Root account

Root account

Post by Jay Lin » Wed, 14 Oct 1998 04:00:00



Hello,

I've been told time and time again that it isn't good to be logged in as
"root" for long periods. The implication is that there's a potential
security breach, but no one comes out and says this.

So now I'm curious. What is risky about being logged in as root? Is it
simply the danger that someone might walk up to an unoccupied terminal?
Or can something else happen?

Jay Link
InterLink BBS
-----

Linux can be pronounced "lye-nucks" or "lee-nucks", but never "linn-ucks".

 
 
 

Root account

Post by Frank Sweetse » Wed, 14 Oct 1998 04:00:00



> So now I'm curious. What is risky about being logged in as root? Is it
> simply the danger that someone might walk up to an unoccupied terminal?
> Or can something else happen?

well, there is the danger of someone coming up to an unoccupied terminal.
however, the greatest danger is actual the person logged in as root - a
typo as root can easily be disasterous.  the classic is typing something
along the lines of

cd /
rm -Rf tmp/ *

instead of

rm -Rf tmp/*

this would totally hose your system, while as a normal user, you can only
hose your own stuff.

--
Frank Sweetser rasmusin at wpi.edu fsweetser at blee.net | PGP key available
paramount.ind.wpi.edu RedHat 5.2b2 kernel 2.1.125p1 i586 | at public servers
Why do tech supporters make such great lovers?
              Because they know when not to answer the phone!!

 
 
 

Root account

Post by Bill Unr » Wed, 14 Oct 1998 04:00:00



Quote:>So now I'm curious. What is risky about being logged in as root? Is it
>simply the danger that someone might walk up to an unoccupied terminal?
>Or can something else happen?

Yes. AND you risk doing something stupid yourself which could toast the
system (rm -r * when you thought you were in /tmp, and actually were in
/-- I did that once. Not fun)
Ie, root just has too much uncontrolled power and should be used only
when actually needed.
 
 
 

Root account

Post by Yan Seine » Wed, 14 Oct 1998 04:00:00


Amen.  I always configure the root login shell as a flaming pink color - that way,
I'm not likely to forget it's the root login.

I haven't figured out how to do that with Xwindows yet, though....  I'll learn.

Yan



> >So now I'm curious. What is risky about being logged in as root? Is it
> >simply the danger that someone might walk up to an unoccupied terminal?
> >Or can something else happen?

> Yes. AND you risk doing something stupid yourself which could toast the
> system (rm -r * when you thought you were in /tmp, and actually were in
> /-- I did that once. Not fun)
> Ie, root just has too much uncontrolled power and should be used only
> when actually needed.

 
 
 

Root account

Post by Martin Gelfa » Wed, 14 Oct 1998 04:00:00



>Hello,

>I've been told time and time again that it isn't good to be logged in as
>"root" for long periods. The implication is that there's a potential
>security breach, but no one comes out and says this.

>So now I'm curious. What is risky about being logged in as root? Is it
>simply the danger that someone might walk up to an unoccupied terminal?
>Or can something else happen?

It's not as much a security issue (though there are some programs
which one is advised not to run as root, such as netscape) as a
stupidity issue.

As a regular user, you can't accidentally erase the contents of
/etc or /sbin .  As root, you can render your system unbootable
if you are not paying attention.

Martin Gelfand
Dept of Physics, Colorado State University

 
 
 

Root account

Post by Saadiq Rodgers-Ki » Wed, 14 Oct 1998 04:00:00


The danger is that you will accidentally delete something important.  It
sounds like it won't be a problem but eventually you mistype something normal
and you have to reformat and reinstall.  Mine was deleting a directory
named /some/place/usr.  My current directory was /some/place and I quickly
typed `rm -rf /usr`.  The `-rf` part means delete directories recursively
and don't ask for confirmation.  Needless to say, when I realized my mistake
I couldn't hit CTRL-C fast enough.  I couldn't figure out what had been
deleted and what saved.  I wasn't even the sort to be logged in as root all
the time.  I was just installing something or other.

It's all about learning from other's mistakes.  Good luck.

Saadiq


Quote:>Hello,

>I've been told time and time again that it isn't good to be logged in as
>"root" for long periods. The implication is that there's a potential
>security breach, but no one comes out and says this.

>So now I'm curious. What is risky about being logged in as root? Is it
>simply the danger that someone might walk up to an unoccupied terminal?
>Or can something else happen?

>Jay Link
>InterLink BBS
>-----

>Linux can be pronounced "lye-nucks" or "lee-nucks", but never "linn-ucks".

 
 
 

Root account

Post by Alexander Vi » Wed, 14 Oct 1998 04:00:00




Quote:>Hello,

>I've been told time and time again that it isn't good to be logged in as
>"root" for long periods. The implication is that there's a potential
>security breach, but no one comes out and says this.

>So now I'm curious. What is risky about being logged in as root? Is it
>simply the danger that someone might walk up to an unoccupied terminal?
>Or can something else happen?

Yes it can. There is a bunch of programs that shouldn't be run with UID==0
(i.e. as root). E.g. you'ld better avoid doing anything telnet-related
(e.g. posting on USENET ;-/) as root. Are you sure that <substitute your
newsreader> or the program it uses to post don't contain exploitable buffer
overruns? They deal with potentially malicious data. They are _not_ supposed
to be run under root. _Any_ buffer overrun in root-owned process and you are
completely toasted. Root can do everything and once the attacker acquired
root access he can install any amount of backdoors for later use.

--
"You're one of those condescending Unix computer users!"
"Here's a nickel, kid.  Get yourself a better computer" - Dilbert.

 
 
 

Root account

Post by Jose Antonio Baduria J » Thu, 15 Oct 1998 04:00:00


Hello Jay,

    Being root gives power over all systems. Permissions in UNIX prevents you
from
doing something by mistake. If you are logged as an ordinary user, you won't
affect much
except yourself. But if you are root and you made a mistake, it might affect
the whole system.
For example, you forgot that you are in /usr/bin and thought that you are in
/home/you/tmp.
You do a rm * in /usr/bin, thinking all along that you are in /home/you/tmp,
then all of your important programs will be deleted. But if you are logged in
as an ordinary user, it will just
return an error. The files under /usr/bin are safe. There are other reasons
why it is safer to
logged in as an ordinary user and su to root only when performing
administrative tasks but
it would be too many to list. Being a system administrator, make it a habit to
close all
terminals/windows logged in as root or if you're running X-Windows, run the
xlock command
so that no one can have access to your system.

PS. Read "UNIX System Administration Handbook" by Evi Nemeth, et. al. It is
the best
book so far in UNIX System Administration.


> Hello,

> I've been told time and time again that it isn't good to be logged in as
> "root" for long periods. The implication is that there's a potential
> security breach, but no one comes out and says this.

> So now I'm curious. What is risky about being logged in as root? Is it
> simply the danger that someone might walk up to an unoccupied terminal?
> Or can something else happen?

> Jay Link
> InterLink BBS
> -----

> Linux can be pronounced "lye-nucks" or "lee-nucks", but never "linn-ucks".

 
 
 

Root account

Post by Gevik Babakhan » Thu, 15 Oct 1998 04:00:00


As far as i know there is No danger except someone else comes into the room
hits you with something
in de head makes you passout and takes over the terminal

>Hello,

>I've been told time and time again that it isn't good to be logged in as
>"root" for long periods. The implication is that there's a potential
>security breach, but no one comes out and says this.

>So now I'm curious. What is risky about being logged in as root? Is it
>simply the danger that someone might walk up to an unoccupied terminal?
>Or can something else happen?

>Jay Link
>InterLink BBS
>-----

>Linux can be pronounced "lye-nucks" or "lee-nucks", but never "linn-ucks".

 
 
 

Root account

Post by Juergen Baier » Thu, 15 Oct 1998 04:00:00


In addition to all the damages that may happen accidentally (see thread), all
files you create as root will have owner root, group root. Permissions will be
set according to your umask setting. You may not have access to these files
when you are logged in as normal user.

Juergen Baierle
EAE Ewert Ahrensburg Electronic GmbH


> Hello,

> I've been told time and time again that it isn't good to be logged in as
> "root" for long periods. The implication is that there's a potential
> security breach, but no one comes out and says this.

> So now I'm curious. What is risky about being logged in as root? Is it
> simply the danger that someone might walk up to an unoccupied terminal?
> Or can something else happen?

> Jay Link
> InterLink BBS
> -----

> Linux can be pronounced "lye-nucks" or "lee-nucks", but never "linn-ucks".

 
 
 

Root account

Post by j.. » Thu, 15 Oct 1998 04:00:00


Quote:Gevik Babakhani writes:
> As far as i know there is No danger except someone else comes into the
> room hits you with something in de head makes you passout and takes over
> the terminal

No.  There are three dangers:

a) Operator error.  A simple typo by root can destroy your system.
b) Buggy software.  A bug in a program run as root can destroy your system.
c) Malice.  Many cracks depend on getting you to run a trojan as root.
--
John Hasler

Dancing Horse Hill
Elmwood, WI

 
 
 

Root account

Post by Neil Ricke » Thu, 15 Oct 1998 04:00:00



>I've been told time and time again that it isn't good to be logged in as
>"root" for long periods. The implication is that there's a potential
>security breach, but no one comes out and says this.
>So now I'm curious. What is risky about being logged in as root? Is it
>simply the danger that someone might walk up to an unoccupied terminal?
>Or can something else happen?

I keep my use of the root account to a mininum, because I a
paranoid.  I know that the moment my attention is distracted, some
villain is going to come up to my computer, and inflict great damage
on it.

I even know who this villain is.  It is I.

[In other words, this is a matter of protection against the dumb
mistakes we all make.]

 
 
 

Root account

Post by |[T3PO] » Fri, 16 Oct 1998 04:00:00


My advice for root in X is just make yourself a COOL obvious background.
This way you'll know when your root. Something good like. Like a galaxy I
find is cool sign of power. :)


>Amen.  I always configure the root login shell as a flaming pink color -
that way,
>I'm not likely to forget it's the root login.

>I haven't figured out how to do that with Xwindows yet, though....  I'll
learn.

>Yan



writes:

>> >So now I'm curious. What is risky about being logged in as root? Is it
>> >simply the danger that someone might walk up to an unoccupied terminal?
>> >Or can something else happen?

>> Yes. AND you risk doing something stupid yourself which could toast the
>> system (rm -r * when you thought you were in /tmp, and actually were in
>> /-- I did that once. Not fun)
>> Ie, root just has too much uncontrolled power and should be used only
>> when actually needed.

 
 
 

Root account

Post by Jens-U. Mozdze » Wed, 21 Oct 1998 04:00:00



> As far as i know there is No danger except someone else comes into the room
> hits you with something
> in de head makes you passout and takes over the terminal

> >Hello,

> >I've been told time and time again that it isn't good to be logged in as
> >"root" for long periods. The implication is that there's a potential
> >security breach, but no one comes out and says this.

> >So now I'm curious. What is risky about being logged in as root? Is it
> >simply the danger that someone might walk up to an unoccupied terminal?
> >Or can something else happen?
>[...]

A *very* long time ago there seemed to be a risk with having a root
login caused by ANSI display code implementations... there were (are?)
sequences that allow to remap keys. So if you're logged on as root, and
have your terminal open so somebody can use write(1) or alike to write
online messages to you, your keyboard could be remapped in a way that
the next time you hit enter, strange things might happen (remap enter to
";cd /;rm -rf * <enter>" would be one of the less friendly
possibilities).

I haven't checked if the console code of Linux still does allow for
these codes.

Regards,
Jens
--

Schleswiger Damm 200                          | phone & fax
++49-40-5595175
D-22457 Hamburg, Germany                      |

 
 
 

1. /etc/account (was: Re: locked my root account...help !)


: : [...]
: : This also shows why you can't lock someone's account just by changing their
: : shell to /bin/false or just a NULL field
Maybe this is a stupid question, but I do not understand this:
If the user cannot log in because he has an invalid shell, he
is unable to change that.
I followed the thread but I wonder what does the statement 'this shows'
actually mean?

Sincerely
 Friedemann Buergel

2. random file editing

3. opening accounts from a non-root account ..

4. Please help! Problem with SIGALRM and setitimer

5. Root privilege using non-root account

6. Using My Box to Relay Spam

7. DHCPCD from non root account

8. Authentication across two servers

9. root account has exired

10. Changing root account name?

11. Does anyone know how to configure identd for a root account?

12. HELP: No Shell for root account

13. open root account after NIM install