top |
|
|
/dev/random l33t
Joined: 26 Nov 2004 Posts: 704 Location: Austin, Texas, USA
|
Posted: Sat Jan 22, 2005 6:08 pm Post subject: |
|
|
PickledOnion wrote: |
You should never have to log in as root either. I haven't in a couple of years. If I need to do something as 'root' such as install a programme I open a terminal, type in 'su' (for 'super user'), enter my root password and then install the prog (emerge progname) or compile a kernel or whatever. Then exit the terminal when that has finished.
|
Ermm su stands for switch user I believe. Try su <some_user_name> and you'll see why i think that. |
|
Back to top |
|
|
scotoma n00b
Joined: 07 Jan 2005 Posts: 39
|
Posted: Sat Jan 22, 2005 6:17 pm Post subject: |
|
|
wow thanks for all the replies! Theres another thing I like about the linux community, they are so willing to teach those that wish to learn. Thanks! I will now actually use my alternate account. |
|
Back to top |
|
|
Athas Guru
Joined: 04 Sep 2003 Posts: 394 Location: Brøndby, Denmark
|
|
Back to top |
|
|
MaxDamage l33t
Joined: 03 Jan 2004 Posts: 650 Location: Oviedo, Spain
|
Posted: Sat Jan 22, 2005 11:44 pm Post subject: |
|
|
If you don't want to be writing the root password all the day, use sudo. You can make all the users in the wheel group be able to run apps as root. In a home system, is not such a big risk. _________________ La PDA de tungsteno |
|
Back to top |
|
|
Pink Veteran
Joined: 24 Jul 2003 Posts: 1062
|
Posted: Sun Jan 23, 2005 10:22 am Post subject: |
|
|
Athas wrote: | /dev/random wrote: | Ermm su stands for switch user |
I think the correct meaning is substitute user, since it substitutes the effective (not real) userid. |
Cool, learn something everyday |
|
Back to top |
|
|
Gherald Veteran
Joined: 23 Aug 2004 Posts: 1399 Location: CLUAConsole
|
Posted: Sun Jan 23, 2005 10:30 am Post subject: |
|
|
On my non-critical home machines, I like to uncomment this line in /etc/pam.d/su
Code: | # Uncomment this to allow users in the wheel group to su without
# entering a passwd.
auth sufficient /lib/security/pam_wheel.so use_uid trust |
Now you can su without a password. But only when you really need the root privs, of course. |
|
Back to top |
|
|
|