do you log in as amninistrator ?

i am linux (arch linux) user so the question is aimed mostly at linux users. but i'd like to see what windows and other os users think too

we all need sometimes to log in to the computer as administrator (called root in linux) to do maintenance and other tasks

in modern os we have some options. we can log in to the entire desktop or console as administrator and work freely. or we can run the single apps we need with 'run as administrator' from our user desktop. maybe we work all the time as administrators (even to surf the net) and then there is no question at all

in the world of linux many users dont recommend logging it to the desktop as administrator. i dont understand why. i think based on the following assumptions
  • i am less likely to smash something when i see it. so i prefer to do stuff in the desktop and not in the console
  • if i smash the os i can just format and install it again quickly. if i smash any of my files in home (home is like my documents in windows) i can never recover it again. and i have permission to smash my files when i am normal user too
  • i trust my applications to not format my drive on their own decision

i log in as administrator to the desktop when i need to manage and as user in other times

what way of getting administrator access you use ? why ?

sort by: active | newest | oldest
1-10 of 18Next »

I agree you should not log in as root. Not so much about messing up the system although you should be considerate of that when you log in as root, The real reason is you allow the system to be vulnerable to attack use sudo sparingly when you have to. Automate tasks as much as possible to limit root access.. Even I avoid root.

gmoon9 years ago
No, I don't log in routinely as the root user. Yes--it's possible to mess up your Linux install as root (I have done so in the past; some older audio software (JACK, etc.)worked better when run as root.)

Almost all administrative tasks can be done by using sudo ("super user do") as a normal user. Certain distros like Ubuntu are setup to encapsulate admin tasks with sudo within the GUI automatically--they ask for your root password when executing admin programs.
11010010110 (author)  gmoon9 years ago
i try to understand whats the point in not running the desktop itself as root even when you need some root access if you are admining the computer its sure easier than to run stuff with sudo or su all the time
There are lots of reasons why. Sure, most of these are for multi-user systems, but I always create several accounts for myself (development, recording, web browsing, etc.) to organize my stuff even at home...

-- Linux is based on Unix, which is designed from the ground up as a multiuser environment. Everything necessary for normal operations is supposed to run from a user account (not the case for Windoz.) So what if you have to type a password every time you run Synaptic and install a program? Isn't that worth the extra security?

-- Users can download and compile (or write and compile) their own programs, but those executables are limited in permissions to the user. You can't write something that takes down the whole system (there are other people using it, right?)

-- Permissions operate in a hierarchy. In many instances, programs run with root permissions inherit those permissions. It's a terrible security risk to run any networked program as root.

So any malicious code from a browser could make changes to the system at will, if the browser is running with root permissions.

That's why servers like Apache run not as root but as their own (weak) user--used to be "nobody", now I think it's commonly "apache."

Imagine a "buffer overrun" attack on a networked tool. When it crashes, the attacker is dumped to the shell, inheriting the permissions of the user that executed the program. If that's root, then the attacker becomes root. This is precisely why Windoz is so insecure. Generally, everyone runs windows as an administrator (if the baseline for secure operations is so poor...well, that becomes the norm.)

Anyone remember [ The Cuckoo's Egg?] There used to be a bug in EMACS that would let a normal user drop into a root shell. But that's only possible if EMACS is running with root permissions in the first place (something it not longer does.)

-- If you really are an sysadmin, then occasionally it's easier to run a desktop manager as root. That was still pretty standard until distros like Ubuntu came along. Even so, it can lead to bad things.

If you're administering another account, configuration files (.rc) can easily be imprinted with root ownership, which makes them unusable by the original owner. Sometimes X Windows won't even work anymore (I've personally seen this happen.) Same with data files.

That's why sudo is safer even for a experienced admin. It's far more secure to be reminded every time you're running a prog as root (which the password request will do.) Otherwise you might be leaving a trail of root access-only files that render the system unusable to others.

-- The most compelling argument: not running as root is a primary reason why virus authors don't bother with Linux. Few enough users running as root to make the effort worthwhile.
11010010110 (author)  gmoon9 years ago
of course i am speaking about my 1-user pc i know the thing with files that belong to root and not accessible to users. but if a file belongs to user then i can deal with it as user and dont need root / su / sudo at all i think the reminder thing is bad. it annoys. it distracts. it takes that extra attention that you'd otherwise give to what you are actually doing with your root access i really dont like the ubuntu way to use sudo as the only way to root access. when i need to do something on ubuntu box (here i am 'the linux guy' that newbies ask for help) the 1st thing i do is sudo bash the virus thing if a virus can get into the computer it can just install itself with user permissions (like in /home/ash/.xinitrc) and run from there at startup. deleting the contents of a user's home seem excellent action for a virus and dont require root i think that what really prevents linux viruses is that its not easy to get something to run on the computer from outside. being root does not look to me like something that makes running the virus easier. it only matters when the virus is allready running in which case you are anyway in trouble
Run your system anyway you see fit. If you chose to ignore the warnings common to every Linux desktop distribution, that's on you. Knock yourself out.

I never said I preferred the Ubuntu way, but it probably makes the most sense for "Linux on the desktop" type people (real men use Slackware. ;-)

deleting the contents of a user's home seem excellent action for a virus and dont require root

What you describe isn't a virus at all, but a trojan horse. And this one cannot infect the system files, or other users. The most damage your TH can do (other than deleting the user's files) is to send itself out via email.

That's not actually a threat to the system. You cannot prevent people from doing foolish things to themselves... in the vein of this thread... any more than you can prevent people from typing:
mv * /dev/null 

And most Linux users I've been acquainted with know better than to execute any old program someone sends them... What you'll find in the official package repositories will be safe, 99.99999% of the time....

"I never said I preferred the Ubuntu way, but it probably makes the most
sense for "Linux on the desktop" type people (real men use Slackware. ;-)"

Hey, what about Arch? :p

11010010110 (author)  gmoon9 years ago
if a user does something without thinking then nothing can protect this user. and most windows viuses exist and spread cause of users like that and not cause windows is not secure enough most users care about their /home more than the system. system can be reinstalled easily. in a single user box which /home got wiped or uploaded to the internet i would care about that and not about the system. in multi user box (and i think only in it) it makes sense cause one user with root acess can damage to others too i dont really care about what it is. i call every nasty program built to spread and wreck damage a virus
So you're saying system security isn't important? If the data is crucial, most users I know back it up.

And most would really rather not reinstall the OS on a regular basis....that's why they left Windows.

if a user does something without thinking then nothing can protect this user. and most windows viuses exist and spread cause of users like that and not cause windows is not secure enough

Well, that's just plain incorrect. Users can have a hand in infecting a system, but windows viruses can spread through videos, jpegs, webscripting, Word files, etc....a cornucopia of malware. None of which require an user to actually run an executable. That type of infection cannot happen if the user doesn't have root status. I suggest you do a little research on your own...

Anyway, good luck with that. Having explained it to the best of my abilities, I'm in no mood to argue the point. Do whatever you please, I'm out.
11010010110 (author)  gmoon9 years ago
its a home computer with home stuff on it. i'd not want home to be wiped out but not to the extent that justifies backups i work as computer tech guy on occasions. for stuff like installations and fixing of home computers of which allmost all are windows by interesting coincidence the users are clearly split into 2 groups - those whose computer is heavily infected. i see - the computer is full of viruses / adware / spyware / etc. inside internet explorer there are atleast 4 lines of all that search toolbars. the users admit that they click yes and run to every window that opens when they surf the internet - those whose computer is clean. they know what they install and have basic common sense in using a computer. some dont have antivirus and rely only on windows firewall and still they dont have viruses my conclusion is that a windows box without extra protection but with smarter user does not catch any malware. windows can be infected without the user running an exe but its very rare. the only real problem is a user without head i used windows up to 2005 myself (windows 95 and 98). i did not have any antivirus or firewall and never had malware. i am in linux due to many other reasons but not cause of viruses
1-10 of 18Next »