[NCLUG] Why not Root?

[Bob Proulx]

David Braley wrote:
> If a Linux machine is built and used by a single person, why not always
> log in as root?

Building good habits.  Good habits take time and effort to build up.
Bad habits are acquired easily and quickly.  Try teaching your
favorite pet dog not to beg at the dinner table.  Randomly reward him
with tidbits from your plate while you are eating when you see that he
is not begging.

> Oh sure, I have heard a million times from others say things like,
> "never log in as root because you could accidentally f**k up your
> system." From my experiences, I have COMPLETELY hosed a system executing
> a command as sudo.

It can only be worse when you are *always* the root user.  Basic
firearm safety is to never point a gun at something that you do not
intend to shoot.  Never put your finger on the trigger until you are
ready to fire.  Always assume that the gun is loaded.  These same
rules are good to apply to superuser privileges as well.

> Others will say, "you do not want other users messing up your system."
> What if I am the only user?

The system was designed as a multiuser system.  You may be the only
user and that is great.  If you use things as designed then you are
unlikely to encounter serious bugs and other trouble.  If you use
things different than designed then you become the test pilot.  You
become the trail blazer.  It is best if you use the system the way
that it was intended to be used.

> Is there a security reason for not logging in as root? Is the machine
> somehow less secure when someone is logged in as root?

Actually yes it is less secure.  There are many attacks of different
forms.  Some are social engineering attacks trying to get you to make
a mistake.  Others exploit things such as keyboard attacks or the old
smart terminal attacks (used to be 'mesg n' as root always to avoid
that).  When you are always root then those are always available too.

> If a mis-behaving program run by a user is crashing, is the rest of the
> system somehow safe from the evil program?

Yes.  A userland program cannot damage the system processes.  A random
bad 'kill $RANDOM' command cannot cause the machine to reboot, to
hang, to lose email, to do any of those system things that the system
does.  It could only kill a random processes owned by that user.  This
limits the possibilities of seeing unexplained system crashes.

You said you wanted to use a more stable system.  This privilege
separation is one of the things that enables it to be more stable.  By
always running as the superuser you would be removing one of the
safety devices that keeps it stable.

> I bring this up because I am basically a lazy user. I was happy sudo'ing
> into things for system administration before I moved over from
> MicroNovelSoft to Fedora. That's when the whole annoying user path thing
> started to get to me.
> 
> david at linux:~> sudo ifup wlan0
> password: **********
> bash: ifup: command not found
> 
> Oh ya, with Fedora I need to put the full path in.
> 
> david at linux:~> sudo /sbin/ifup wlan0

I do not see this behavior with the Debian sudo command.  I *do* get
the system paths there.  Can someone confirm this on Fedora?  That
does not seem right to me.

> So I can easily fix this up by setting my path so that user david can
> have access to the other tools on my system using sudo (thanks Sean!).

If so then it certainly can be configured to set PATH for system
directories.  I think that it should be the default for sudo.

> But it got me thinking about the whole root thing and how it creates
> another layer between me and the system, and the annoyance of getting
> over the barrier.

And now you have my thoughts on the topic.

Bob