Arch Linux

shamans

Member

Registered: 2016-07-23

Posts: 7

I don't understand difference between root users and other users.

This is not a technical question. It may even be a beginner linux question in general but since I am new to Arch, the boundary between arch and other distro's is a bit blurred to me. I have a question about users in Arch/linux:

When I did my install, I believe I was doing it as the root user (correct?) and created a user profile. Now whenever I turn on my system, I am prompted to log in as the user profile (the only user profile I created). However, this user has no privileges. As a result, every time I have to install something I need to run the su command which takes me to the root user (correct?) and then I am able to run it.

My question is, if I have one user profile why doesn't it have privileges to do whatever it wants? I know I have to give it privileges but to makes no sense since there's only on user.

My other question is, what is the 'root user'? is it just another user with more privileges? Why don't I see the option of 'root user' when I am logging in?

If someone could either explain this concept to me or direct me to a documentation which has this concept explained I would be very grateful thank you.

Omar007

Member

Registered: 2015-04-09

Posts: 368

Re: I don't understand difference between root users and other users.

http://www.linfo.org/root.html

Furthermore, you should almost never have to switch to the root user. If you need to run a command as root (such as installation of software) you'd usually use sudo (e.g. `sudo pacman -S some-package`).

brebs

Member

Registered: 2007-04-03

Posts: 3,742

Re: I don't understand difference between root users and other users.

there's only on user.

No there isn't. Run this:

cat /etc/passwd

And see all the users.

There are many users for *security*, e.g. the principle of least privilege.

Also see thread.

frostschutz

Member

Registered: 2013-11-15

Posts: 1,417

Re: I don't understand difference between root users and other users.

My question is, if I have one user profile why doesn't it have privileges to do whatever it wants?

The general idea is https://en.wikipedia.org/wiki/Principle … _privilege (a regular user account is far from that, but it's a start)

It's not about you or you being the only user on that machine; it's about how far you trust the software you're running. If you have privileges to do whatever you want then so does any software you're running. Will it do something malicious? Does it have bugs that cause bad things to happen?

For example, some time ago Steam had a bug that might have caused it to delete all files in the system.

If steam runs as root, that would kill your entire system. Won't boot anymore, all data gone, have fun reinstalling from scratch.

If steam runs as regular user, it would kill your home files. Will still boot, all your files gone, have fun restoring backups if you have them.

If steam runs as a separate user (dedicated to steam only), it would kill steam and nothing else. Have fun reinstalling steam.

The less privileges you give a program the less damage it can do when things go south so this is an ideal to strive for.

Why don't I see the option of 'root user' when I am logging in?

Because you're not supposed to login as root. Although root is a user like any other, sometimes it doesn't have a password set (not an empty password, but password logins disabled in general). You can set a password with `passwd` and then probably login regularly (by manually typing the user name if you must, that depends on your login manager).

root is just too powerful. repartition anything, format anything, mess with any system programs and files. If someone decides to do malicious things this gives you keyloggers, backdoors, patches binaries so firefox (usually a trustworthy software) suddenly starts handing your passwords to a third party...

Also never underestimate the human factor, you wouldn't believe the things people do as root by accident.

Last edited by frostschutz (2016-07-23 18:30:46)

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 19,771

Re: I don't understand difference between root users and other users.

Edit:  If you need root privilege for something, use sudo

Last edited by ewaller (2016-07-23 18:31:12)

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

scapegoat24

Member

Registered: 2016-07-21

Posts: 12

Re: I don't understand difference between root users and other users.

Should probably be mentioned that you actually have to install sudo in Arch unlike other preconfigured distros. Not sure if this was done or not, just my two cents.

https://wiki.archlinux.org/index.php/Sudo

Could also say that when I was first introduced to Linux, Root was explained to me as being God and that if you were Root you can control the entire system. Sudo (Super User Do) is a type of invoking a temporary Root that would only last for that one command you issued.

Last edited by scapegoat24 (2016-07-23 20:14:36)

graysky

Wiki Maintainer

From: :wq

Registered: 2008-12-01

Posts: 10,597

Website

Re: I don't understand difference between root users and other users.

Edit:  If you need root privilege for something, use sudo

Love those https://xkcd.com comics!

---

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packages • Zsh and other configs

brebs

Member

Registered: 2007-04-03

Posts: 3,742

Re: I don't understand difference between root users and other users.

Sudo is not the only way of doing it - PAM works just as well (see thread that I linked to earlier).

I actually prefer PAM, because sudo works in scripts too, which I reckon is an unintuitive security risk.

ngoonee

Forum Fellow

From: Between Thailand and Singapore

Registered: 2009-03-17

Posts: 7,354

Re: I don't understand difference between root users and other users.

Sudo is not the only way of doing it - PAM works just as well (see thread that I linked to earlier).

I actually prefer PAM, because sudo works in scripts too, which I reckon is an unintuitive security risk.

What's the risk? Don't see any unless:-

a) the user is in the habit of automatically typing his password in when requested
b) root doesn't need a password
c) hijacking occurs, within the same terminal session, within the default 15 minute (was it changed recently?) window

All-in-all, seems like very low risk to me.

---

Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

brebs

Member

Registered: 2007-04-03

Posts: 3,742

Re: I don't understand difference between root users and other users.

I use PAM configured with:

# Require a user to be in the "wheel" group, to be able to use "su"
auth       required   pam_wheel.so

# Users in group "wheel" can su without being prompted for a p/w
auth       sufficient pam_wheel.so trust

So yes, I just type "s" to switch from my normal user to root. It's that easy.

ezzetabi

Member

Registered: 2006-08-27

Posts: 947

Re: I don't understand difference between root users and other users.

Apply common sense, be careful. But don't become over zealous with security without needs.
Because after all, in most cases what it counts is actually in the user account:

shamans

Member

Registered: 2016-07-23

Posts: 7

Re: I don't understand difference between root users and other users.

Thank you guys. This was all very helpful!