[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root login in graphical enviroment

On Wed, Jul 31, 2002 at 07:45:02PM -0700, Leo Spalteholz wrote:
> >
> >
> >I've pretty novice with X stuff, though, so I'd love to hear a secure way of running
> >GUI apps as root that Just Works (tm).
> >
> I just use kdesu appname.  Of course only for those on KDE..   Secure? 
>  No idea.  Just Works? Yeah!  And if it isn't secure I don't care either.
> 
> and now to veer off topic slightly for a rant on something I've been 
> wondering about
> <rant>
> I'm on the verge of just (OMG! wait for the blasphemy) logging in as 
> root for daily use.  I type in my root password about 50 times a day 
> just to execute a command or edit some config file.  Yes I realize that 
> if someone exploits a hole in your software the risk is much greater if 
> you're running as root; but how big is this risk?  I've been running MS 
> Windows, not downloading security patches or running a virus scanner or 
> a firewall, for the last 8 years and have never had even the slightest 
> security problem.  And yet if anyone suggests running linux as root, 
> everyone goes apeshit and calls them nuts.  So how secure is linux when 
> running as root on a desktop box? (no services like ftp/ssh/apache etc 
> running)  If its as secure or more secure than MS Windows then I dont 
> see a problem with running as root on a DESKTOP machine.  If its less 
> secure, why the hell is it?
> </rant>

Security is one aspect, but if you run as root all day every day, sooner
or later you'll do something accidentally that will do a lot of damage.
Eg, you might do rm -Rf * from the root directory (thinking you were in
/tmp).  No big drama if you do it as a user[1].  As root, your system is
hosed.

My advice is to do whatever works for you, providing you keep your
"admin" and normal type activities separate.  sudo might be a good
choice, since you don't have to type in the password if you use it
within the timeout (uh oh, here comes the sudo is good vs sudo is evil
flame fest :) ).  Alternatively, keep a root login on one of your
virtual consoles, and switch to it whenever you need to do admin stuff.
Just make sure you switch back when you are finished.

Incidentally, it is more dangerous running as root on Unix than on
Windows.  With the Unix root user, anything goes.  There is nothing it
can't delete/ruin/whatever.  On the more multi-user flavours of Windows,
even the Adminstrator user can't do certain things.  In other words,
being able to run Windows as Administrator all the time without 
consequence doesn't follow on to running as root under Unix all the
time.

- Chris 

[1] Well, your home directory will be hosed, but that's what backups are
for, right? :)
Reply to: