Using the root account on a single-user system

2

On Linux systems it is widely considered a best practice using the root account only on occasions that necessitate administrative privileges, or disabling it altogether and relying solely on sudo to accomplish any task that requires elevated rights.

Now, while I can see the benefit of this mindset on an actual multi-user system, where the usage of the root account has the potential of catastrophic consequences for the data of every user of the system, and thus should be minimized, I don’t see any value in it on a single-user desktop system, since the real value here is of personal data which is fully available to the regular user account and thus vulnerable to accidents or attacks anyway. Safety of system files is not a real concern. On the other hand, having to request elevated rights for system administration is an obvious inconvenience.

Considering these, my question is whether there’s any other benefit of not using / any risk of using the root account as the primary user account on a single-user system.

Joó Ádám

Posted 2013-10-20T16:11:39.273

Reputation: 121

Question was closed 2013-10-27T01:39:46.160

The answer to this will differ from person to person, because it is largely one of opinion and individual practice/application. – Moses – 2013-10-27T01:39:30.690

Answers

5

Not using the root account in your day-to-day activities is all about damage control. The applications that you use might have flaws in them. They may be exploitable or they may just crash under specific circumstances. If you are running as a normal user then most flaws that allow something malicious to "break out" of your application will only be able to, usually, trash your home folder. However, if you are running as root then an application flaw can allow your entire system to be hosed as root has permissions everywhere. Running as a regular user isn't a panacea but it provides an extra hoop for malicious or accidental damage to your file-system.

headkase

Posted 2013-10-20T16:11:39.273

Reputation: 1 690

3

I'd also add that the principle of least privilege (http://en.m.wikipedia.org/wiki/Principle_of_least_privilege) is a tenant of IT security... If you only NEED root privileges 5% of the time, then you should only be running with root privileges 5% of the time.

– Brian Adkins – 2013-10-20T18:01:18.523

Accidental damage is also a real possibility if you are running as root.Do not execute this command:"rm -rf /"You can be using tab-completion with the intent of typing a few letters after the "/" and tab to complete them but instead press Enter by accident.If you are a regular user then the command will fail.If you are root you just deleted your file-system no matter how fast you press Ctrl+C.Some versions of"rm"are compiled to recognize that specific command and disallow it but you can't rely on your specific distribution to save you from that example - not all of them have that protection. – headkase – 2013-10-20T18:14:06.603

I’m a little confused here. I very intentionally covered this argument in my question. On my desktop system trashing my home folder is a disaster, because it trashes all my personal data. Trashing anything else, I don’t really care, because I can always reinstall the complete system. Protecting /etc but not protecting /home/me benefits me nothing on a single-user machine. Can you please elaborate your point in the light of this? – Joó Ádám – 2013-10-20T19:49:48.540

That is a good argument and has been brought up many times. There is usually a fair amount of time and effort put into configuring the underlying system and that can be saved by not running as root. As preparing for any eventuality should be considered, regularly making back-ups of your user-information is also a good practice to go in hand with not running as root. – headkase – 2013-10-20T20:08:58.670

@JoóÁdám: As a piece of generic advice, if accidentally deleting important data in your home directory is more of a calamity than having to reinstall the entire system, you should probably drop whatever it is you're doing immediately and get to work on some backups. – Marcks Thomas – 2013-10-22T15:28:12.100

@MarcksThomas: Of course I have daily backups of my personal data, but in the same vein you could advice to back up your system too, therefore having the system directories protected from damage has no more merits. – Joó Ádám – 2013-10-23T17:51:11.100

1

I bought a car just to drive around the block to the grocery shop. This is a quiet neighborhood, no one drives faster than 10 km/h. Why do I need to buckle up? Why do I need a working horn? Why do I need to make sure that my brakes are in good working order?

To answer your specific question, yes, indeed, you can construct a use case where it will appear that using root habitually does no damage. However, it will create bad habits which will come to bite you when you will be using a more conventional setup.

sds

Posted 2013-10-20T16:11:39.273

Reputation: 1 600

I don’t see how the presented use case, i.e. a single-user system is something artificial that must be „constructed”. I’m not sure what do you refer to when you say it will bite back later. Also, I think the more apt analogy would be having the snow chains up midsummer. – Joó Ádám – 2013-10-20T16:49:13.230

Asked: 2013-10-20T16:11:39.273

Viewed: 300 times

Active: 2013-10-20T17:09:53.413