The Free World: Day to Day Operations as Root.
With my recent foray into Linspire, there’s been some discussion over whether Linspire is being responsible by not ‘guiding’ inexperienced user to create a day-to-day unprivileged user account during the install wizard process.
That’s one question. The other question that comes to the forefront is if there’s any real merit to the old adage ‘never run as root’.
I cast my vote in favour of running as a non-privileged user back on November 10th. However, Micheal Robertson, the Chair of Linspire, feels that there is no added security value to running as a non-privileged user because the only real thing of value on a system is the data and the non-privileged user has full access to that data.
Personally, I think it’s silly to go out of your way to run as a more powerful user than you have to because that circumvents one of the cornerstones of the GNU/Linux security model. However, as a user who keeps virtually all of his data online (and therefore has little use for the box I access it on) I share Michael’s idea that the data is the important thing, not the system it runs on. I still wouldn’t do it, though :)
I’m curious what other people think about this. What’s your take on whether to run as root, a non-privileged user, or does it matter at all?
Edit: Well, the conversation took place over here instead of on New Linux User.
Related Stories
POSTED IN: The Free World.
13 opinions for The Free World: Day to Day Operations as Root.
Kyle
Dec 8, 2005 at 11:23 am
Well it is my understanding (and you mention this on the link to your vote) that one reason Linux doesn’t have a virus problem is because most users don’t log in as root, and therfore viruses have a very limited target on a machine. I just blogged about this today and quoted from what seems to me to be a reasonable source (and I’ve seen similar arguments elsewhere).
They seem to feel that if everyone starts staying logged in as root that those Linux targets will begin presenting a much more tasty target to hackers. This may not affect those Linux users who actually value security, but it may give Linux just the kind of bad press it doesn’t need.
Jon
Dec 8, 2005 at 11:30 am
I think that’s the general concensus. Running as root from day to day eliminates one of the strongest links in the GNU/Linux security chain.
While Windows doesn’t have a ‘root’ user per se, the weakness of the monolithic file system on Windows can be mimicked by on a GNU/Linux box by logging on as root.
I read your entry and agree with it. There’s one point that Mark Rais brought up in The GNU/Linux User Show #17 about anti-virus. He stated that the most likely reason for using anti-virus on a GNU/Linux system is to prevent that spread of virii to any existing Windows machines on the network. While GNU/Linux isn’t susceptible to these virii, it can still be a ‘carrier’ :)
After that show I put a call out to listeners to tell me what Linux anti-virus was out there. I think we ended up with a grand total of three products…telling, isn’t it?
Ben
Dec 9, 2005 at 4:14 am
I agree, it’s irresponsible of Linspire to make root the default login - it goes against all of the Linux security best practices articles I have read …
Jon
Dec 9, 2005 at 5:45 am
Hi Ben,
True, it does go against best security practices. However, MR seems to be right - nobody so far in this discussion (or the one on the board - link in the entry) has been able to give a compelling reason *why* it’s more secure to run as root on a home system.
I’ve come up with one scenario, but nobody else has :)
Ben
Dec 9, 2005 at 6:10 am
Jon, OK I can think of a few good reasons .. logging in as a normal user will stop you from:
- deleting system files (accidently or not)
- having software silently install on your PC without your knowledge
- accidently change system settings that might cause instability
In each of these cases you would be prompted for the root password.
I think of it this way: If you have a PC in your family home which is logged in as a ‘normal’ user, you can let your kids or little brother loose on it, and the worst they could do is mess up your desktop settings which should be easy enough to recover from. Would you leave it logged in as root (as Linspire say)? It could get trashed quite quickly!
Kyle
Dec 9, 2005 at 7:35 am
Not to beat this horse more, but it seems to me that it is a lot easier to backup just your home folder than it is to backup the entire system. I see what he’s saying about the only valuable thing being your data, so who cares about the rest… but heck, you could log in as root once a week, make a copy of your data into the root directory and log back out. That way there’d be a backup of all your personal data right there on the drive that nobody could touch without root privledges.
Assuming my noobish understanding isn’t failing me here.
Jon
Dec 9, 2005 at 8:40 am
Ben: Yup, all good points. The more I talk about this subject the more I think that perhaps everyone involved doesn’t share the same definition of ’security’. Some people (and this is where I fall into) feel that security goes much farther than simple protection of your data, it extends to ensuring that my machine isn’t being used by others to cause problems on the network. Others feel that security simply means the safeguarding of your files.
In either case, you’ve covered off both areas in your three points.
Oh, and technically I don’t think Linspire actually tells people run as root. They just don’t ‘guide’ people to not do so.
Kyle: No, I think you’re right. As I wrote above to Ben, I’m concerned about more than just my data though.
Jeff
Dec 9, 2005 at 12:02 pm
I think Ben hit the major benefits for running as a nonprivilaged user. The biggest risks of running as root is that a hacker could modify your computer without your knowledge. Spyware could be installed, rootkits, or the computer could be turned into a “bot” and be used in conjuction with other computers to make mass emailings or flood websites and shutting them down.
You can run as a limited user in windows, making it very similar to using linux. By right clicking on a program, you will be prompted to enter a password and get administrator rights. However, windows defaults to administrator during the install process for ease of use.
As far as linux computers giving windows computers viruses, that is unlikely since most viruses are passed by opening suspicious emails. Why would a linux user pass a suspicious email to a windows user?
Jon
Dec 9, 2005 at 12:28 pm
Hi Jeff,
There are lots of ways to pass viruses, email is just one of them. I’m not even sure that it’s accurate to say that ‘most’ viruses are passed via email. Many worms and zombie applications spread through the network without using email.
Jeff
Dec 9, 2005 at 3:29 pm
That’s true, there are a number of ways to get viruses. Simply going to some websites will install a virus. I may be wrong, but for a linux computer to pass a virus to a windows computer, as mentioned by Mark Rais, I think that an email attachment is the primary threat. Other than that, maybe a tainted mp3 recording. Since most linux applications don’t run on windows, what else would there be? If you know of others, please let me know.
Jon
Dec 9, 2005 at 4:56 pm
You’re probably right. This is just all speculation on my part but it seems to me that many viruses propogate via tcpip connection. Therefore, I imagine that a virus looking to propogate will send itself to any ip address it can find and if the machine at that address happens to fit the bill, it will be able to install.
Now, whether it will be able to execute enough in order to start the propogation is another story.
Pure speculation….
daveb
Jan 3, 2006 at 9:56 am
Honestly, the most compelling reason for me to run my day-to-day tasks as a non-priviliged user is to limit my ability to screw things up. I’ve only been using Linux-based operating systems for a little over a year, so in many cases, I’m stumbling along or flying blind. I’m thankful for any roadblocks to prevent or lessen my ability to shoot myself in the foot. Also, by using a non-priviliged account, when I do have to run as root, I don’t do it flippantly.
JF
Feb 16, 2006 at 4:17 pm
In fact, I don’t really see the real advantage and what is so easy when you run as root.
It’s not to beginners to “dictate” how computering and why early computering scientist have designed the system this way.ue and can go to any workstation without a difference. I mean that those users who ask for root permission (I don’t really know why) should have worked a little bit in a administrated company. And they should have estimate how many times administrators lost there time for these people who install forbidden software.
Running as root would be really dangerous in the case of the program is not well written. Running as root and even looking a jpeg would be more dangerous. There was a security breach in jpeg some times ago… Running as root and even a crafted URL or website could be dangerous… If you don’t run as root, you’ll be happy if your kid goes on this URL and YOU don’t loose your data.
Also with all this system you’re absolutly sure that an update will work (on good distro) and that your system will be patched exactly the way it should. Think about problem of SP2… Why? Because you didn’t have any way to mess up this OS!
Running as root would be dangerous in most enterprise config when using NFS for example. On a real network, each user is unique.
For teh example about the clock time setting. Changing the clock will change the clock for any user that are working on the system, so this clock is not only for you, but also for any users logged on the system. And on Linux, there’re plenty of virtual users which launch process in the backgroud. All those processes could be disturb while changing the date. Also, setting the good time on a computer is not a day to day action. And this example is not a good example at all, because the date is set by the network on current distribution. There’s only Windows which doesn’t set it directly out of the box. Why? Because the time is not set to GMT… It’s exactly a demo why the begginer should not interfere with the choices made by computering engeneers… When you receive mail outdated on your box, they doesn’t sort correctly. So, the computers HAVE to be on time, and it’s not to the user to change the time.
Also, for the program which are really usefull for day to day use, there’s the SUID bit. Also, on Ubuntu/OSXTiger, this root user doesn’t even exist and the user is asked his own password… So he doesn’t even now that there’s a root user! It’s just a question of PAM configuration.
So, please see pam and sudo and you’ll see how running as a privileged user is really cool! When you’re asked for your password : you can ask yourself : “Am I dooing something wrong?” “Did I made an error”… Have a look at Ubuntu (I’m sure there are other distrib that come with sudo confiigured but this one is very integrated) and see how security can meet ease of use…
Linux is different in design from Windows : You rarely have to download a program yourself, there’re package management such as urpmi or dpkg to do that. If the user have to install a program himself or compile it, he’ll know what he is doing… And he’ll know why using a Linux day after day program as root is not allowed.
Running as root is like use your new home DVD player without the plastic protection… To sum up!
Linux is about security and stability. That’s the big difference with windows : It’s thought by all.
If Lindows no, Linspire, is made with this kind of breach in security, I prefer Windows… Because at least after the fighting against spywares… I can play a lot of games in Windows! lol!
Have an opinion? Leave a comment: