85

I have a feeling this is a stupid question, but this is something I've wondered for awhile.

I have a VPS and this is my first big linux venture. I am the only person who has access to it. My question is, what is wrong with just logging in as root as opposed to making an account and giving them sudo access? If a sudoer can do everything root can, then what's the difference? If a hacker could crack my password to my standard, non-root account, then he could also execute sudo commands, so how does a hacker cracking my root account matter any more or less?

Amandasaurus
  • 30,211
  • 62
  • 184
  • 246
ryeguy
  • 1,071
  • 1
  • 11
  • 11
  • 29
    I'd also comment that if you're unfamiliar with the "Unix Way", this isn't a stupid question. You should get a bonus for thinking to ask the question in the first place as a new Linux admin. – Bart Silverstrim Aug 24 '09 at 14:42
  • And I'd like to comment to some of the answers. Particularily the ones that say "you can screw up stuff being root". I don't think that is the point... "rm -rf /" does the same as "sudo rm -rf /". The point lies in that that things like "sudo rm" do not work, yet "sudo startMyApp on low port" works. – Zlatko Aug 03 '12 at 23:55
  • what is wrong with never being? – ostendali Oct 21 '15 at 17:06

14 Answers14

71

If you're logged in as root, you can easily wipe directories or do something that in retrospect is really dumb on the system with the flip of a finger, while as a user you normally have to put a few extra mental cycles into what you're typing before doing something that is dangerous.

Also any program you run as root as root privileges, meaning if someone or something gets you to run/compile/browse a website that is dangerous and wants to damage your system, such as a trojan or other malware, it has full access to your system and can do what it wants, including access to TCP ports below 1024 (so it can turn your system into a remailer without your knowledge, for example).

Basically you're kind of asking for trouble that logging in as yourself may prevent. I've known many people that ended up being glad they had that safety net in a moment of carelessness.

EDIT: There is also the issue of root being the most well known, thus an easy target, for scripts and hacks. Systems that disable the account and instead force users to use sudo means that any attempt to crack root from ssh or a local exploit to the account are banging their heads against a wall. They'd have to guess/crack a password and username. It's security through obscurity to a degree but it's hard to argue that it doesn't foil most script kiddie attacks.

Bart Silverstrim
  • 31,092
  • 9
  • 65
  • 87
  • 25
    +1 - Using "sudo" makes executing programs as root an overt act. It's not a matter of "stopping hackers", it's a matter of getting you in the habit of working as a non-privileged user and making the invocation of root privileges an intended, overt act. – Evan Anderson Aug 24 '09 at 14:32
  • +1 - Evan pretty much hit the nail on the head with his comment. – KPWINC Aug 24 '09 at 14:39
  • 2
    I'm beginning to wonder if Evan is really an AI. – Bart Silverstrim Aug 24 '09 at 14:45
  • 12
    Sudo also adds an audit trail. As who, what, and when is logged when run as sudo. Which log file can vary with distro but RedHat distros tend to use /var/log/secure and Ubuntu uses /var/log/auth.log...I'm not sure if this is true for all Debian based distros. – 3dinfluence Aug 24 '09 at 15:26
  • 3
    +1 - it's not just about rights to create stuff or do stuff, it's also about rights to destroy. Logging on as root (or the equivalent on any other OS for that matter) is like walking around carrying a gun with the safety off. You might never intentionally touch that trigger, but would you trust yourself to do it all the same? – Maximus Minimus Aug 24 '09 at 15:29
  • 3
    mh: /me puts on his cowboy hat, flicks off the safety on his pistol, opens a beer, mutters in a low grumble something about pansies, and then logs in as root. – Kyle Brandt Aug 24 '09 at 16:04
  • 1
    @Kyle Brandt:insert theme to The Good, The Bad, and the Ugly here... – Bart Silverstrim Aug 24 '09 at 16:30
  • 1
    One thing though: it is impossible to set up an account under sudo that can do everything EXCEPT this or that: getting around it is trivial. Best uses for sudo are: 1) to give others ability to do a few select things as root; 2) to keep an audit trail for root. – Mei Aug 25 '09 at 01:00
  • If you are doing system administration, you must run as root. If you only develop and deploy web applications which do not run in a production environment, you must not run as root. It's that simple. System level work requires root, application level work does not. – lee Oct 21 '15 at 17:01
29

If you wouldn't allow an idiot to log in to your server as root, then don't always run as root yourself. Unless you can hand on heart say you've never been an idiot. No, really? You sure? :)

Benefit: reduces possibility of you being root and an idiot simultaneously.

Tom Newton
  • 4,021
  • 2
  • 23
  • 28
  • 6
    +1 - "Benefit: reduces possibility of you being root and an idiot simultaneously." I absolutely love this. – Evan Anderson Aug 24 '09 at 15:26
  • +1 for the Scott Adams' philosophy that everyone is an idiot. :) Yes, that means you and I too. – Ernie Aug 24 '09 at 15:55
  • Absolutely - this is one of my key questions in job interviews - when did you last screw up? Everyone has, you only need to read the threads on here about "most entertaining sysadmin fubar" or whatever. If someone won't admit to having made a real dumb error at least once in their lives, there's probably a handful of reasons you don't want to work with them. – Tom Newton Aug 25 '09 at 10:34
9

The main reason is mistakes. If you are always root, simple typo might really screw up the system. If you only log in as root or use sudo to do things that require it you minimize the risk of making a dangerous mistake.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
9

When you're root you get lazy about permissions, since you have access to everything all the time, you don't care when things are 777 or 644 or whatever. So if you ever do let anybody else on to your system that you don't want to have access to everything, it all of a sudden becomes a real hardship to make the machine safe to use by other people.

Stu
  • 2,118
  • 2
  • 15
  • 21
  • 5
    This is called "root rot". – kmarsh Aug 24 '09 at 14:47
  • 1
    I like that term, "root rot". Indeed, running as root all the time can turn *nix machines into freaky Windows 95-like machines with no semblence of multi-user security. (I remember a SCO machine, years ago, where every user on the shared accounting app. was running as root because "it made the permission issues go away". >sigh<) – Evan Anderson Aug 24 '09 at 15:28
  • I remember getting an explanation like that -- they had a mailinglist tool running as root, along with sendmail. My reply was "The permission issues went away for the hackers too." – duffbeer703 Aug 24 '09 at 19:24
7

There are a few key priciples behind not logging in as root: 1) Root password is never sent across the network at login time 2) No way to tell who did something if multiple users login as the same account(root or other). 3) Accidentally doing something 'stupid'

Jeff Hengesbach
  • 1,762
  • 10
  • 10
3

It's more for protection against yourself so that you have a second chance to review the higher privilege commands you're trying to run, analogous to UAC in Windows. It's pretty easy to accidentally do something like rm -rf / while logged in as root.

In addition, you have traceability. This isn't a big problem in your situation where you're the only one (theoretically) issuing commands but the ability to log and trace back to an individual is a key component to many forms of analysis.

squillman
  • 37,618
  • 10
  • 90
  • 145
  • Traceability is crucial in systems where more than one person works as a sysadmin. It is not just desirable it is mandated by regulatory regimes. – APC Aug 25 '09 at 05:54
  • I did this on Friday. instead of deleting "/dump/folder /" I deleted folder /. One stinking backslash reminded me of why we don't login as root. – oneodd1 Aug 25 '09 at 15:20
2

The difference is mainly:
that you can't do anything bad by accident.
that "evil" code cannot take over the system.
Notice: evil code does not necessarily mean that anyone has already access to the system.

StampedeXV
  • 321
  • 1
  • 6
  • I've noticed that these days, evil code usually means spam bots, which can run as any user. – Ernie Aug 24 '09 at 15:53
  • If you think of a virus (trying to destroy something) or a rootkit, then it is a lot more complicated for the malware if you are not a root. – StampedeXV Aug 25 '09 at 06:19
2

You should always use accounts with the lowest level of privilege possible. Running as root all of the time encourages bad habits and laziness that will make life unpleasant when you are working with multiple users or expose something to a public/semi-public network.

Also keep in mind that password cracking is only one compromise scenario -- and isn't the most common scenario either. You're more likely to fall victim to a browser vulnerability, or a vulnerability in some daemon thats running on your system.

Think about code that you use without thinking. For example, the Linux port of Adobe Flash, which is a steaming pile of poop that has only become usable in the relatively recent past. How secure do you think that code is? Do you want that to be able to exert full control of your system?

duffbeer703
  • 20,077
  • 4
  • 30
  • 39
2

It can prevent against SSH brute force attacks. Every unix has a 'root' account. However it's not clear from the outside what your 'sudo' username would be. Hence if someone wants to try to brute force their way in, they know there's a root account and will probably try it. However they don't know where to start if you're using sudo.

Amandasaurus
  • 30,211
  • 62
  • 184
  • 246
1

My advice would be to try using root all the time for a while; you'll soon discover why you shouldn't :)

Chopper3
  • 100,240
  • 9
  • 106
  • 238
1

Even if I don't trust in "security by obscurity", there is surely an advantage to use a custom login instead of the ever-existing root login. You can thus also configure SSH to prevent root logging in.

As other said too, root can do everything without any confirmation. So using an unprivileged user can prevent stupid mistake and typos.

Another argument in favor of multiple user accounts is to run different softwares under different users. Doing this, if a security flaw is exploited in one application, the exploiter can only access files and resources accessible to its running user.

One last point for not using root : resource consumption. Root has no limit on how much memory, processing time, file handlers or disk space he can use. On a lot of filesystems, there are data blocks which are reserved only to root. So a normal user can never use them to fill your disk. ulimit command can also be used to restrict the memory and file handler number a user can consume. But if you are root (or an application running as root), nothing prevent you to change this limit.

rolaf
  • 558
  • 1
  • 3
  • 8
0

Yes, I agree with you, and I think that is a question of protection against human errors and sometimes against malicious programs. The bad thing that I have never seen is that using root as the default gnome account.
I think that most users that do that are the Windows users recently migrated to Linux or Unix. Try to copy the usage of the Administrator privilege to root.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Ali Mezgani
  • 3,810
  • 2
  • 23
  • 36
0

There is nothing wrong with being logged in as root. It helps develop muscle memory to only type safe commands and promotes accuracy of thought when performing actions with big consequences. I highly recommend working as root to get better at system administration.

you also get to do cool stuff like ping -i 0.2 -c 1000 example.com

lee
  • 599
  • 3
  • 7