Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Is running as root bad?
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3  Next  
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
Nkill
n00b
n00b


Joined: 22 Apr 2003
Posts: 32

PostPosted: Wed Jun 04, 2003 2:27 am    Post subject: Is running as root bad? Reply with quote

I running as root all the time bad?
Back to top
View user's profile Send private message
handsomepete
Guru
Guru


Joined: 21 Apr 2002
Posts: 548
Location: Kansas City, MO

PostPosted: Wed Jun 04, 2003 2:29 am    Post subject: Reply with quote

Yep.
Back to top
View user's profile Send private message
idl
Retired Dev
Retired Dev


Joined: 24 Dec 2002
Posts: 1728
Location: Nottingham, UK

PostPosted: Wed Jun 04, 2003 2:38 am    Post subject: Reply with quote

It can be...

I run as root all the time, don't even have a normal user account. I feel confident I have enough knowledge and experience to be able to run as root for normal use.
_________________
a.k.a port001
Found a bug? Please report it: Gentoo Bugzilla
Back to top
View user's profile Send private message
nero
n00b
n00b


Joined: 08 Aug 2002
Posts: 66

PostPosted: Wed Jun 04, 2003 3:00 am    Post subject: Reply with quote

port001 wrote:
I feel confident I have enough knowledge and experience to be able to run as root for normal use.

I too feel confident enough to run as root all the time, however there are things that I will not run as root. I wouldn't run network appliications as root ( irssi, gaim, X ), or services for that matter. If someone happens to exploit one of these programs remotely, they will not have root access (without some extra work.)
Back to top
View user's profile Send private message
drexelslacker
n00b
n00b


Joined: 01 May 2003
Posts: 7

PostPosted: Wed Jun 04, 2003 3:14 am    Post subject: You should never run as root... Reply with quote

Though some people might say running as root is no big deal, you'll find that most people, especially those who are unix/linux veterens, proclaim that you should never run as root for daily use. The only time I ever run as root is to do emerges and other system maintence. Even then, I usually use su instead of a normal root login. The reason for this was partially explained in an earlier post. If someone happens to find there way onto your system (since you're connected to the internet) it is much easier for them to take control and exploit your system (usually referred to as "rooting" the system). It's also bad from the "oh shit" standpoint. Occasionally, you wind up typing a rogue command at the shell prompt (think rm -rf /) and if you're root, you just blew away your whole system, a normal user could never do that. There are a plethora of other reasons, but I won't go into all of them here. You should look into adding a user account for yourself and anyone else using your system. The first post summed it up in one word. The naswer to your question: Yep.

DrexelSlacker
Back to top
View user's profile Send private message
elzbal
Guru
Guru


Joined: 31 Aug 2002
Posts: 364
Location: Seattle, WA, USA

PostPosted: Wed Jun 04, 2003 3:15 am    Post subject: Reply with quote

The generally accepted answer is that users should not run as root - there are too many opportunities to screw things up. What happens if my mouse slips in konqueror/nautilis and I accidentally move '/etc' into '/usr', or (even worse) '/usr' into '/opt'? Or I accidentally type a foolish command (i.e. 'rm -r *' when I am at '/', not at the '/root/mydocs/trash/' directory like I thought I was)? I myself do not run as root, even though I am the only individual on the machine.

As another poster suggested, if there are any security holes in user-run network applications (gaim, X, etc), and there will be holes, even if they haven't been found yet, then that provides an attacker an easy way into your system as 'root'. Running those as a user provides a bit of protection.

(Edited: Grammar)
Back to top
View user's profile Send private message
aja
l33t
l33t


Joined: 26 Aug 2002
Posts: 705
Location: Edmonton, Canada

PostPosted: Wed Jun 04, 2003 3:48 am    Post subject: Reply with quote

port001 wrote:

I run as root all the time, don't even have a normal user account. I feel confident I have enough knowledge and experience to be able to run as root for normal use.


If there's one thing I know how to do, it's driiiive when I'm stoned....
Back to top
View user's profile Send private message
Diezel
l33t
l33t


Joined: 04 Feb 2003
Posts: 600
Location: Karjaa, Finland

PostPosted: Wed Jun 04, 2003 4:25 am    Post subject: Reply with quote

My opinion is don't run as root, that way you wont have any small accidents. It's not a big deal to type su and your root password in a terminal to switch to root user.
Besides, for me it works great because all settings I make I make them in files never in gui.
_________________
A bus station is where a bus stops, a train station is where a train stops. On
my desk I have a work station..
Nixadmins.net
FLUG member 473
Back to top
View user's profile Send private message
idl
Retired Dev
Retired Dev


Joined: 24 Dec 2002
Posts: 1728
Location: Nottingham, UK

PostPosted: Wed Jun 04, 2003 4:31 am    Post subject: Reply with quote

nero wrote:
port001 wrote:
I feel confident I have enough knowledge and experience to be able to run as root for normal use.

I too feel confident enough to run as root all the time, however there are things that I will not run as root. I wouldn't run network appliications as root ( irssi, gaim, X ), or services for that matter. If someone happens to exploit one of these programs remotely, they will not have root access (without some extra work.)


Well X isn't a problem seen as its configured not to listen for connections. Xchat and gaim on the other hand are mature(ing) projects and most if not all holes have been fixed at this point, thats not to say there won't be holes in the future. I'm confident that Xchat and Gaim aren't going to allow crackers access to my system, but thats a matter of individual trust. If it were a new program just reaching beta, I would think twice about letting it run as root.

It also depends on what you use your system for and how heavily you depend on it. I personaly have run ~x86 with extreme cflags since I installed Gentoo, because I like to generaly play and fart about with my computer. If I were indeed rooted and rm -rf /'ed it wouldn't be of any significant loss to me.

As for the risk of rm -rf /'ing myself its a risk I live with. I infact wiped a windows partition by doing rm -rf / and forgot to umount the partition a few years back. But you learn from mistakes and I'm more carefull now.
Take
Code:
rm -rf / somedir
*Note the space between / and somedir
This would never happen to me because I use TAB so intensivley, the dir name would never auto-complete because of the space.

Having to su all the time annoys the hell out of me aswell.
_________________
a.k.a port001
Found a bug? Please report it: Gentoo Bugzilla
Back to top
View user's profile Send private message
Krookednek
Tux's lil' helper
Tux's lil' helper


Joined: 20 Feb 2003
Posts: 78

PostPosted: Wed Jun 04, 2003 5:45 am    Post subject: Reply with quote

I wouldnt unless you trust yourself enough to not bork your entire system. I know I dont trust myself enough, because I know I have been saved a few times but not being logged in as root and actually realzing what I just typed :).
_________________
Linux n00b, beware!
Back to top
View user's profile Send private message
hook
Veteran
Veteran


Joined: 23 Oct 2002
Posts: 1398
Location: Ljubljana, Slovenia

PostPosted: Wed Jun 04, 2003 10:36 am    Post subject: Reply with quote

let's see...

being root gives you power to do anything on your *NIX-box
being user enables you to use "only" the thing you need to

if you make a typo like "rm -rf / home/user/dir", you fucked up for good
if you make the same typo as a user you'd probably get a message telling you that you're not alowed to remove /

...i think that more or less sorts it ...but it's always your decision

me? i use su when i really need root access, and log as root only if i intend to use several consoles using root because i have to do something that requires a lot of time in root
plus i always use a long and complicated (to type) password for root access ...that'll prevent you (it did me) from logging automatically as root, after your install
_________________
tea+free software+law=hook

(deep inside i'm still a tux's little helper)


Last edited by hook on Wed Jun 04, 2003 10:38 am; edited 1 time in total
Back to top
View user's profile Send private message
mvr_rennes
Apprentice
Apprentice


Joined: 23 Oct 2002
Posts: 155

PostPosted: Wed Jun 04, 2003 10:36 am    Post subject: Reply with quote

Put it simple, it's not bad... it's EVIL!!:evil: (and plain stupid)
(To the ones who run as root, I don't mean to flame.)
My point is that if you have properly configured your system, you don't need to run as root. At most, you could add yourself as a sudoer for certain often-used commands, but again, typing su is not _that_ hard, is it?
Play it safe ;)
M
Back to top
View user's profile Send private message
Raoul_Duke
l33t
l33t


Joined: 15 Dec 2002
Posts: 694
Location: Caerdydd, Wales

PostPosted: Wed Jun 04, 2003 10:44 am    Post subject: Reply with quote

What's actually the benifit of running as root 24/7.........not a flame, just don't understnd :?:
_________________
www.iamthepenguin.com
Back to top
View user's profile Send private message
jondkent
Apprentice
Apprentice


Joined: 26 Jul 2002
Posts: 289
Location: London

PostPosted: Wed Jun 04, 2003 11:31 am    Post subject: Reply with quote

I rarely ever su to root, even for emerging stuff and I only ever log in as root is the system has a problem. Tend to use sudo is I want to run something as root , mainly because I lazy and can't be bothered to run su -, enter passwd and then run command, sudo is easier.

Jon
Back to top
View user's profile Send private message
pizen
Apprentice
Apprentice


Joined: 23 Jun 2002
Posts: 213
Location: Atlanta, GA, USA

PostPosted: Wed Jun 04, 2003 1:14 pm    Post subject: Reply with quote

When you su you should really use "su -" because it loads the user's environment like it was a normal login. This means you get dumped in the proper home directory and the environment variables are set up correctly (like adding /sbin to the $PATH for root).
Back to top
View user's profile Send private message
elzbal
Guru
Guru


Joined: 31 Aug 2002
Posts: 364
Location: Seattle, WA, USA

PostPosted: Wed Jun 04, 2003 1:25 pm    Post subject: Reply with quote

Raoul_Duke wrote:
What's actually the benifit of running as root 24/7.........not a flame, just don't understnd :?:


If I run as a user and want to emerge something or perform other kinds of maintainance, I can't just type my commands - I need to go through the bother of su'ing up to root. Or maybe I want to be able to seriously manipulate things through a gui tool (konqueror, nautilus, etc - I wouldn't use these but some folks would) and don't want to bother with the grant-X-permissions-with-xhost/su/set-display/launch-app-from-command-line stuff. In short, running as root all the time gives you easy access to admin functions. I can appreciate that - I tend to use passwords on the order of 16 characters, and it's easy to mess up a couple of times before getting the password right.

However, for me, I choose to run as a user. As I mentioned before, I think it's just too easy to mess up - i.e. accidentally click when moving the mouse over a Nautilus/Konq screen and moving '/usr' into '/opt'. I've personally done the accidental click-drag before, especially early in the morning before my coffee (although that scenario has never happened to me - I don't run as root - the few times I've done this it's been more harmless stuff).

For the record, I think they've added the ability for normal users to emerge things now... just add yourself to the 'portage' group. I haven't messed with this yet, though.
Back to top
View user's profile Send private message
Raoul_Duke
l33t
l33t


Joined: 15 Dec 2002
Posts: 694
Location: Caerdydd, Wales

PostPosted: Wed Jun 04, 2003 6:23 pm    Post subject: Reply with quote

Idd, also KDE gives the option to run konqueror as root :P
_________________
www.iamthepenguin.com
Back to top
View user's profile Send private message
BennyP
Guru
Guru


Joined: 09 May 2003
Posts: 503
Location: Jerusalem, Israel

PostPosted: Wed Jun 04, 2003 6:33 pm    Post subject: Reply with quote

I run as a user for the simple reason that I'm waaay too careless to be running as root and i don't feel like reinstalling my whole system or wiping up some nasty mess on my gentoo box.
suing is a pain in the ass for sure, especially when you don't know how to do all that
Quote:
grant-X-permissions-with-xhost/su/set-display/launch-app-from-command-line

business (which i dont). but it's a small price to pay for knowing that your machine is taking decent care of itself.
i just have one question, How can i set a program (i.e. tkpppoe) to launch as root form the fluxbox menu
_________________
Could it be?
Back to top
View user's profile Send private message
MasonMouse
Tux's lil' helper
Tux's lil' helper


Joined: 26 Nov 2002
Posts: 146
Location: Texas, USA

PostPosted: Wed Jun 04, 2003 7:06 pm    Post subject: Reply with quote

I run as root all the time because it's too much of a pain to administrate a system otherwise. You have to be constantly logging back in as root and trying to set up proper permissions for everything and trying to run GUI programs as root while you're logged in as a user is just a big pain in the tail. I've been doing this for *years* on many computers and have yet to ever have anything bad to happen. I'm sure people will reply "It's only a matter of time." Well, I'm sure it's only a matter of time before a hard drive fails or a power surge kills something or a poorly written program blows away a partition... I work on realities, not what-ifs.

I guess it all boils down to personal perference.

(This all assumes you're the only user on your system which has always been the case for me.)
Back to top
View user's profile Send private message
pizen
Apprentice
Apprentice


Joined: 23 Jun 2002
Posts: 213
Location: Atlanta, GA, USA

PostPosted: Wed Jun 04, 2003 7:28 pm    Post subject: Reply with quote

Appropriate Chris Rock quotation for this thread.
Chris Rock wrote:
You can drive a car with your feet if you want to...but that don't make it a good f*cking idea.
Back to top
View user's profile Send private message
idl
Retired Dev
Retired Dev


Joined: 24 Dec 2002
Posts: 1728
Location: Nottingham, UK

PostPosted: Wed Jun 04, 2003 8:05 pm    Post subject: Reply with quote

pizen wrote:
Appropriate Chris Rock quotation for this thread.
Chris Rock wrote:
You can drive a car with your feet if you want to...but that don't make it a good f*cking idea.


I don't know what kind of car hes been driving, but most cars these days are driven by your feet :P
_________________
a.k.a port001
Found a bug? Please report it: Gentoo Bugzilla
Back to top
View user's profile Send private message
Jimbow
Guru
Guru


Joined: 18 Feb 2003
Posts: 597
Location: Silver City, NM

PostPosted: Wed Jun 04, 2003 8:30 pm    Post subject: Reply with quote

When I started using Linux (many years ago) I tended to always run as root. I don't don't do that anymore. I do not believe anyone who says that they are smart enough/careful enough/experienced enough to always run as root. Every person I know who is smart or careful or experienced does not run as root.

I do agree with the complaint that it is a huge pain to have to "su -" and enter the root password every time I want to do something as root. There is a very easy solution for this problem. Emerge sudo. It lets you run programs as root. The default setup is to ask you for your user password the first time you use sudo. After that it will ask again after X minutes (15?) of not using sudo. I have mine set up so it never asks for the password.

To make my life even easier, I've added some aliases and functions in my .bashrc that envoke sudo automatically:
Code:
export PATH="${PATH}:/sbin:/usr/sbin"
alias kern='snice make dep && snice make clean bzImage modules modules_install && s
merge alsa'
alias smerge='snice emerge'
alias snice='sudo nice -n 5'
alias suedit='sudo xemacs -nw'
alias vlog='sudo less /var/log/everything/current'
alias glog='sudo cat /var/log/everything/current | grep'
alias vlogtail='sudo tail -f /var/log/everything/current'
alias xsmerge='ACCEPT_KEYWORDS="~x86" snice emerge'
etc-init  () { sudo /etc/init.d/$1 $2; }


I've also got a button on my KDE task bar that opens up "sudo xemacs /etc" and I've added /sbin and /usr/sbin to my path.

There are times and situations when I do run as root. For example when I am doing the initial install I always run as root. If I am doing a series of tasks that require root access (usually from a console screen not an xterm) or if I need to cd to a directory that only root can access I will run as root.
_________________
After Perl everything else is just assembly language.
Back to top
View user's profile Send private message
Ben2040
Guru
Guru


Joined: 07 May 2003
Posts: 445
Location: UK

PostPosted: Wed Jun 04, 2003 8:33 pm    Post subject: Reply with quote

Quote:

I don't know what kind of car hes been driving, but most cars these days are driven by your feet

:D :D :D
I myself just use su to run emerge, chmod, chown, chgrp etc and if I need to run an Xapp as root, which isn't very often now as many apps give you the option to input a password for root permissions anyway, I just logout. I'd say use regular user and su until you feel more confident about using the CLI (Lethal Weapon) :wink:

Ben
Back to top
View user's profile Send private message
Ben2040
Guru
Guru


Joined: 07 May 2003
Posts: 445
Location: UK

PostPosted: Wed Jun 04, 2003 8:34 pm    Post subject: Reply with quote

Quote:

I don't know what kind of car hes been driving, but most cars these days are driven by your feet

:D :D :D
I myself just use su to run emerge, chmod, chown, chgrp etc and if I need to run an Xapp as root, which isn't very often now as many apps give you the option to input a password for root permissions anyway, I just logout. I'd say use regular user and su until you feel more confident about using the CLI (Lethal Weapon) :wink:

Ben
Back to top
View user's profile Send private message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9609
Location: beyond the rim

PostPosted: Fri Jun 06, 2003 8:47 pm    Post subject: Reply with quote

port001 wrote:
Well X isn't a problem seen as its configured not to listen for connections. Xchat and gaim on the other hand are mature(ing) projects and most if not all holes have been fixed at this point, thats not to say there won't be holes in the future. I'm confident that Xchat and Gaim aren't going to allow crackers access to my system, but thats a matter of individual trust. If it were a new program just reaching beta, I would think twice about letting it run as root.


Well, sendmail exists for over a decade and they still discover security holes.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum