[PlanetCCRMA] Running as ROOT

Nigel Henry cave.dnb@tiscali.fr
Sat Jan 6 11:42:02 2007 

On Saturday 06 January 2007 19:37, Bill Polhemus wrote:
> This will no doubt seem silly to most, but I have always been inclined
> to run as "root" when using Linux. It just seems like I always end up
> wasting so much time with "workarounds" when I run as a non-root user
> that I can't seem to justify doing it any other way.
>
> I have been roundly impugned many times over when having this discussion
> on Linux forums, but no one can ever really give me a good reason to run
> as non-"root" other than "you're going to hit the wrong button and screw
> up your system!" (Sort of analogous to "you'll shoot your eye out, kid.")
>
> In the ten years since I began playing around with Linux - gradually
> becoming a fairly knowledgeable Linux Sysadmin as I have been running a
> Linux server now for more than six years - I have NEVER had any problems
> logging on and using the system as the "root" user, either CLI (as I'm
> prone to do, being an old-fashioned nerd) or with GNOME/KDE (I swing
> both ways).
>
> Of course, the PlanetCCRMA system is something of a different animal, a
> true workstation rather than a server that's humming along quietly in
> the background, so there may be more occasion to really screw things up.
> I know that the PlanetCCRMA kernel has been built specifically to allow
> low-latency and improved pre-emptiveness when running as a non-root
> user, and this is consistent with the Conventional Wisdom as constitutes
> good Linux user practice, but I'm wondering (again, STILL) what the
> downside is to running as "root."
>
> Comments very welcome, but PLEASE no flames. I respond far better to
> real information than to imperiousness.
>
> Thanks.

Hi Bill. Personally I don't run as root, and am the only user on my machines. 
I suppose if you are the only user, and are aware of what you are doing, 
there shouldn't be a problem. If others use your machine/machines, I wouldn't 
want them having access to /, where they could do irreparable harm to your 
filesystem.

The problem, putting the Internet to the side, is that it's easy to become 
complacent with the whole machine effectively accessable as user.  When you 
have to su to root on the CLI to work on the filesystem, mentally you are 
aware of doing just that, and that changes you make can easily mess things up 
if you don't take care.

I do login as root with KDE on odd ocassions. Usually if some app isn't 
working, and I want to see if it's a permissions problem, but that's as far 
as it goes.

Then we come to the Internet, if the machine is online. Linux isn't being 
specifically targetted by virus, worm, and trojan writers at this time, but 
this isn't allways going to be the case. If the machine is totally accessable 
from the Internet the consequences are likely to be worse. At the moment they 
need your user name, and password. They know "root", but also need the root 
password to get into the filesystem. If you are logged in as root, all they 
need is the root password. Running as user just makes it a bit more difficult 
for them to get into your machine.

I don't know if this makes any sense, but personally, even though I'm the only 
user on my 2 machines, I prefer running as user, even though to work as root 
I have to su, and then enter my root password makes for a bit more work.

Nigel.
>
> _______________________________________________
> PlanetCCRMA mailing list
> PlanetCCRMA@ccrma.stanford.edu
> http://ccrma-mail.stanford.edu/mailman/listinfo/planetccrma