What are reasons to run as root and what not to run as root?

Here you can discuss every aspect of Debian. Note: not for support requests!

What are reasons to run as root and what not to run as root?

Postby annadane » 2016-12-22 21:31

Basically title
annadane
 
Posts: 17
Joined: 2016-12-01 16:57


Re: What are reasons to run as root and what not to run as r

Postby Segfault » 2016-12-22 22:25

When you put your thinking cap on it will come to you. Otherwise, here you go.
Segfault
 
Posts: 467
Joined: 2005-09-24 12:24

Re: What are reasons to run as root and what not to run as r

Postby GarryRicketson » 2016-12-22 22:36

If accessing file or a directory requires the user to be "root", then the user needs to be
root.

Other wise there is no reason to be using/running a system as root.
Is this a serious question , or is it some kind joke ?
I don't get it.
They did try to warn me:
Code: Select all
/ You will be the victim of a bizarre \
\ joke.                               /
 -------------------------------------
          \
           \
            \          __---__
                    _-       /--______
               __--( /     \ )XXXXXXXXXXX\v.
             .-XXX(   O   O  )XXXXXXXXXXXXXXX-
            /XXX(       U     )        XXXXXXX\
          /XXXXX(              )--_  XXXXXXXXXXX\
         /XXXXX/ (      O     )   XXXXXX   \XXXXX\
         XXXXX/   /            XXXXXX   \__ \XXXXX
         XXXXXX__/          XXXXXX         \__---->
 ---___  XXX__/          XXXXXX      \__         /
   \-  --__/   ___/\  XXXXXX            /  ___--/=
    \-\    ___/    XXXXXX              '--- XXXXXX
       \-\/XXX\ XXXXXX                      /XXXXX
         \XXXXXXXXX   \                    /XXXXX/
          \XXXXXX      >                 _/XXXXX/
            \XXXXX--__/              __-- XXXX/
             -XXXXXXXX---------------  XXXXXX-
                \XXXXXXXXXXXXXXXXXXXXXXXXXX/
                  ""VXXXXXXXXXXXXXXXXXXV""
$ fortune



Another reason to do things as root:
Code: Select all
/ Your life would be very empty if you \
\ had nothing to regret.               /
 --------------------------------------
  \                                  ,+*^^*+___+++_
   \                           ,*^^^^              )
    \                       _+*                     ^**+_
     \                    +^       _ _++*+_+++_,         )
              _+^^*+_    (     ,+*^ ^          \+_        )
             {       )  (    ,(    ,_+--+--,      ^)      ^\
            { (@)    } f   ,(  ,+-^ __*_*_  ^^\_   ^\       )
           {:;-/    (_+*-+^^^^^+*+*<_ _++_)_    )    )      /
          ( /  (    (        ,___    ^*+_+* )   <    <      \
           U _/     )    *--<  ) ^\-----++__)   )    )       )
            (      )  _(^)^^))  )  )\^^^^^))^*+/    /       /
          (      /  (_))_^)) )  )  ))^^^^^))^^^)__/     +^^
         (     ,/    (^))^))  )  ) ))^^^^^^^))^^)       _)
          *+__+*       (_))^)  ) ) ))^^^^^^))^^^^^)____*^
          \             \_)^)_)) ))^^^^^^^^^^))^^^^)
           (_             ^\__^^^^^^^^^^^^))^^^^^^^)
             ^\___            ^\__^^^^^^))^^^^^^^^)\\
                  ^^^^^\uuu/^^\uuu/^^^^\^\^\^\^\^\^\^\
                     ___) >____) >___   ^\_\_\_\_\_\_\)
                    ^^^//\\_^^//\\_^       ^(\_\_\_\)
                      ^^^ ^^ ^^^ ^
 
User avatar
GarryRicketson
 
Posts: 4208
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: What are reasons to run as root and what not to run as r

Postby Segfault » 2016-12-22 23:08

First you think everything that does not work for user needs to be run as root*. This is noob thinking. But this is what noobs do, they run their computers as root. This is a must for noobs, practically inevitable. Then [some of them] gain experience and better understanding and start using their systems as user. Some never wisen up. If you run a home computer behind NAT as root the chances getting "owned" are not very high, mostly because it is kind of unexpected and not common enough for bad guys to target. But such a computer is completely defenseless, of course.

*Often all that is needed is setting proper permissions to avoid the need for elevated rights.
Segfault
 
Posts: 467
Joined: 2005-09-24 12:24

Re: What are reasons to run as root and what not to run as r

Postby GarryRicketson » 2016-12-22 23:22

*Often all that is needed is setting proper permissions to avoid the need for elevated rights.

This is true, sometimes, I change the owner as well, and sometimes after I am done
I change it back, ..................
Everything depends on the situation at the time.
Code: Select all
man chmod

Code: Select all
man chown

You can also have a user that has all the same privlidges as root, the name
does not have to be "root" .
User avatar
GarryRicketson
 
Posts: 4208
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: What are reasons to run as root and what not to run as r

Postby dasein » 2016-12-23 02:00

Simple:

1) Don't run anything as root unless absolutely necessary, and switch back to a regular user as soon as you're done doing whatever required root access in the first place.

2) Don't go randomly changing permissions, even when someone suggests it.

3) Never run a GUI as root. Seriously.
User avatar
dasein
 
Posts: 7775
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: What are reasons to run as root and what not to run as r

Postby MALsPa » 2016-12-23 13:39

dasein wrote:3) Never run a GUI as root. Seriously.

Please elaborate. I don't log into my system as root, but if I need to I'll open up a root window in SpaceFM, for example.
MALsPa
 
Posts: 611
Joined: 2007-12-07 19:20
Location: albuquerque

Re: What are reasons to run as root and what not to run as r

Postby GarryRicketson » 2016-12-23 14:33

Dasein>
2) Don't go randomly changing permissions, even when someone suggests it.


Dasein is 100% right, but now the OP and others may be wondering,
"Then why did they suggest changing permissions ?"

ME> This is true, sometimes, I change the owner as well, and sometimes after I am done I change it back, ..................
Everything depends on the situation at the time.

And
by Segfault »Often all that is needed is setting proper permissions to avoid the need for elevated rights.


The key word here is " randomly ",

Doing anything to the system "randomly" is a very bad practice,....and even when
people suggest things, just taking theier word for it , is not a good practice either.
Think about what the effects of something will be, before doing it. Take the time
do some research, first. And the if you still are not sure the best thing I know of is to
use one of the many Virtual Machine programs, set one up, install a "test" system
and try it there.
by dasein » 1) Don't run anything as root unless absolutely necessary, and switch back to a regular user as soon as you're done doing whatever required root access in the first place.

This is the best "rule of thumb",.......That is pretty much what I do,..... I do everything
as a normal user most of the time.
I do not use sudo, not do I make my self a part of that,...
If and when I need to do something that does require me to be root, I logout and login as root.
dasein wrote: 3) Never run a GUI as root. Seriously.

Seriously, this is very true, the consequences of doing that are a real
pain in the neck. Especially if the GUI is a DE ,....I don't feel like going into
details, but in a nutshell you end up with a mess, and lot's of files that should
be accessable by a normal user , become no longer accesable. Best "just DON"T do it".
It can result in not having a DE anymore, unless of course you login as "root",
which is something you should not do.

by MALsPa »but if I need to I'll open up a root window in SpaceFM, for example.

I don't know what "SpaceFM" is,.... so can not really elaborate on that.

There are some programs that need to be run as root, for example
'aptitude' has a GUI , and it can be started as a normal user, however
if and when you want to actually install or remove packages, you need
to be root or use the "Ubuntu" method, "sudo",.......
MC is a file manager, a GUI of sorts, if need be run as root,...but it is still
best to start it as a normal user, and then if and when it is absolutely necessary
open the file as 'root' or use 'sudo'.
Another GUI, "synaptic package manager", if one plans to install anything,
it must be opened as root, or using sudo, however agian, only when absolutely
necessart,............It really is pretty simple, just use some common sense and logic.
Do everything as a normal user. IFand WHEN it is absolutely necessary , become
root, do what you need to , and exit.
Even if it is just 'apt-get',... you do not have to be root, or use "sudo", until
you are actually ready to perform a real task.

Example :
Code: Select all
$ apt-get -s install fortune

$ apt-get -s install fortune
NOTE: This is only a simulation!
apt-get needs root privileges for real execution.
Keep also in mind that locking is deactivated,
so don't depend on the relevance to the real current situation!
Reading package lists... Done
Building dependency tree -------snip--- was very long----

But ok, after reading everything, I decide yes, I do want to install it, or maybe
no,... this is what gets a lot of people in trouble, they run apt-get as root and
install the package, without ever checking to be sure it will not cause any problems.
I decide to install it:
Code: Select all
# apt-get install fortune


How hard is that to comprehend.

Personally, I feel if someone is not competent enough to perform tasks using the
CLI, then they have no buisness logging in as "root",...
Root can do anything, root does not need any GUI to do anything.
"What we expect you have already Done"

Before doing anything, read the Debian documentation:
Debian Documentation
How to ask the smart way
Debian Foro Español
======================
For the Birds
User avatar
GarryRicketson
 
Posts: 4208
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: What are reasons to run as root and what not to run as r

Postby MALsPa » 2016-12-24 00:36

GarryRicketson wrote: MC is a file manager, a GUI of sorts, if need be run as root,...but it is still
best to start it as a normal user, and then if and when it is absolutely necessary
open the file as 'root' or use 'sudo'.

Yes, I would say that Midnight Commander is a GUI file manager, as is SpaceFM. And this is the type of situation that led me to question dasein's point #3. Using Synaptic to update the system is another example; I do that all the time. But I log in as a normal user and then get root access only if/when I need it. Are we saying that one should never do that (update the system using Synaptic)? Perhaps I misunderstood what dasein was trying to say, not sure. And, no, I am not so incompetent as to not be able to comprehend how to use CLI -- I use that all the time, too.
MALsPa
 
Posts: 611
Joined: 2007-12-07 19:20
Location: albuquerque

Re: What are reasons to run as root and what not to run as r

Postby dasein » 2016-12-24 00:57

MALsPa wrote:
dasein wrote:3) Never run a GUI as root. Seriously.

Please elaborate. I don't log into my system as root, but if I need to I'll open up a root window in SpaceFM, for example.

1) First and foremost, running X as root is a serious security problem. Google has details.

2) Making potentially destructive actions 'easier' increases the likelihood of catastrophic error. That is to say: it requires more missteps to "accidentally" type the wrong command than it does to "accidentally" click the wrong thing. With today's high speed machines, in the split-second it takes you to realize that you just clicked the wrong thing, 40,000 backup files are irretrievably lost. (And yes, this is the first-person Voice of Experience talking here. :oops:)

Edit/afterthought: My exhortation to avoid permissions' hacks is simple. To paraphrase H.L. Mencken, "For every niggling systems problem there is a permissions-hack solution that is clear, simple, and wrong."

I've lost count of how many threads here contain a permissions-hack "solution" to something that isn't even an actual problem. I've given up correcting folks who break DHCP with a permissions hack because they don't understand how DHCP is supposed to work. For almost any given problem, if the "solution" offered involves a permissions hack, then the problem isn't properly understood, much less properly addressed.
User avatar
dasein
 
Posts: 7775
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: What are reasons to run as root and what not to run as r

Postby GarryRicketson » 2016-12-24 01:57

by MALsPa »Are we saying that one should never do that (update the system using Synaptic)? Perhaps I misunderstood what dasein was trying to say, not sure.

No, we are not saying no one shoudl ever use synaptic,..If you start synaptic from
the GUI menu, it asks you for the password, if "sudo" is being used, the user, if they
are in the sudoers file, can use their password,...on my system, I do not use sudo,
so I need to use "roots" password,...
Most, if not all of the GUI interfaces will prompt the user for a adminstrative password,...
IF needed,.... That is the point,... nobody should start the Xwindows, or any GUI as root,
randomly,...
So yes , I think you are misunderstanding, what dasein was trying to say, but I think
he has now explained it, much better then I can.

by MALsPa And, no, I am not so incompetent as to not be able to comprehend how to use CLI -- I use that all the time, too.

Well that is good, and just to clarify,.... I did not mean specificly you,.... but this is what
motivates a lot of these guys and gals, to start the DE or GUI , X windows,
"startx", whatever, as root.
They do not know enough about the CLI to be able to do anything,
and then they discover that if they login as root, they can start the DE, and "go to town",
without having a clue as to what damage they are doing,....and it is a disaster.
The thinking or excuse is , "It is so much easier using a GUI ",.... and it is,.it is
also so much easier to totally wreck the system, just by "clicking", this and that,
copy/paste this to there, etc,,,.....
I have my system set up in a way that does not allow "root" to login to the DE, or a WM,
"root can do anything", .... root does not need the GUI,DE, etc,....
When working as "root" you need to be sure about what you are doing, and only
work as root if absolutely necessary,....how hard is it to understand that ?
If you have to ask why, then that means you should not be using root access
to do anything.
There is no place for "assumeing" things either,....like just because
what you did on a Older Debian version, is going to be safe, and you
can do it on the newer systemd versions, there are things that root can do
that do not harm the older versions, with systemV, and they will crash a systemd
system,... this does not mean systemd is bad, or it is a bug, it is "PBKAC".
the person between the chair and the keyboard, did not know enough about
how systemd really works, and should not have been working as "root".
That is another topic though.
The same applies to systemV as well, if the person, does not know enough
about the system, to be absolutely sure of what they are doing, then they
have no buisness running anything as root,.....of course if they are experimenting
on a VM, or a machine dedicated to "learning" and experimenting,...that is
different. Everything depends on the situation,.... a little common sense
and logic goes a long ways.
User avatar
GarryRicketson
 
Posts: 4208
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: What are reasons to run as root and what not to run as r

Postby Head_on_a_Stick » 2016-12-24 13:22

MALsPa wrote:
dasein wrote:3) Never run a GUI as root. Seriously.

Please elaborate. I don't log into my system as root, but if I need to I'll open up a root window in SpaceFM, for example.

How do you start the GUI program?

The recommended [1] method is:
Code: Select all
pkexec spacefm

For the reasons, see the first answer in this thread:

http://askubuntu.com/questions/802649/w ... hen-sudo-i

The X server itself is fundamentally insecure and probably shouldn't be used at all, let alone as root.

[1] I do not recommend running GUI applications as root, I think that you should just use the shell instead.
No code is faster than no code.

Please read before posting How to report a problem
User avatar
Head_on_a_Stick
 
Posts: 6536
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: What are reasons to run as root and what not to run as r

Postby MALsPa » 2016-12-24 14:38

Lol. Maybe let's back up here for a sec. I wonder if the OP feels that a satisfactory answer has been provided here to the question that was asked in the title of this thread.
MALsPa
 
Posts: 611
Joined: 2007-12-07 19:20
Location: albuquerque

Re: What are reasons to run as root and what not to run as r

Postby acewiza » 2016-12-24 15:10

We are overlooking the fundamental reasoning behind these oft-posed root-related quandaries. 'Nix is/was born of and developed over the years through a common-use, or shared commercially-oriented environment, where security is paramount. Of course there are many, but from a 40,000-foot level, the "other" OS coincidentally competing in this space did not have the basic security focus baked-in right from the start. This is what causes newbie nix users just tying to get work done to wonder - why root? Linux'es increasing popularity comes with an increase in the "why root" phenomenon.

The real, underlying question is "why security?"
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
User avatar
acewiza
 
Posts: 241
Joined: 2013-05-28 12:38
Location: Out West

Next

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable