Why not login as root?

[kenbb99]

Why do I keep reading that I shouldn't log in as root? So far as I can tell, the reasons, and my thoughts on them, are as follows:

1) "You can wreck your install by mistake."
I can wreck my install by mistake without logging in as root. I've done it. I didn't even have to type a password to do it. To do a lot of basic tasks I have to sudo or sudo su which, so far as I can tell, sets me up to wreck my system in the same way as logging in as root.

2) "It's insecure."
No one else uses my system. It's in my home office. No one comes in here. (Now if I vacuumed once in a while ...)

3) "The outside world can run scripts and viruses that will wreck your install."
I have a hardware firewall. I read in a forum somewhere that Ubuntu does not have a software firewall or virus scanner because Linux is inherently secure. I think you could make almost any operating system secure by including a software firewall and a virus scanner, putting them behind a hardware firewall and asking users to type in passwords all the time.

4) "This protects you from yourself."
This sounds very paternalistic. I don't want to be protected from myself. Not letting me drink beer would also protect me from myself but I like to have one now and then. I've read that one of the strong features of Linux is that it is configurable. That is probably so, but it sure is like pulling my own teeth to do it. Now if I was logged in as root all the time ...

5) "That is the way it is designed."
Is that a bug or a feature?

I find these answers unconvincing and still want to log in as root. All the time. I tried to set up auto login as root but the message says that that's forbidden. I guess that's one of those things that's not configurable.

In case it is not obvious, I am pretty new to Ubuntu. I have spent about 50 hours setting up and configuring my system - most of it researching how to solve problems, not actually solving the problems by the way - and about 5 hours using it. I have about another 10 hours to go, I think. Logging in as root could possibly reduce this figure a bit and make me a lot happier with the system or increase it a lot and make me just a bit annoyed.

What am I missing? Why not go the root route?

[blazercist]

the reason linux and ubuntu especially are "inherently secure" is because most competent users will work under a user account with limited priveleges and only use root account wen necessary. That way wen you are doing arbitrary stuff like surfing the apps and scripts etc that get run dont all have root permissions. You are most likely coming in from a winXP environment or something similar where u were always logged in as an Administrator and you are feeling the pain of transition and change. One of the major reasons why windows is so insecure is because of the fact that most people always run as Admin or Power User as opposed to using the regular user accounts. Ubuntu has root disabled by default to prevent such a behavior, sudo requires a password and allows you the flexibility to use root privileges when its necessary without the tediousness of logging in and out of the root account.

also running in the user account without root access gives you a special "heads up" basically, if you are a user and you try to change something that could possibly affect the way your system operates from example xorg.conf (video configuration file) it wont allow you. itll tell you that you dont have the permission, this is a final line of defense for newbies and experts alike, it gives you a warning that what you are about to do may have serious consequences and you should think twice.

Perhaps you dont mind screwing up your system and having to reinstall because you want to learn from your mistakes, but for the most part the majority of users want that extra line of protection because they dont want to have to reinstall.

[sdennie]

First, read this post: http://ubuntuforums.org/showthread.php?t=765414

4) "This protects you from yourself."
This sounds very paternalistic. I don't want to be protected from myself. Not letting me drink beer would also protect me from myself but I like to have one now and then. I've read that one of the strong features of Linux is that it is configurable. That is probably so, but it sure is like pulling my own teeth to do it. Now if I was logged in as root all the time ...

It doesn't matter how smart you are or how long you've used Unix/Linux, if you login as root all the time, you *will* at some point completely destroy your machine. It's a matter of "when" and not "if".

[bodhi.zazen]

Why not login as root?

For all the reasons you gave,

Although there are exceptions, this kind of sentiment is most often voiced by inexperienced users who do not want to be bothered to learn a new OS. They take short cuts and eventually regret it.

Even Microsoft learned this lesson (even Windows no longer auto logs you in, let alone as an administrator).

Now you are of course welcome to run your machine as you see fit, but, if you are experienced, what is the big deal of typing :

Code:

sudo -i

and entering a password ? It is not really that big a deal.

And no, you are not the only one on your computer (as long as it is connected to the internet).

With the exception of security (I know of no security expert who would advise you run X as root) your points are valid and you may run as root if you wish. This is not supported on these forums.

Your analysis of firewalls is flawed, they help, but they are by no means a panacea. Even windows security goes way beyond a firewall. If you run a server you need to know how to secure it. By default, Ubuntu Desktop has no servers running, so there is nothing to firewall.

[forger]

Can I add a real reason?
1) Say you have openssh-server / sshd enabled. While someone tries to break into your desktop, they'll logically try "root" as the first account, which doesn't have a password set This way you keep unwanted visitors off your private electronic (and physical) property...

[kenbb99]

blazercist:

I understand that an operating system that makes you type passwords all the time (along the lines of "are you sure?") will be more secure than one that doesn't. I don't think that's the same as inherently secure, it just makes it a lot harder to change things. It sounds like you're saying that Windows would be more secure if you had to type in passwords all the time. I'm not sure that's what people mean by "inherently secure" since it is possible to log in as regular user in XP and only log in as Admin when you want to change something. (Yes, I am trying to transition from Windows XP.)

I'm not sure why I don't want to have root rights when I'm surfing. I'm not making any changes to my system then. I don't write scripts too much (just 8 so far), and if I need to, can't I just log in as user to keep from making a mistake? I would rather experience the tediousness of logging out and then in as user occasionally than having to type my password in, literally, at least 50 times a day.

Having to type my password in all the time doesn't give me a heads up since it happens so often, for even the seemingly most routine tasks. I now just ignore it and type in my password as fast as I can so I can go on with what I'm doing. I may change my password from a secure one to 1 character to speed this up. I don't seem to be able to change my password to "Enter".

I do mind screwing up my system all the time, or at all for that matter, but, as I mentioned, I was able to do that when logged in as user without having to enter a password.

vor:

Thanks, but this is one of those paternalistic "we're just saving you from yourself" answers I've seen before. As I mentioned to blazercist, I am a Windows XP user. I have not completely destroyed my XP machine in at least 10 years. I am logged in as Admin all the time under XP. How can anyone predict that I *will* completely destroy my machine? Even if I'm not very smart and haven't used Ubuntu for very long, I won't necessarily destroy my machine. Unless there's something about Ubuntu I don't know.


I'm not trying to defend XP. I'm trying to get away from it and still be able to set my system up the way I want and work reasonably efficiently. Still looking for an answer ...

[Frak]

1) "You can wreck your install by mistake."
I can wreck my install by mistake without logging in as root. I've done it. I didn't even have to type a password to do it. To do a lot of basic tasks I have to sudo or sudo su which, so far as I can tell, sets me up to wreck my system in the same way as logging in as root.

It's to keep you from wrecking your system while on it.

2) "It's insecure."
No one else uses my system. It's in my home office. No one comes in here. (Now if I vacuumed once in a while ...)

When you're on the internet, everybody uses your system.

3) "The outside world can run scripts and viruses that will wreck your install."
I have a hardware firewall. I read in a forum somewhere that Ubuntu does not have a software firewall or virus scanner because Linux is inherently secure. I think you could make almost any operating system secure by including a software firewall and a virus scanner, putting them behind a hardware firewall and asking users to type in passwords all the time.

Linux has a built-in firewall called iptables. There are anti-virus programs available for Linux, but they are used to scan Windows computers/partitions. But yes, Hardware firewalls are inherently more secure because they cannot be tampered with as easily.

4) "This protects you from yourself."
This sounds very paternalistic. I don't want to be protected from myself. Not letting me drink beer would also protect me from myself but I like to have one now and then. I've read that one of the strong features of Linux is that it is configurable. That is probably so, but it sure is like pulling my own teeth to do it. Now if I was logged in as root all the time ...

Paternalistic is not allowing you to log in as root at all. You always have the option of using the root privileges.

5) "That is the way it is designed."
Is that a bug or a feature?

Feature. Even Windows has a "sudo" like mode when run under limited account instead of default administrative (Virii cannot install themselves without an admin account)

OS X uses carbon-sudo as its main authentication system.

[mrgnash]

If you know what you're doing, you can configure Ubuntu to login as root without too much trouble. If you don't, then you shouldn't even be contemplating it.

[Dr Small]

I am all for you running your system the way you want to, and will not stop you. But you can't come complaining to us if you do wreck the system.

Running as Root is somewhat dangerous, but I believe it is over exagerated at times, like alot of things in life. Run your system as you see fit.

[wrtpeeps]

Thanks, but this is one of those paternalistic "we're just saving you from yourself" answers I've seen before. As I mentioned to blazercist, I am a Windows XP user. I have not completely destroyed my XP machine in at least 10 years. I am logged in as Admin all the time under XP. How can anyone predict that I *will* completely destroy my machine? Even if I'm not very smart and haven't used Ubuntu for very long, I won't necessarily destroy my machine. Unless there's something about Ubuntu I don't know.


I'm not trying to defend XP. I'm trying to get away from it and still be able to set my system up the way I want and work reasonably efficiently. Still looking for an answer ...

Even as admin in xp, there is a limited amount you can do. Windows will still block you from doing things that will damage your system.