[NCLUG] Why not Root?

[John L. Bass]

Chad Perrin <perrin at apotheon.com>
> . . . and yet, you can't seem to grasp that it's a bad idea to run
> *everything* as root.

I've been a systems programmer for nearly 40 years, and a UNIX kernel
systems programmer since 1974, with well better than 10 MAN YEARS of
daily work logged in as root, on dozens of systems, and they never
magicly self distructed. A few rare mistakes did cause some concerns
yes, but not really any different than the concerns you would have
over your home directory or shared project directories disappearing
because of being in the wrong directory while executing "rm -rf *".

I've also made it a termination offense for my junior sysadmins to
work unnecessarily as root, just to protect the business from their
mistakes while learning. And in some cases, even for senior admins
on critical systems.

Now ... just WHY is it a "bad idea to run *everything* from root"?

Other than the fact that many senior IT managers, including myself,
choose to implement that as policy on critical production machines,
there really ISN'T ANY technical reason the should stop a home hobbiest
that wants to on their personal desktop machine. In fact, learning
by hard knocks is one of the most successful ways to make people
think before they type and hit return.

So far, the "reasons" this is bad, are NOT reasons. The "mantra" and
bigoted assertions that is somehow bad have not been proven, just the
"everyone always does it that way" excuse without a sound technical
justification for doing it that way.

There isn't any serious difference in "security", which I've already
pointed out ... and if that isn't clear, I'll be happy to provide
specific additional examples why, besides the clear cases already.

John