Very Computer

Hello,

I've been told time and time again that it isn't good to be logged in as
"root" for long periods. The implication is that there's a potential
security breach, but no one comes out and says this.

So now I'm curious. What is risky about being logged in as root? Is it
simply the danger that someone might walk up to an unoccupied terminal?
Or can something else happen?

Jay Link
InterLink BBS
-----

Linux can be pronounced "lye-nucks" or "lee-nucks", but never "linn-ucks".

well, there is the danger of someone coming up to an unoccupied terminal.
however, the greatest danger is actual the person logged in as root - a
typo as root can easily be disasterous.  the classic is typing something
along the lines of

cd /
rm -Rf tmp/ *

instead of

rm -Rf tmp/*

this would totally hose your system, while as a normal user, you can only
hose your own stuff.

--
Frank Sweetser rasmusin at wpi.edu fsweetser at blee.net | PGP key available
paramount.ind.wpi.edu RedHat 5.2b2 kernel 2.1.125p1 i586 | at public servers
Why do tech supporters make such great lovers?
              Because they know when not to answer the phone!!

Quote:>So now I'm curious. What is risky about being logged in as root? Is it
>simply the danger that someone might walk up to an unoccupied terminal?
>Or can something else happen?

Yes. AND you risk doing something stupid yourself which could toast the
system (rm -r * when you thought you were in /tmp, and actually were in
/-- I did that once. Not fun)
Ie, root just has too much uncontrolled power and should be used only
when actually needed.

Amen.  I always configure the root login shell as a flaming pink color - that way,
I'm not likely to forget it's the root login.

I haven't figured out how to do that with Xwindows yet, though....  I'll learn.

Yan

It's not as much a security issue (though there are some programs
which one is advised not to run as root, such as netscape) as a
stupidity issue.

As a regular user, you can't accidentally erase the contents of
/etc or /sbin .  As root, you can render your system unbootable
if you are not paying attention.

Martin Gelfand
Dept of Physics, Colorado State University

The danger is that you will accidentally delete something important.  It
sounds like it won't be a problem but eventually you mistype something normal
and you have to reformat and reinstall.  Mine was deleting a directory
named /some/place/usr.  My current directory was /some/place and I quickly
typed `rm -rf /usr`.  The `-rf` part means delete directories recursively
and don't ask for confirmation.  Needless to say, when I realized my mistake
I couldn't hit CTRL-C fast enough.  I couldn't figure out what had been
deleted and what saved.  I wasn't even the sort to be logged in as root all
the time.  I was just installing something or other.

It's all about learning from other's mistakes.  Good luck.

Saadiq

Quote:>Hello,

>I've been told time and time again that it isn't good to be logged in as
>"root" for long periods. The implication is that there's a potential
>security breach, but no one comes out and says this.

>So now I'm curious. What is risky about being logged in as root? Is it
>simply the danger that someone might walk up to an unoccupied terminal?
>Or can something else happen?

>Jay Link
>InterLink BBS
>-----

>Linux can be pronounced "lye-nucks" or "lee-nucks", but never "linn-ucks".

Quote:>Hello,

>I've been told time and time again that it isn't good to be logged in as
>"root" for long periods. The implication is that there's a potential
>security breach, but no one comes out and says this.

>So now I'm curious. What is risky about being logged in as root? Is it
>simply the danger that someone might walk up to an unoccupied terminal?
>Or can something else happen?

Yes it can. There is a bunch of programs that shouldn't be run with UID==0
(i.e. as root). E.g. you'ld better avoid doing anything telnet-related
(e.g. posting on USENET ;-/) as root. Are you sure that <substitute your
newsreader> or the program it uses to post don't contain exploitable buffer
overruns? They deal with potentially malicious data. They are _not_ supposed
to be run under root. _Any_ buffer overrun in root-owned process and you are
completely toasted. Root can do everything and once the attacker acquired
root access he can install any amount of backdoors for later use.

--
"You're one of those condescending Unix computer users!"
"Here's a nickel, kid.  Get yourself a better computer" - Dilbert.

Hello Jay,

    Being root gives power over all systems. Permissions in UNIX prevents you
from
doing something by mistake. If you are logged as an ordinary user, you won't
affect much
except yourself. But if you are root and you made a mistake, it might affect
the whole system.
For example, you forgot that you are in /usr/bin and thought that you are in
/home/you/tmp.
You do a rm * in /usr/bin, thinking all along that you are in /home/you/tmp,
then all of your important programs will be deleted. But if you are logged in
as an ordinary user, it will just
return an error. The files under /usr/bin are safe. There are other reasons
why it is safer to
logged in as an ordinary user and su to root only when performing
administrative tasks but
it would be too many to list. Being a system administrator, make it a habit to
close all
terminals/windows logged in as root or if you're running X-Windows, run the
xlock command
so that no one can have access to your system.

PS. Read "UNIX System Administration Handbook" by Evi Nemeth, et. al. It is
the best
book so far in UNIX System Administration.

As far as i know there is No danger except someone else comes into the room
hits you with something
in de head makes you passout and takes over the terminal

In addition to all the damages that may happen accidentally (see thread), all
files you create as root will have owner root, group root. Permissions will be
set according to your umask setting. You may not have access to these files
when you are logged in as normal user.

Juergen Baierle
EAE Ewert Ahrensburg Electronic GmbH

Quote:Gevik Babakhani writes:
> As far as i know there is No danger except someone else comes into the
> room hits you with something in de head makes you passout and takes over
> the terminal

No.  There are three dangers:

a) Operator error.  A simple typo by root can destroy your system.
b) Buggy software.  A bug in a program run as root can destroy your system.
c) Malice.  Many cracks depend on getting you to run a trojan as root.
--
John Hasler

Dancing Horse Hill
Elmwood, WI

I keep my use of the root account to a mininum, because I a
paranoid.  I know that the moment my attention is distracted, some
villain is going to come up to my computer, and inflict great damage
on it.

I even know who this villain is.  It is I.

[In other words, this is a matter of protection against the dumb
mistakes we all make.]

My advice for root in X is just make yourself a COOL obvious background.
This way you'll know when your root. Something good like. Like a galaxy I
find is cool sign of power. :)

A *very* long time ago there seemed to be a risk with having a root
login caused by ANSI display code implementations... there were (are?)
sequences that allow to remap keys. So if you're logged on as root, and
have your terminal open so somebody can use write(1) or alike to write
online messages to you, your keyboard could be remapped in a way that
the next time you hit enter, strange things might happen (remap enter to
";cd /;rm -rf * <enter>" would be one of the less friendly
possibilities).

I haven't checked if the console code of Linux still does allow for
these codes.

Regards,
Jens
--

Schleswiger Damm 200                          | phone & fax
++49-40-5595175
D-22457 Hamburg, Germany                      |