View previous topic :: View next topic |
Author |
Message |
Nkill n00b
Joined: 22 Apr 2003 Posts: 32
|
Posted: Wed Jun 04, 2003 2:27 am Post subject: Is running as root bad? |
|
|
I running as root all the time bad? |
|
Back to top |
|
|
handsomepete Guru
Joined: 21 Apr 2002 Posts: 548 Location: Kansas City, MO
|
Posted: Wed Jun 04, 2003 2:29 am Post subject: |
|
|
Yep. |
|
Back to top |
|
|
idl Retired Dev
Joined: 24 Dec 2002 Posts: 1728 Location: Nottingham, UK
|
Posted: Wed Jun 04, 2003 2:38 am Post subject: |
|
|
It can be...
I run as root all the time, don't even have a normal user account. I feel confident I have enough knowledge and experience to be able to run as root for normal use. _________________ a.k.a port001
Found a bug? Please report it: Gentoo Bugzilla |
|
Back to top |
|
|
nero n00b
Joined: 08 Aug 2002 Posts: 66
|
Posted: Wed Jun 04, 2003 3:00 am Post subject: |
|
|
port001 wrote: | I feel confident I have enough knowledge and experience to be able to run as root for normal use. |
I too feel confident enough to run as root all the time, however there are things that I will not run as root. I wouldn't run network appliications as root ( irssi, gaim, X ), or services for that matter. If someone happens to exploit one of these programs remotely, they will not have root access (without some extra work.) |
|
Back to top |
|
|
drexelslacker n00b
Joined: 01 May 2003 Posts: 7
|
Posted: Wed Jun 04, 2003 3:14 am Post subject: You should never run as root... |
|
|
Though some people might say running as root is no big deal, you'll find that most people, especially those who are unix/linux veterens, proclaim that you should never run as root for daily use. The only time I ever run as root is to do emerges and other system maintence. Even then, I usually use su instead of a normal root login. The reason for this was partially explained in an earlier post. If someone happens to find there way onto your system (since you're connected to the internet) it is much easier for them to take control and exploit your system (usually referred to as "rooting" the system). It's also bad from the "oh shit" standpoint. Occasionally, you wind up typing a rogue command at the shell prompt (think rm -rf /) and if you're root, you just blew away your whole system, a normal user could never do that. There are a plethora of other reasons, but I won't go into all of them here. You should look into adding a user account for yourself and anyone else using your system. The first post summed it up in one word. The naswer to your question: Yep.
DrexelSlacker |
|
Back to top |
|
|
elzbal Guru
Joined: 31 Aug 2002 Posts: 364 Location: Seattle, WA, USA
|
Posted: Wed Jun 04, 2003 3:15 am Post subject: |
|
|
The generally accepted answer is that users should not run as root - there are too many opportunities to screw things up. What happens if my mouse slips in konqueror/nautilis and I accidentally move '/etc' into '/usr', or (even worse) '/usr' into '/opt'? Or I accidentally type a foolish command (i.e. 'rm -r *' when I am at '/', not at the '/root/mydocs/trash/' directory like I thought I was)? I myself do not run as root, even though I am the only individual on the machine.
As another poster suggested, if there are any security holes in user-run network applications (gaim, X, etc), and there will be holes, even if they haven't been found yet, then that provides an attacker an easy way into your system as 'root'. Running those as a user provides a bit of protection.
(Edited: Grammar) |
|
Back to top |
|
|
aja l33t
Joined: 26 Aug 2002 Posts: 705 Location: Edmonton, Canada
|
Posted: Wed Jun 04, 2003 3:48 am Post subject: |
|
|
port001 wrote: |
I run as root all the time, don't even have a normal user account. I feel confident I have enough knowledge and experience to be able to run as root for normal use. |
If there's one thing I know how to do, it's driiiive when I'm stoned.... |
|
Back to top |
|
|
Diezel l33t
Joined: 04 Feb 2003 Posts: 600 Location: Karjaa, Finland
|
Posted: Wed Jun 04, 2003 4:25 am Post subject: |
|
|
My opinion is don't run as root, that way you wont have any small accidents. It's not a big deal to type su and your root password in a terminal to switch to root user.
Besides, for me it works great because all settings I make I make them in files never in gui. _________________ A bus station is where a bus stops, a train station is where a train stops. On
my desk I have a work station..
Nixadmins.net
FLUG member 473 |
|
Back to top |
|
|
idl Retired Dev
Joined: 24 Dec 2002 Posts: 1728 Location: Nottingham, UK
|
Posted: Wed Jun 04, 2003 4:31 am Post subject: |
|
|
nero wrote: | port001 wrote: | I feel confident I have enough knowledge and experience to be able to run as root for normal use. |
I too feel confident enough to run as root all the time, however there are things that I will not run as root. I wouldn't run network appliications as root ( irssi, gaim, X ), or services for that matter. If someone happens to exploit one of these programs remotely, they will not have root access (without some extra work.) |
Well X isn't a problem seen as its configured not to listen for connections. Xchat and gaim on the other hand are mature(ing) projects and most if not all holes have been fixed at this point, thats not to say there won't be holes in the future. I'm confident that Xchat and Gaim aren't going to allow crackers access to my system, but thats a matter of individual trust. If it were a new program just reaching beta, I would think twice about letting it run as root.
It also depends on what you use your system for and how heavily you depend on it. I personaly have run ~x86 with extreme cflags since I installed Gentoo, because I like to generaly play and fart about with my computer. If I were indeed rooted and rm -rf /'ed it wouldn't be of any significant loss to me.
As for the risk of rm -rf /'ing myself its a risk I live with. I infact wiped a windows partition by doing rm -rf / and forgot to umount the partition a few years back. But you learn from mistakes and I'm more carefull now.
Take *Note the space between / and somedir
This would never happen to me because I use TAB so intensivley, the dir name would never auto-complete because of the space.
Having to su all the time annoys the hell out of me aswell. _________________ a.k.a port001
Found a bug? Please report it: Gentoo Bugzilla |
|
Back to top |
|
|
Krookednek Tux's lil' helper
Joined: 20 Feb 2003 Posts: 78
|
Posted: Wed Jun 04, 2003 5:45 am Post subject: |
|
|
I wouldnt unless you trust yourself enough to not bork your entire system. I know I dont trust myself enough, because I know I have been saved a few times but not being logged in as root and actually realzing what I just typed . _________________ Linux n00b, beware! |
|
Back to top |
|
|
hook Veteran
Joined: 23 Oct 2002 Posts: 1398 Location: Ljubljana, Slovenia
|
Posted: Wed Jun 04, 2003 10:36 am Post subject: |
|
|
let's see...
being root gives you power to do anything on your *NIX-box
being user enables you to use "only" the thing you need to
if you make a typo like "rm -rf / home/user/dir", you fucked up for good
if you make the same typo as a user you'd probably get a message telling you that you're not alowed to remove /
...i think that more or less sorts it ...but it's always your decision
me? i use su when i really need root access, and log as root only if i intend to use several consoles using root because i have to do something that requires a lot of time in root
plus i always use a long and complicated (to type) password for root access ...that'll prevent you (it did me) from logging automatically as root, after your install _________________ tea+free software+law=hook
(deep inside i'm still a tux's little helper)
Last edited by hook on Wed Jun 04, 2003 10:38 am; edited 1 time in total |
|
Back to top |
|
|
mvr_rennes Apprentice
Joined: 23 Oct 2002 Posts: 155
|
Posted: Wed Jun 04, 2003 10:36 am Post subject: |
|
|
Put it simple, it's not bad... it's EVIL!! (and plain stupid)
(To the ones who run as root, I don't mean to flame.)
My point is that if you have properly configured your system, you don't need to run as root. At most, you could add yourself as a sudoer for certain often-used commands, but again, typing su is not _that_ hard, is it?
Play it safe
M |
|
Back to top |
|
|
Raoul_Duke l33t
Joined: 15 Dec 2002 Posts: 694 Location: Caerdydd, Wales
|
Posted: Wed Jun 04, 2003 10:44 am Post subject: |
|
|
What's actually the benifit of running as root 24/7.........not a flame, just don't understnd _________________ www.iamthepenguin.com |
|
Back to top |
|
|
jondkent Apprentice
Joined: 26 Jul 2002 Posts: 289 Location: London
|
Posted: Wed Jun 04, 2003 11:31 am Post subject: |
|
|
I rarely ever su to root, even for emerging stuff and I only ever log in as root is the system has a problem. Tend to use sudo is I want to run something as root , mainly because I lazy and can't be bothered to run su -, enter passwd and then run command, sudo is easier.
Jon |
|
Back to top |
|
|
pizen Apprentice
Joined: 23 Jun 2002 Posts: 213 Location: Atlanta, GA, USA
|
Posted: Wed Jun 04, 2003 1:14 pm Post subject: |
|
|
When you su you should really use "su -" because it loads the user's environment like it was a normal login. This means you get dumped in the proper home directory and the environment variables are set up correctly (like adding /sbin to the $PATH for root). |
|
Back to top |
|
|
elzbal Guru
Joined: 31 Aug 2002 Posts: 364 Location: Seattle, WA, USA
|
Posted: Wed Jun 04, 2003 1:25 pm Post subject: |
|
|
Raoul_Duke wrote: | What's actually the benifit of running as root 24/7.........not a flame, just don't understnd |
If I run as a user and want to emerge something or perform other kinds of maintainance, I can't just type my commands - I need to go through the bother of su'ing up to root. Or maybe I want to be able to seriously manipulate things through a gui tool (konqueror, nautilus, etc - I wouldn't use these but some folks would) and don't want to bother with the grant-X-permissions-with-xhost/su/set-display/launch-app-from-command-line stuff. In short, running as root all the time gives you easy access to admin functions. I can appreciate that - I tend to use passwords on the order of 16 characters, and it's easy to mess up a couple of times before getting the password right.
However, for me, I choose to run as a user. As I mentioned before, I think it's just too easy to mess up - i.e. accidentally click when moving the mouse over a Nautilus/Konq screen and moving '/usr' into '/opt'. I've personally done the accidental click-drag before, especially early in the morning before my coffee (although that scenario has never happened to me - I don't run as root - the few times I've done this it's been more harmless stuff).
For the record, I think they've added the ability for normal users to emerge things now... just add yourself to the 'portage' group. I haven't messed with this yet, though. |
|
Back to top |
|
|
Raoul_Duke l33t
Joined: 15 Dec 2002 Posts: 694 Location: Caerdydd, Wales
|
Posted: Wed Jun 04, 2003 6:23 pm Post subject: |
|
|
Idd, also KDE gives the option to run konqueror as root _________________ www.iamthepenguin.com |
|
Back to top |
|
|
BennyP Guru
Joined: 09 May 2003 Posts: 503 Location: Jerusalem, Israel
|
Posted: Wed Jun 04, 2003 6:33 pm Post subject: |
|
|
I run as a user for the simple reason that I'm waaay too careless to be running as root and i don't feel like reinstalling my whole system or wiping up some nasty mess on my gentoo box.
suing is a pain in the ass for sure, especially when you don't know how to do all that Quote: | grant-X-permissions-with-xhost/su/set-display/launch-app-from-command-line |
business (which i dont). but it's a small price to pay for knowing that your machine is taking decent care of itself.
i just have one question, How can i set a program (i.e. tkpppoe) to launch as root form the fluxbox menu _________________ Could it be? |
|
Back to top |
|
|
MasonMouse Tux's lil' helper
Joined: 26 Nov 2002 Posts: 146 Location: Texas, USA
|
Posted: Wed Jun 04, 2003 7:06 pm Post subject: |
|
|
I run as root all the time because it's too much of a pain to administrate a system otherwise. You have to be constantly logging back in as root and trying to set up proper permissions for everything and trying to run GUI programs as root while you're logged in as a user is just a big pain in the tail. I've been doing this for *years* on many computers and have yet to ever have anything bad to happen. I'm sure people will reply "It's only a matter of time." Well, I'm sure it's only a matter of time before a hard drive fails or a power surge kills something or a poorly written program blows away a partition... I work on realities, not what-ifs.
I guess it all boils down to personal perference.
(This all assumes you're the only user on your system which has always been the case for me.) |
|
Back to top |
|
|
pizen Apprentice
Joined: 23 Jun 2002 Posts: 213 Location: Atlanta, GA, USA
|
Posted: Wed Jun 04, 2003 7:28 pm Post subject: |
|
|
Appropriate Chris Rock quotation for this thread.
Chris Rock wrote: | You can drive a car with your feet if you want to...but that don't make it a good f*cking idea. |
|
|
Back to top |
|
|
idl Retired Dev
Joined: 24 Dec 2002 Posts: 1728 Location: Nottingham, UK
|
Posted: Wed Jun 04, 2003 8:05 pm Post subject: |
|
|
pizen wrote: | Appropriate Chris Rock quotation for this thread.
Chris Rock wrote: | You can drive a car with your feet if you want to...but that don't make it a good f*cking idea. |
|
I don't know what kind of car hes been driving, but most cars these days are driven by your feet _________________ a.k.a port001
Found a bug? Please report it: Gentoo Bugzilla |
|
Back to top |
|
|
Jimbow Guru
Joined: 18 Feb 2003 Posts: 597 Location: Silver City, NM
|
Posted: Wed Jun 04, 2003 8:30 pm Post subject: |
|
|
When I started using Linux (many years ago) I tended to always run as root. I don't don't do that anymore. I do not believe anyone who says that they are smart enough/careful enough/experienced enough to always run as root. Every person I know who is smart or careful or experienced does not run as root.
I do agree with the complaint that it is a huge pain to have to "su -" and enter the root password every time I want to do something as root. There is a very easy solution for this problem. Emerge sudo. It lets you run programs as root. The default setup is to ask you for your user password the first time you use sudo. After that it will ask again after X minutes (15?) of not using sudo. I have mine set up so it never asks for the password.
To make my life even easier, I've added some aliases and functions in my .bashrc that envoke sudo automatically: Code: | export PATH="${PATH}:/sbin:/usr/sbin"
alias kern='snice make dep && snice make clean bzImage modules modules_install && s
merge alsa'
alias smerge='snice emerge'
alias snice='sudo nice -n 5'
alias suedit='sudo xemacs -nw'
alias vlog='sudo less /var/log/everything/current'
alias glog='sudo cat /var/log/everything/current | grep'
alias vlogtail='sudo tail -f /var/log/everything/current'
alias xsmerge='ACCEPT_KEYWORDS="~x86" snice emerge'
etc-init () { sudo /etc/init.d/$1 $2; } |
I've also got a button on my KDE task bar that opens up "sudo xemacs /etc" and I've added /sbin and /usr/sbin to my path.
There are times and situations when I do run as root. For example when I am doing the initial install I always run as root. If I am doing a series of tasks that require root access (usually from a console screen not an xterm) or if I need to cd to a directory that only root can access I will run as root. _________________ After Perl everything else is just assembly language. |
|
Back to top |
|
|
Ben2040 Guru
Joined: 07 May 2003 Posts: 445 Location: UK
|
Posted: Wed Jun 04, 2003 8:33 pm Post subject: |
|
|
Quote: |
I don't know what kind of car hes been driving, but most cars these days are driven by your feet
|
I myself just use su to run emerge, chmod, chown, chgrp etc and if I need to run an Xapp as root, which isn't very often now as many apps give you the option to input a password for root permissions anyway, I just logout. I'd say use regular user and su until you feel more confident about using the CLI (Lethal Weapon)
Ben |
|
Back to top |
|
|
Ben2040 Guru
Joined: 07 May 2003 Posts: 445 Location: UK
|
Posted: Wed Jun 04, 2003 8:34 pm Post subject: |
|
|
Quote: |
I don't know what kind of car hes been driving, but most cars these days are driven by your feet
|
I myself just use su to run emerge, chmod, chown, chgrp etc and if I need to run an Xapp as root, which isn't very often now as many apps give you the option to input a password for root permissions anyway, I just logout. I'd say use regular user and su until you feel more confident about using the CLI (Lethal Weapon)
Ben |
|
Back to top |
|
|
Genone Retired Dev
Joined: 14 Mar 2003 Posts: 9610 Location: beyond the rim
|
Posted: Fri Jun 06, 2003 8:47 pm Post subject: |
|
|
port001 wrote: | Well X isn't a problem seen as its configured not to listen for connections. Xchat and gaim on the other hand are mature(ing) projects and most if not all holes have been fixed at this point, thats not to say there won't be holes in the future. I'm confident that Xchat and Gaim aren't going to allow crackers access to my system, but thats a matter of individual trust. If it were a new program just reaching beta, I would think twice about letting it run as root. |
Well, sendmail exists for over a decade and they still discover security holes. |
|
Back to top |
|
|
|