[PlanetCCRMA] Running as ROOT

Fernando Lopez-Lezcano nando@ccrma.Stanford.EDU
Sat Jan 6 11:37:01 2007

On Sat, 2007-01-06 at 12:37 -0600, Bill Polhemus wrote:
> Of course, the PlanetCCRMA system is something of a different animal, a 
> true workstation rather than a server that's humming along quietly in 
> the background, so there may be more occasion to really screw things up. 
> I know that the PlanetCCRMA kernel has been built specifically to allow 
> low-latency and improved pre-emptiveness when running as a non-root 
> user, and this is consistent with the Conventional Wisdom as constitutes 
> good Linux user practice[**], but I'm wondering (again, STILL) what the 
> downside is to running as "root."

Running as non-root implies protection. But not only from yourself. One
example. An application might have a weird bug[*] that somehow writes or
modifies the wrong file and erases or modifies a tiny part of one of the
other apps installed in the system (or itself) - memory protections
don't allow apps to write to each other's memory spaces but the disk is
wide open to root. The broken app most probably will die if you try to
run it. But it could also be modified in such a way that it does more
damage and so on and so forth. 

Hours, days, months or years later the system becomes more and more
unstable when you start using those apps. 

I _know_ it is highly unlikely but you asked for a technical reason.
There it is. Protection. 

These days there is no _technical_ reason to run everyday programs as
root. Almost every up to date distro can run realtime apps from non-root
accounts if you configure /etc/security/limits.conf. You no longer need
patched kernels or anything else (other than an up to date pam and a
reasonable recent kernel). The standard Fedora core kernels can do that.

If you want to run as root please do so, but try to not advocate for
that, be aware that beginners will be listening, may be be attracted to
not have to su root or whatever to install another app or modify a
configuration file, start using the system as root and _then_ they'll
eventually make a mistake... 

-- Fernando

[*] or have malicious code in it that tries to damage the system!!

[**] not only linux, it is not considered good form to run as "root" (or
whatever is the equivalent) in any other operating system that has users
and protections