Linux Desktop: run as root?

[Red Squirrel]

I know it's not recommended to run as root all the time, but what do most people do for a desktop? Having to type in a password or do a sudo every time you want to do something could be quite annoying. Is there a way around this that is recommended? Or do most people just say "screw it" and run as root anyway? If you get hit with spyware through a browser or something it's going to infect the whole machine anyway, at least in Windows it's that way, regardless of if you're running as admin or not.

Of course if you do some mistake like rm -rf / as root vs a restricted user, root will have bigger consequences, but either way, you're probably doing a major cleanup/fixing/reinstall as I'm sure even with a regular user it would do a decent amount of damage.

 

[pwrusr]

In windows I find most users run as admin. I've found it can be a bit more of a hassle to run as a standard user in windows. since you really have to almost log out as yourself then in as the admin to do some tasks. I've found simple things like java really want you to be logged in as the admin user in windows for it to install right.

In Linux I will run as a standard user with sudo rights (debian based distro). That way if I need to I can just sudo as root via the command line. I also have a account in linux that I have no sudo rights with strictly for use for work. Stripped down rights in the account to the bare minimal needed. If I have to do any admin/root tasks I simply "su - [username with sudo access]" then "sudo su -" for a full time root terminal.

Running as root full time is just plain silly and dangerous.

to quote somone from a forum I was poking around this very subject:

root is at a much higher level than even Administrator is in Windows. Remember that most exploits execute as the running user, so if you run as root you are opening up your system to the maximum possible damage.

 

[MrGuvernment]

i assume it is like windows, sure if you just installed the OS and need to get it going it could get annoying, but once a system is set up, you shouldnt need root very often

 

[Arainach]

i assume it is like windows, sure if you just installed the OS and need to get it going it could get annoying, but once a system is set up, you shouldnt need root very often

This.

 

[serpretetsky]

I don't run as admin or root in any of my current windows xp, vista, 7, or linux boxes. And i don't recommend it.

If you get hit with spyware through a browser or something it's going to infect the whole machine anyway, at least in Windows it's that way, regardless of if you're running as admin or not.

I dont run AntiVirus, and yes, i have gotten hit with a peace of malware once in the last 1.5 years on my win7 computer. The solution was rather simple, erase that account and create a new one. Malware gone.

 

[MrGuvernment]

why not just run protection and not worry about it instead of running nothing...

consider [H] has been compromised, you cant claim smart browsing alone anymore works.

 

[serpretetsky]

why not just run protection and not worry about it instead of running nothing...

consider [H] has been compromised, you cant claim smart browsing alone anymore works.

are you asking me? I'm not recommending running without Antivirus, sorry if i claimed that. I'm simply pointing out that it's generally agreed that certain types of malware may not be able to work properly without admin priveledges, and nothing gets my attention more than a window in the middle of my screen that is suddenly asking for a password and letting me know what program is asking for root access. The one infection I did get was actually only local to that standard account, and simply erasing the account got rid of my problems.

I can claim smart browsing works all I want, because i haven't had any issues in quite a while now and i can tell you I never worry about it, but that is definitely not something i would recommend to anybody else.

 

[xnoodle]

It's been a while, but can't you just set your UID to 0 in the passwd file?

 

[xxEIEIOxx]

i assume it is like windows, sure if you just installed the OS and need to get it going it could get annoying, but once a system is set up, you shouldnt need root very often

This.

Agreed. Typing a sudo password is well worth the protection it provides.

 

[Red Squirrel]

Erasing the account... may as well be reformatting. You loose all your settings and have to reconfigure all your apps and stuff. To me that's the most painful part of reformatting. But guess I will look at using a regular user then and at least try it that way, if I do decide to switch to Linux. This is all theorical as I don't think there even is any Linux spyware/viruses but if any are out there or come out, I want to be ready. The nice thing about Linux is profiles are much simpler, it's just files, not registry, so I just need to keep a decent backup rotation and if I do get hit with something that only affects the account I can easily just roll back and not lose all my settings.

 

[pwrusr]

Just copy your "/home" folder and all it's contents from the drive before a reformat. That should save all your documents/files that you need.

A good read on the basic linux file system structure:
http://www.tuxfiles.org/linuxhelp/linuxdir.html

 

[Jesse B]

Or store your /home directory on a different partition altogether, so if you do bugger up the OS itself, you can just re-install that and import your previous /home directory.

 

[ameoba]

If you're using some GUI config tools, they generally only want you to authenticate once. If you're doing extensive CLI work, you can always just use the "-i" flag on sudo to get a root shell. No reason to ever actually log into a desktop environment as root (unless, for example, it's the only account).

 

[The_Mage18]

There is only one time you should need to login as root, right after a fresh install and only to run visudo to setup your account. After that, root should be considered locked and protected.

Logging in and running as root is asking for trouble. First, you're much more likely to cause sever system damage with a mis-type. Second, a rogue script that's run as a regular user only damages that user. It's a lot less likely to infect the entire system. Third, if you're serious about learning Linux or using it for more than a toy, you need to start familiarizing yourself with user permissions ASAP

 

[gjs278]

the answer for me is obvious, I even wrote this article: http://www.garyshood.com/root/

 

[mope54]

Of course if you do some mistake like rm -rf / as root vs a restricted user, root will have bigger consequences, but either way, you're probably doing a major cleanup/fixing/reinstall as I'm sure even with a regular user it would do a decent amount of damage.

It's not very informative to think of your linux system compared to windows. for example, if you rm -rf / as root you're not going to do "bigger consequences" you'll completely wipe out your hard drive. With linux, however, you can actually be running in an environment without any OS on the hard drive at all and get yourself back up and running from a backup...so even then you're not completely screwed (and no, you don't need to "reinstall").

On the other hand, if you do rm -rf / as a restricted user it's not a difference of magnitude of damage. You will do *zero* damage to your OS other than possibly clearing out your /home/localuser, which you should have a backup of and can simply "unzip" (from a tarball) from your backup location.

 

[CEpeep]

What are you doing all the time that requires root access? If you need root access to do your everyday work, your system is probably configured wrong.

 

[Red Squirrel]

I don't have a specific Linux system that I'm working on so it can't be configured wrong... there is none. I'm just talking if I was to set one up as my main desktop. From any playing around I've done, most things require root access or to type in a password. Even simple things like changing screen resolution, or accessing data outside of /home/[user]. Heck even to mount a disk I need root.

Typing a password over and over gets old fast.

 

[CEpeep]

I don't have a specific Linux system that I'm working on so it can't be configured wrong... there is none. I'm just talking if I was to set one up as my main desktop. From any playing around I've done, most things require root access or to type in a password. Even simple things like changing screen resolution, or accessing data outside of /home/[user]. Heck even to mount a disk I need root.

Typing a password over and over gets old fast.

So if there are common things (like mounting disks) that you need to do on a regular basis, add yourself to the relevant groups that govern these these tasks.

 

[mope54]

accessing data outside of your home directory requires correct permissions, not necessarily root access. you shouldn't need root to access any data, actually. changing resolution (how often are you doing this?) or mounting a disk (now nearly always automounted without any user input anyway) hardly constitute "most things". even if it did, you type the password once not repeatedly. it's no different than windows or osx default settings except you actually *do* have to type the password repeatedly on those operating systems when you want to make administrative changes.

 

[Red Squirrel]

So if there are common things (like mounting disks) that you need to do on a regular basis, add yourself to the relevant groups that govern these these tasks.

Hmm yeah true, so there's different groups to allow mounting and such? Off the top of my head that's the biggest one I can think of, such as adding a USB stick or camera etc or getting files off the network. Installing programs is another big one, but guess I could deal with having to log as root to do that part.

Windows is a huge headache with a restricted user so I've always run as admin, but if I do switch to Linux I want to try to change that.

 

[ameoba]

Hmm yeah true, so there's different groups to allow mounting and such? Off the top of my head that's the biggest one I can think of, such as adding a USB stick or camera etc or getting files off the network. Installing programs is another big one, but guess I could deal with having to log as root to do that part

Most modern distros are set up with automounters that mount USB drives without user intervention.

 

[reb00tin]

I login as admin user but I still get the annoying prompts for root password. I would login as root but 2 problems in Ubuntu:

- Login app does not list root in the list of users so you have to type "root" every time.

- On most Ubuntu systems I've installed, the sound system is disabled in the root account. I think that's by design to discourage use of the root account.

 

[hoeding]

There are several applications that won't run as root by default.

 

[cold&damp]

i get really pissed off with having to enter in my password (its usually about ten times a day) in ubuntu
installing new applications, partitioning drives, using unetbootin or dd to write .iso's to usb (which i do more than 5 times a day), installing drivers, the list goes on and on and on.

it gets really old, really fast.

 

[mope54]

if you find yourself doing something consistently like writing iso's then add yourself to a group with the appropriate permissions