[NCLUG] Why not Root?

James DeWitt jdewitt at verinet.com
Sat Mar 17 13:48:43 MDT 2007


Hi David,

Here are a couple easy fixes.

On Saturday 17 March 2007 12:49:51 pm David Braley wrote:
> If a Linux machine is built and used by a single person, why not always
> log in as root?
>
> Oh sure, I have heard a million times from others say things like,
> "never log in as root because you could accidentally f**k up your
> system." From my experiences, I have COMPLETELY hosed a system executing
> a command as sudo.
>
> Others will say, "you do not want other users messing up your system."
> What if I am the only user?
>
> Is there a security reason for not logging in as root? Is the machine
> somehow less secure when someone is logged in as root?

Just imagine all the processes that run automatically as you. 
Some of them are browser plugins, etc.

> If a mis-behaving program run by a user is crashing, is the rest of the
> system somehow safe from the evil program?

Yes, safer than if the evil or compromised program were running as root.

> As a personal policy I do not use a computer for anything important. I
> do not store or create secrets on my computer. I am also quite
> comfortable with file loss (even though I do backups, mostly for
> convenience sake).

Oh, if you only knew the terrible secrets contained on my computer  ;-)

> I bring this up because I am basically a lazy user. I was happy sudo'ing
> into things for system administration before I moved over from
> MicroNovelSoft to Fedora. That's when the whole annoying user path thing
> started to get to me.
>
> david at linux:~> sudo ifup wlan0
> password: **********
> bash: ifup: command not found

This is easy to fix (but doing so makes your system more vulnerable).
In /etc/sudoers, make sure your entry is like this:

    david ALL=(ALL)       NOPASSWD: ALL

> Oh ya, with Fedora I need to put the full path in.
>
> david at linux:~> sudo /sbin/ifup wlan0

Yes, this is a pain. By default, fedora excludes the sbins
from regular user PATHs, so sudo can't find things either.
I fix this in /etc/profile - just comment out the if/fi lines

    # Path manipulation
    #if [ "$EUID" = "0" ]; then
        pathmunge /sbin
        pathmunge /usr/sbin
        pathmunge /usr/local/sbin
    #fi

> So ... in my case, why not just log in as root?

One reason I can think of off hand, is that /root gets erased by 
default when you reinstall the system (with Fedora, at least).  

Using a normal user login, you would usually have a separate 
/home partition which can be preserved and shared indefinitely.
So, it makes it much less trouble to save your personal and 
application configuration data over time.

Cheers,
JD



More information about the NCLUG mailing list