> geoffro, please don’t be upset. My intention is not to contradict
> anyone, and certainly not someone as experienced as you. And yes, I
> understand the differences of running as root vs escalated privileges
> (or at least I think I do).
> However, I also understand that opensuse sets root account for
> maintenance tasks, and the case in question is one. If the root account
> should never be used it shouldn’t be there, as some distros do.
> I have used the root account maybe three times during the last three
> years, and the last time was exactly for this, to allow the nvidia
> program to change xorg.conf after a change of monitors.
> Again, I’m not advocating the indiscriminate use o root, but it has
> it’s uses. Just that.
> While being so careful do you also watch out for the hackers turning
> you machine into a spam bot?
> I suppose watching out for unusual network activity counts? And running
> clamav sporadically? If I don’t run any servers in a home machine am I
> heading for disaster just by logging into root?
> Well, I’m not looking for a flame, nor trying to be ironic. Again, my
> apologies. I’ll refrain from posting this sort of thing again.
Frankly, the dogma that one must never login as root strikes me as pure
paranoia. I think you made a very valid point with your observation that
the red wallpaper with all those bombs reminds you to be careful. It is a
visual reminder, making it more difficult to “forget” you are running with
root privileges. It is far from perfect, of course, since simply running
the application maximized or in full screen mode tends to hide that “scary”
wallpaper! But it is a bit more than the visual reminder you get when
running in a console.
The points on which I think we would all agree is that one must be careful
when running with root privileges. Giving root privileges to any
application that does not require them is complete folly. When root
privileges are required, one should obtain them in some way, do what needs
to be done, and then immediately relinquish those privileges.
Forgetting that last part is where one is asking for disaster, regardless of
how those privileges are obtained. IMHO, this is the root cause of the
paranoia surrounding the concept of “login as root”. One just might not
remember to log out, and continue to run other applications! OTOH, the
same problem exists when using “su” in console if you forget to exit.
Which is worse? Chevy or Ford?
There is, however, another aspect to this that concerns me more than the
question whether one should ever login as root. In order to avoid this
issue, more and more applications (such as YaST) are prompting for the root
password so they can obtain root privileges for themselves. Great idea? I
wonder. Inexperienced users (and even experienced ones for that matter)
seem happy to provide that password without hesitation. Why? Because it
is quick, easy, and socially acceptable (since they are admonished over and
over again that to login as root is “bad”). And these applications are
completely trustworthy, right?
A major security problem we see in Windows is that it is very common for the
user to be running everything with “administrative” privileges (whatever
that actually means). Some equate this to logging in as root. Perhaps
this is the true basis of the admonishion. But as more and more casual
linux users get accustomed to providing the root password to every
application that prompts for it, their systems are no more secure than any
other. How long will it be before some game program comes along prompting
for the root password? It’s a mute question, I suppose, since the same
users who would respond to that prompt would just as happily log in as root
if that was required to play the latest game.
I guess my point is that you are fooling yourself if you think your system
is safe simply because you never login as root. That is well down on the
list of concerns I have for things that might compromise my system!
There! I’ve given my opinion. Flame away! Only it probably should be in
some other forum, as I fail to see how this concerns “hardware”.
The real problem is apathy. If only we could get people to wake up and
realize we could solve the problems in the whole world if we all simply
showed some concern about them! Oh, who cares anyway? Forget about it.