[split] running desktop as root

user · 2006-08-23 04:46:09

peterk0 wrote:

'cause i'm too lazy to su each time, or even sudo.

login as user account.

sudo bash

and keep go on your way.

user · 2006-08-23 04:56:49

benplaut wrote:

running as root removes the most important security advantage between windows and 8nix like systems.

so plan9 has no root account. what an elegant system!

crouse · 2006-08-23 07:45:41

Linux is robust and secure because of the root/user discipline take that out of the equation and it's just another OS, easy to use maybe, and easier to trash.

Running at root is dangerous. all we need to do for proof of this is look at windows. lots of system files are available when the user is at admin/root level. Windows often sees these files become corrupted because a user has admin/root priveledges.

Case in point.... Simile.D ..... only systems running as root could be infected, on Wiindows AND Linux.

Man.... this discussion hits every forum I go too...... someone always seems to think that decades of Unix/Linux developement and user/system seperation was "dumb". Linux/Unix is a multi-user operating system. Get it ? Multi-User... the root account is special, and was never intended to be ran as a normal user.

Security and convenience do not always go hand in hand. It is my personal view is that I want/need to be secure and will sacrifice some convenience for this. Windows was MADE for convience.

I find it hard to believe that your too lazy to run/administer your linux box as a normal user, using root only when needed, but you aren't to lazy to actually install Arch Linux. I would think that anyone smart enough to run/install Arch, would have thought the security issues through all the way.

1. when running as root any process you start is running as root and has root access
2. running as a user, you can't destroy system files

and one of the better quotes i've seen on the subject

* In over ten years of widespread use, only a few rumored viruses have ever been recorded that affect Linux. This strong immunity can be explained by the fundamental architecture of the system which consists of independent layers that have specific features and strict permissions. Additionally, normal users have a strict and limited role on a Linux system; it's only the "root" user (administrator) who has the power to expose an entire system to possible danger.

Sort of confirms for me the stance that it is advisable not to run as 'root' as the normal mode and "expose an entire system to possible danger". Even M$ seem to have learned this with their new Vista OS.... and I consider them the "slow learners" in the security dept.

Hey, I hear Linspire is easy to run......

And before you go and call me a Linux Elitist, I am not.... not by a long shot. I help tons of people on my forums learn to use Linux and don't allow flaming or RTFM on any of the posts. I would prefer however to see "Best Security Practices" used whenever possible. It just makes good sense.... no matter what OS or Distro you use.

One of the funniest things i've seen on Slashdot
Root is like crack (Score:5, Funny)
by Anonymous Coward

benplaut · 2006-08-23 07:49:11

javurn wrote:

It is almost laughable that someone just quoted google for accuracy.

well... how else do you verify that phrase when common sense is out of the question?

peterk0 · 2006-08-23 08:23:52

benplaut wrote:

It's easy to brute-force a ssh account. It's even easier when it's the most obvious username in the book.

how will you brute force my sshd, where root login is not permited (i have a special acc for ssh to log in, then su to root) and max tries is set to 3?

p.s. please ppl read the whole thread, i did mention some conditions which applies to my system

test1000 · 2006-08-23 12:35:34

benplaut: you didn't even search correctly. If you had you would have gotten 62 results: http://www.google.com/search?hs=6Or&hl= … tnG=Search

when you search for multiple words after eachother without enclosing it in " " then google basically returns EVERY webpage cached that matches for EVERY word specified. No wonder you got that many hits

This is democrazy though, and us in the elite knows it's a crappy system... naaaaaw j/k

phrakture · 2006-08-23 15:06:36

peterk0 wrote:

how will you brute force my sshd, where root login is not permited (i have a special acc for ssh to log in, then su to root) and max tries is set to 3?

woah woah woah.... you actually set up a user account, you just don't use it? and when you do you immediately su? wow.

Gullible Jones · 2006-08-23 17:39:41

Just to clear things up... The attitudes you may be seeing do not show elitism; they show exasperation.

To extend the sex-without-a-condom analogy... Running as root is unsanitary. If a virus gets a foothold on your system because you were running as root, it will do what all viruses do... replicate. If the virus is of the mass-mailing variety, your machine will be contributing to its spread. Running as root does not just affect you.

Cerebral · 2006-08-23 20:46:06

Dictionary.com wrote:

vi‧rus [vahy-ruhs]
–noun, plural -rus‧es.

Yay english!

Dusty · 2006-08-23 20:57:27

smoon wrote:

This can't happen if you're using your Desktop as ordinary user only?

Oh, of course, but my /var/log/auth has a record of all user login attempts and I know that if you log in under my username you can't edit that file to hide your tracks. ;-)

Dusty

phrakture · 2006-08-23 21:41:47

javurn wrote:

Yet, assuming one jeopardized linux box is going to ruin the world's computing is slightly over pretentious.

Not true. Preventing someone else from endangering themselves is the opposite of pretentious (suoitneterp?). No one ever says "stop acting so elite" if you tell them they should drive the speed limit, or get an airbag in their car. It's safety advice, as is this. People who have been in car accidents before, or been party to one, will tell you that you're an idiot if you laugh in the face of safety rules for driving. This is a corollary of that.

benplaut · 2006-08-24 03:37:33

you have an account for ssh'ing in?

not to lazy, are you...

allucid · 2006-08-24 04:11:37

Dusty wrote:

smoon wrote:
This can't happen if you're using your Desktop as ordinary user only?
Oh, of course, but my /var/log/auth has a record of all user login attempts and I know that if you log in under my username you can't edit that file to hide your tracks. ;-)
Dusty

you could conceivably fill it with enough legitamate-looking garbage that causes the attempts to be moved out by your log rotator. Or use some other vuln to pop into a root shell.

palandir · 2006-08-24 09:11:28

It's convenient enough to use a normal user account and to use "sudo" or "su -c" for most/all tasks involving root.

Running everything as root was always stupid, is always stupid and will be always stupid.

Even if you do regular backups, typos/mistakes happen, and if you do a "rm -rf / tmp/*" for example (note the extra space) or remove some important directory using your file manager, and you need your system right now to do some work or whatever, you're fucked (happy reinstalling and moving your backups).

Accidents like these happen. Even if it didn't happen to you for multiple years. And even to experts. And when you run everything as root, there are many situations where these accidents might happen, not just when using "rm -rf" in a terminal.

And the second most important point are bugs/security holes in programs. Especially if you like using bleeding edge stuff.

Using an unpriviledged user account is one of - if not the best - security measure there is.

test1000 · 2006-08-24 15:41:55

phrakture wrote:

People who have been in car accidents before, or been party to one, will tell you that you're an idiot if you laugh in the face of safety rules for driving. This is a corollary of that.

Oh really? Are you saying he might *DIE* if he doesn't stop running as root? lol

cheer up people, it's not like it's *YOU* that's going to get killed.

peterk0 · 2006-08-24 18:15:25

yeah phrakture you seem a little tense, relax 8)

Arch Linux

#26 2006-08-23 04:46:09

Re: [split] running desktop as root

#27 2006-08-23 04:56:49

Re: [split] running desktop as root

#28 2006-08-23 07:45:41

Re: [split] running desktop as root

#29 2006-08-23 07:49:11

Re: [split] running desktop as root

#30 2006-08-23 08:23:52

Re: [split] running desktop as root

#31 2006-08-23 12:35:34

Re: [split] running desktop as root

#32 2006-08-23 15:06:36

Re: [split] running desktop as root

#33 2006-08-23 17:39:41

Re: [split] running desktop as root

#34 2006-08-23 20:46:06

Re: [split] running desktop as root

#35 2006-08-23 20:57:27

Re: [split] running desktop as root

#36 2006-08-23 21:41:47

Re: [split] running desktop as root

#37 2006-08-24 03:37:33

Re: [split] running desktop as root

#38 2006-08-24 04:11:37

Re: [split] running desktop as root

#39 2006-08-24 09:11:28

Re: [split] running desktop as root

#40 2006-08-24 15:41:55

Re: [split] running desktop as root

#41 2006-08-24 18:15:25

Re: [split] running desktop as root

Board footer