EXPLAIN: Why Not Log On As Root?
November 10, 2005 by Jon
Filed under Explanation
I’m sure we’ve all heard the dire warnings against logging on to a GNU/Linux box as the root user to perform routine computing tasks. But why? It’s my computer, shouldn’t I be able to do anything I want without having to switch to the root account?
Yes, you should. However, if you run as root regularly then you are defeating one of the strongest links in GNU/Linux security. One of the fundamental parts of the OS is that any application that is launched by the user runs with the same permissions as that user. Therefore, if you are logged on as root, any applications that you run will have the same uber permissions as root. While this is necessary in some cases, it’s not in 99% of the cases.
Consider this comparison of the steps a piece of malware sent to a Window and a GNU/Linux box would have to go through to successfully install.
Windows:
- User views the email and the attachment runs. Because Windows has a monolithic file system with weakened permissions and Vbscript running by default, in most cases the malware can rummage around in the registry and in the system files to install itself wherever it likes.
GNU/Linux (running as root):
- User gets the email
- User saves attachment somewhere
- User chmods attachment to make it exectuable
- User executes attachment
GNU/Linux (running as normal user):
- User gets the email
- User saves attachment somewhere
- User chmods attachment to make it exectuable
- User tries to execute attachment
- If malware wants to get at any system files, the user will have to enter the root password to allow it to do so
- Attachment executes.
Now, I realize that this is a very simplistic and high-level example, but it suffices for this conversation. The point is that the GNU/Linux file system and file permissions model alone provides a great level of security. Scripts cannot be run unless explicity executed by the user. Add another level of security by restricting access to the system files to the root user, and you have a pretty secure system.
In our little home GNU/Linux world it’s easy to think that the only person we’re putting at risk is ourselves. If we accidently delete the entire hard disk because we typed the wrong thing as root, then we’ve only screwed ourselves. That’s not necessarily the case. While the GNU/Linux world is generally immune to virii and botware at the moment, that may change. If you’re in the habit of running as root, then when that change occurs your machine will be much easier to recruit into the botnet or infect with a virus.
It’s your computer and therefore your call, but personally, I NEVER run as root.
even though I once accidentally deleted my /var directory, I STILL run as root ALL THE TIME.
and I never wear a static wrist guard when working on my internal computer components, either.
I also have been known to drive a motorcycle without a helmet, have unprotected sex, and jump into water that I didn’t know how deep it was.
Guess what: I’m still alive, and my computers have, as of yet so far, knock on wood, never suffered irrepairable damage because I was running as root and accidentally did something. If I do, then I’ll learn from my mistakes not to type “rm -Rf /var”. so Nyah!