Benjamin Vander Jagt wrote:
I have a server which I ONLY need to do maintenance on. Still I don't log in as root. In my 15 years of Unix experience I've seen too many things go terribly wrong for the lazy sysadmins, from the stupid fake login script, password sniffing you name it. The main hazard is that should you accidentally execute a malicious program (or a faulty command or shell script even) it is executed as root and can therefore destroy anything. As a mortal user you can never ruin the system.I should start by saying that my argument is not that Linux should be a single user environment. On the contrary, probably somewhere between 95% to 99% of Linux users should not run as root. However, I consider myself in the minority, and I think I have justified reasons for running as root.
In my humble opinion there is not a single reason for anyone to log in as root (except in single user mode)
Until you want to clean up /tmp and accidentally type rm -rf / tmp/* (mind the space between / and tmp) Don't laugh, I've seen it happen many many times.I am disheartened that there's no way to give a user administrative privileges, but I am not as upset, since running as root works so well. I have been running as root for about four months, and it has worked exactly how I wanted.
There is no "Are you sure?" in Linux. It follows the YAFIYGI way of thinking (You Asked For It You Got It) Once you press Enter there's no turning back.
They didn't invent the "su" command for nothing.
I'm glad that root has not beenSo you run X as root even. Now THAT is a security hazard....... I'm sorry sir, but you won't ever be allowed to admin either one of my boxes. If you want to use Linux, you should let go of the Mickey$oft way of thinking.
crippled as a user. Root has it's own home folder, (almost) everything
treats root as if it's just another user. Perhaps someday, when less
stuff needs to be tweaked, when everything installs in a uniform
fashion, and when the system can be told to "remember password" at least
for certain applications, then I will change back to running as a user. However, as it is now, the only way to get the convenience I want is to
run as root, and the only thing that has given me any trouble has been
xscreensaver.
I'm using X also, as a normal user, and I have no problem at all. If I really need to tweak something I type su or sudo and I can do whatever I want.
If you want to run everything as root, please go ahead. It's not my box. Just know that almost all Unix security relies on the user not being able to touch system files. I'm not trying to tell you what to do, just warn you for the risks involved.....
Eric.
