Jeff Waugh wrote:
<quote who="Michael Toomim">Why is this a decidedly "good thing"? Many other distributions and OS's let users log into the graphical interface as root equivalents, and I don't see how it can possibly be that big of a security risk.It is far easier to 'fuck things up' in a GUI than it is on the command line. Deleting /dev or /usr in a file manager, for instance, or even just moving them.
I don't buy it. Most desktop computers (dos, win95/98, early macs) don't even have a "root" concept, and all users have root-equivalent power -- yet I've *never* met a person who deleted their system files because they had root access. (I've been admin for a lot of systems.) This just isn't a problem that comes it in practice.
I think it's *harder* to fuck things up in a gui than on the command line. It's easy to mis-type "rm ./*" as "rm /*", for instance, but it's hard to use a gui to select an entire file system and delete it. Plus, a gui can provide extra levels of accident-protection, like "are you sure?" dialog boxes for sensitive information.
I think it's a widespread myth in unix circles that running guis as root will frequently lead to accidental system failures. Users are pretty good at leaving those things alone. There are important configuration files in your home directory too (like ~/Mail, ~/school_work, ~/.mozilla, etc.), and do you delete those accidentally because your uid "has the power"? Saying that running as root will lead to accidentally screwing up your computer is completely contradictory to empirical real-world evidence.
Plus, newbies are the users who tend to run as root whereas only the power-users tend to install their own non-priviledged usernames. Isn't this backward? Shouldn't newbies get more protection than power-users?
root is god. root can damage hardware. root can destroy an entire system in an instant. It just does not make sense to use the GUI as root. You don't need to. You don't need the power. You don't *want* the power.
You want the power when you need to install new software. You want it when you need to set the time. You want it when you need to add or remove users from your system.
Every time I see an NT desktop user logging in as Adminstrator, I cringe. Every time I see a Linux desktop user logging in as root, I hide under the table.
hehe. :)