MandrivaThis Forum is for the discussion of Mandriva (Mandrake) Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If you understood the risks, you wouldn't be asking the question. Login as a user and su or sudo to execute what you need to with root authority.
Well, that's why I want to know how: I find it annoying having to continuously type "(kde)su" all the time to make system changes.
I do appreciate your concern.
Well, that's why I want to know how: I find it annoying having to continuously type "(kde)su" all the time to make system changes.
I do appreciate your concern.
then i guess you also run MS Windows as an Administrator and have the system turned into a zombie or a bot for a bot herder .
Linux IS SAFER than windows if YOU - the USER, is NOT THE PROBLEM .
the OS developers turned the gui root login OFF for GOOD security reasons
X window is NOT SAFE TO RUN AS ROOT !!!
Not trying to start any war or anything, but is there any website that explains in a technical way why graphical root login is bad?
Again, purely in the interests of knowledge. I know it's the right thing not to log in as root, but after years of Linux experience, I must confess that I hadn't investigated this very thoroughly.
(BTW. I always log in as a user except in my early days with Linux)
here is a taste of what others have written about being root, as apposed to using sudo.
the last article goes on to explain sudo and "granular delegation".
"Liberty comes with responsibility"
Quote:
Let's try an analogy, and just for maximal irritation let's make it a
car analogy, which I know everyone loves:
You drive your 12 year old son to school every day. In this sense, he is
a user of the car. You fill the tank at the same gas station every day.
Would you give the keys of your car to your 12 year old son, and ask him
to drive to the gas station, simply because your son is an authorised
"user" of your car, and because you trust the quality of the fuel from
that gas station?
Users are not, and should never be, administrators.
If you're logged in as root, you can easily wipe directories or do something that in retrospect is really dumb on the system with the flip of a finger, while as a user you normally have to put a few extra mental cycles into what you're typing before doing something that is dangerous.
Also any program you run as root as root privileges, meaning if someone or something gets you to run/compile/browse a website that is dangerous and wants to damage your system, such as a trojan or other malware, it has full access to your system and can do what it wants, including access to TCP ports below 1024 (so it can turn your system into a remailer without your knowledge, for example).
Basically you're kind of asking for trouble that logging in as yourself may prevent. I've known many people that ended up being glad they had that safety net in a moment of carelessness.
EDIT: There is also the issue of root being the most well known, thus an easy target, for scripts and hacks. Systems that disable the account and instead force users to use sudo means that any attempt to crack root from ssh or a local exploit to the account are banging their heads against a wall. They'd have to guess/crack a password and username. It's security through obscurity to a degree but it's hard to argue that it doesn't foil most script kiddie attacks.
There are several reasons why this is so:
Eavesdroppers
Although the whole point of SSH is to make eavesdropping unfeasible, if not impossible, there have been a couple of nearly feasible man-in-the-middle attacks over the years. Never assume you're invincible: if some day someone finds some subtle flaw in the SSH protocol or software you're using and successfully reconstructs one of your sessions, you'll feel pretty stupid if in that session you logged in as root and unknowingly exposing your superuser password, simply in order to do something trivial like browsing apache logs.
Operator error
In the hyperabbreviated world of Unix, typing errors can be deadly. The less time you spend logged in as root, the less likely you'll accidentally erase an entire volume by typing one too many forward slashes in an rm command.
Local attackers
This book is about bastion hosts, which tend to not have very many local user accounts. Still, if a system cracker compromises an unprivileged account, they will probably use it as a foothold to try to compromise root too, which may be harder for them to do if you seldom log in as root.
How often does someone need to modify their system anyway? Every couple of days I type in my root password to download updates. Other than that, you're probably using your computer for tasks, not for administering your system - and tasks are done just fine as a user.
The real problem I think is that if you're running as root all the time and you get exploited, you're screwed - the intruder has full access to everything. Running as a user, the intruder's access is more limited.
I believe once your system is set up and running you'll have little need for running as root.
when I started with linux, (the knoppix live-cd was the first gui I had "seen working")
Most of my peripheral hardware, (printer, camera, 802.11, graphics card, and sata chip) was not recognised.
But I was excited to finally get away from paying for buggy software.
I'd been using FOSS on M$ and liked it a lot.
While I was configuring linux I constantly had to look for info from the web, which meant reboot and use M$ to get online (28k dialup)
By the way,
I didn't even know what I needed to look for.
I didn't know how to extract the info from my linux system to copy paste a reference note to myself.
I remember spending a lot of time offline.
I remember learning. I am still learning.
But like a child, the teach them all you can and let them go. Hopefully they make the "right" decisions.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Being root is bad
