llbbl
05-22-2005, 01:57 PM
I know this is age old debate. I am not trying to start a discussion on the topic, but I wanted a collection of information that I found from around the net why logging in as root is bad practice.
1. It takes time to restore the system if compromised.
2. It's easier for a compromise to go unnoticed if the offending program has root access; if you are running any filewatcher programs like tripwire they can be replaced. (Of course, most desktop users don't bother with tripwire. I certainly don't...)
3. Does your wife / gf / children use your computer? If they are compromised, you will be too.
4. Wise desktop users will use extra user accounts to protect especially important files. Spent months creating mp3s? Create an mp3 user with read-only access to his home dir from users in group 'mp3'.
5. Stability. Buggy software that runs as root can inflict more damage. You don't just need protection from malware! This is more likely in linux anyway, since desktop system compromises are not common.
http://www.desktoplinux.com/cgi-bin/board/UltraBoard.pl?Action=PrintableTopic&Post=364&Board=linvwin&Idle=0&Sort=0&Order=Descend&Page=0&Session=
* When doing some complex command, try running it first in a non-destructive way...especially commands that use globbing: e.g., if you want to do rm foo*.bak, first do ls foo*.bak and make sure you are going to delete the files you think you are. Using echo in place of destructive commands also sometimes works.
* Provide your users with a default alias to the rm command to ask for confirmation for deletion of files.
* Only become root to do single specific tasks. If you find yourself trying to figure out how to do something, go back to a normal user shell until you are sure what needs to be done by root.
* The command path for the root user is very important. The command path (that is, the PATH environment variable) specifies the directories in which the shell searches for programs. Try to limit the command path for the root user as much as possible, and never include . (which means "the current directory") in your PATH. Additionally, never have writable directories in your search path, as this can allow attackers to modify or place new binaries in your search path, allowing them to run as root the next time you run that command.
* Never use the rlogin/rsh/rexec suite of tools (called the r-utilities) as root. They are subject to many sorts of attacks, and are downright dangerous when run as root. Never create a .rhosts file for root.
* The /etc/securetty file contains a list of terminals that root can login from. By default (on Red Hat Linux) this is set to only the local virtual consoles(vtys). Be very wary of adding anything else to this file. You should be able to login remotely as your regular user account and then su if you need to (hopefully over ssh or other encrypted channel), so there is no need to be able to login directly as root.
* Always be slow and deliberate running as root. Your actions could affect a lot of things. Think before you type!
http://www.linuxdocs.org/HOWTOs/Security-HOWTO-4.html
Some new users get into the bad habit of using root for everything. This is bad for several reasons: You can inadvertently destroy important files. You can do irreparable damage to your filesystem or wreak havoc with system processes. Also, if you are connected to a network, being logged in as root is a potential security hole for a cracker to get into your system.
If you log in as root all the time, you increase your chances of making a simple error that can cost you hours of recovery time. If you are the administrator of your system, there is a simple command called su, which enables you to assume the identity of root or any other user (if you know the password). It is much better to log in as an ordinary user, then use the su command to give yourself administrative privileges to perform a task. This is also called becoming the "superuser." If you simply type
http://www.informit.com/articles/article.asp?p=130852&seqNum=4&rl=1
..unless there is a good reason for doing so. In Linux you can create as many users as you like, all with their own home folders and permissions.
One user is special: root (also called "superuser") has the right to do anything.
Use su - to temporary become root and do the things you need, never log into your sytem as root!
Root is only for system maintainance, this is not a regular user (LWindows don't have any user management at all and uses root for everything, this is a very bad idea!).
You can execute a command as root with:
su -c 'command done as root'
Gentoo Linux: Note that on Gentoo Linux only users that are member of the wheel group are allowed to su to root.
http://linuxreviews.org/sysadmin/
1. It takes time to restore the system if compromised.
2. It's easier for a compromise to go unnoticed if the offending program has root access; if you are running any filewatcher programs like tripwire they can be replaced. (Of course, most desktop users don't bother with tripwire. I certainly don't...)
3. Does your wife / gf / children use your computer? If they are compromised, you will be too.
4. Wise desktop users will use extra user accounts to protect especially important files. Spent months creating mp3s? Create an mp3 user with read-only access to his home dir from users in group 'mp3'.
5. Stability. Buggy software that runs as root can inflict more damage. You don't just need protection from malware! This is more likely in linux anyway, since desktop system compromises are not common.
http://www.desktoplinux.com/cgi-bin/board/UltraBoard.pl?Action=PrintableTopic&Post=364&Board=linvwin&Idle=0&Sort=0&Order=Descend&Page=0&Session=
* When doing some complex command, try running it first in a non-destructive way...especially commands that use globbing: e.g., if you want to do rm foo*.bak, first do ls foo*.bak and make sure you are going to delete the files you think you are. Using echo in place of destructive commands also sometimes works.
* Provide your users with a default alias to the rm command to ask for confirmation for deletion of files.
* Only become root to do single specific tasks. If you find yourself trying to figure out how to do something, go back to a normal user shell until you are sure what needs to be done by root.
* The command path for the root user is very important. The command path (that is, the PATH environment variable) specifies the directories in which the shell searches for programs. Try to limit the command path for the root user as much as possible, and never include . (which means "the current directory") in your PATH. Additionally, never have writable directories in your search path, as this can allow attackers to modify or place new binaries in your search path, allowing them to run as root the next time you run that command.
* Never use the rlogin/rsh/rexec suite of tools (called the r-utilities) as root. They are subject to many sorts of attacks, and are downright dangerous when run as root. Never create a .rhosts file for root.
* The /etc/securetty file contains a list of terminals that root can login from. By default (on Red Hat Linux) this is set to only the local virtual consoles(vtys). Be very wary of adding anything else to this file. You should be able to login remotely as your regular user account and then su if you need to (hopefully over ssh or other encrypted channel), so there is no need to be able to login directly as root.
* Always be slow and deliberate running as root. Your actions could affect a lot of things. Think before you type!
http://www.linuxdocs.org/HOWTOs/Security-HOWTO-4.html
Some new users get into the bad habit of using root for everything. This is bad for several reasons: You can inadvertently destroy important files. You can do irreparable damage to your filesystem or wreak havoc with system processes. Also, if you are connected to a network, being logged in as root is a potential security hole for a cracker to get into your system.
If you log in as root all the time, you increase your chances of making a simple error that can cost you hours of recovery time. If you are the administrator of your system, there is a simple command called su, which enables you to assume the identity of root or any other user (if you know the password). It is much better to log in as an ordinary user, then use the su command to give yourself administrative privileges to perform a task. This is also called becoming the "superuser." If you simply type
http://www.informit.com/articles/article.asp?p=130852&seqNum=4&rl=1
..unless there is a good reason for doing so. In Linux you can create as many users as you like, all with their own home folders and permissions.
One user is special: root (also called "superuser") has the right to do anything.
Use su - to temporary become root and do the things you need, never log into your sytem as root!
Root is only for system maintainance, this is not a regular user (LWindows don't have any user management at all and uses root for everything, this is a very bad idea!).
You can execute a command as root with:
su -c 'command done as root'
Gentoo Linux: Note that on Gentoo Linux only users that are member of the wheel group are allowed to su to root.
http://linuxreviews.org/sysadmin/