• ARTICLES
SEARCH

How-To Geek

HTG Explains: Why You Shouldn’t Log Into Your Linux System As Root

image

On Linux, the Root user is equivalent to the Administrator user on Windows. However, while Windows has long had a culture of average users logging in as Administrator, you shouldn’t log in as root on Linux.

Microsoft tried to improve Windows security practices with UAC – you shouldn’t log in as root on Linux for the same reason you shouldn’t disable UAC on Windows.

Why Ubuntu Uses Sudo

Discouraging users from running as root is one of the reason why Ubuntu uses sudo instead of su. By default, the root password is locked on Ubuntu, so average users can’t log in as root without going out of their way to re-enable the root account.

On other Linux distributions, it’s historically been possible to log in as root from the graphical login screen and get a root desktop, although many applications may complain (and even refuse to run as root, as VLC does). Users coming from Windows sometimes decided to log in as root, just as they used the Administrator account on Windows XP.

image

With sudo, you run a specific command (prefixed by sudo) that gains root privileges. With su, you’d use the su command to gain a root shell, where you’d run the command you want to use before (hopefully) exiting the root shell. Sudo helps enforce best practices, running only commands that need to be run as root (such as software installation commands) without leaving you at a root shell where you may stay logged in or run other applications as root.

image

Limiting The Damage

When you log in as your own user account, programs you run are restricted from writing to the rest of the system – they can only write to your home folder. You can’t modify system files without gaining root permissions. This helps keep your computer secure. For example, if the Firefox browser had a security hole and you were running it as root, a malicious web page would be able to write to all files on your system, read files in other user account’s home folders, and replace system commands with compromised ones. In contrast, if you’re logged in as a limited user account, the malicious web page wouldn’t be able to do any of those things – it would only be able to inflict damage in your home folder. While this could still cause problems, it’s much better than having your entire system compromised.

This also helps protect you against malicious or just plain buggy applications. For example, if you run an application that decides to delete all files it has access to (perhaps it contains a nasty bug), the application will wipe our your home folder. This is bad, but if you have backups (which you should!), it’s fairly easy to restore the files in your home folder. However, if the application had root access, it could delete every single file on your hard drive, necessitating a full reinstall.

image

Fine-Grained Permissions

While older Linux distributions ran entire system administration programs as root, modern Linux desktops use PolicyKit for even more fine-grained control of the permissions an application receives.

For example, a software-management application could be granted only permission to install software on your system through PolicyKit. The program’s interface would run with the limited user account’s permissions, only the part of the program that installed software would receive elevated permissions – and that part of the program would only be able to install software.

image

The program wouldn’t have full root access to your entire system, which could protect you if a security hole is found in the application. PolicyKit also allows limited user accounts to make some system administration changes without obtaining full root access, making it easier to run as a limited user account with less hassle.


Linux will let you log into a graphical desktop as root — just as it will allow you to delete every single file on your hard drive while your system is running or write random noise directly to your hard drive, obliterating your file system – but it isn’t a good idea. Even if you know what you’re doing, the system isn’t designed to be run as root – you’re bypassing much of the security architecture that makes Linux so secure.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 09/21/12

Comments (23)

  1. ishan

    thanks.. this cleared up lot of things..

  2. MJ

    Very well explained, and good to see Ubuntu and Linux articles.

  3. Robynsveil

    Equating the reasons to not run as root in Linux to not running as administrator in Windows leaves a lot unexplained, such as the inherent lack of security in Windows, full-stop. Yes, the two actions can have the same cataclysmal consequence, but it doesn’t do any credit to how Linux is set up, vs Windows.

    Too much is left unexplained or even touched on: one comes away with the notion that the two OSes are almost indistinguishable save the name and mechanism to attain privileges, when in fact nothing is further from the truth. It might have been an opportunity for enlightenment as to why a Unix-based system is so significantly superior … missed that, sadly. Which turns this into one of those non-informative information articles.

    I know, I know: this is the era of TMI. And you probably wish to avoid the trolls, who will surface to protect and defend their tattered shreds of an OS:
    http://forums.cnet.com/7723-6132_102-528812/i-did-a-clean-install-of-windows-7-and-virus-still-exists/

    I hear these bleats and groans at work all the time at work. They need a decent article on why Linux can provide them with a solution and how to avoid having dramas like they did in Windows.

    THAT would make more sense than this.

  4. Rick S

    Good article. I had forgotten what I learned long time ago and that made me remember.
    Now if I could only remember. lol.

  5. Robynsveil

    Commenting on here is a waste of time – it gets deleted. My carefully considered comment just did.

  6. vedmar

    Thnx for nice article!
    Roby, maybe you commented as root :)

  7. rdc

    Next lesson, what is SELinux

  8. Enthusiast

    @Robynsveil,

    This article is not a comparison between Linux and Windows. The comparison to running as administrator in Windows was simply to show users of both OS’s how open to attack they are when that is done. As such it accomplishes it’s objective, making Linux (and Windows) users aware of the dangers of operating as the administrator of their machines.

    I think this article hits the mark right on. It is informative and clearly explained.

  9. Lia

    Thank you for this article! I use Ubuntu on my computer, but am only slightly past newbie stage in geekiness. So when I ask my husband for help (he is a Windows user who at one time did the IT work at a former job, using Unix, learning as he went, not trained in computer tech.) he curses Ubuntu for requiring sudo, saying “Why don’t you use a REAL Linux?!”. Until now I’ve only been able to say, “Sorry. I like Ubuntu.” I don’t mind having to use Sudo. Now I have a better defense against his complaints! LOL!

  10. Szűcs János

    There are a few misconceptions in this article. Each user should have a solid and regular backup from the COMPLETE SYSTEM, so he or she can restore not only the home directory but the complete system without a reinstall (as You wrote) in case of a damage. Anyway, if I am not a root user, and a hardware fault destroys my whole Linux system I have to restore it from a backup. So be root if You want, or don’t be root if You afraid, but make regular backups in both case, it is the most important advice, I think a user could get. Backups are much more important than the “root or not root” question. I am always root, when I am using Linux at home, and I have never lost any data. When I use Ubuntu I pull my hair out on its stupidity, I login as a regular user with a password, then any time I want to do some serious work (a package install maybe), that stupid asks for the SAME password (several times!!!!) that I entered at my login, then executes some commands as a root user. So why I should enter the SAME password each and every occasion when I already gave the password on login? Please, someone tell me why is it logical and not a whole big stupidity. Why does not Ubuntu use my password for every root operation without asking me??? It would be much more logical and it would be safe also!
    And let’s not forget: if someone give ‘single’ to the grub loader, simply becomes root user without knowing any password (OK, grub can be configured to not allow this, but be honest, how many users know about that?).
    So, it may be a benefit not to be a root, but please let me choose! See the CentOS for a perfect solution: at install You can create a regular user, but if You don’t need one, You remain root. And if You know what You do (and You should know, I think) You won’t do any damage.

  11. Bill Mattocks

    Yeah, one small problem. MY computer, MY rules. If I break it, that’s on me. There are a lot of good reasons why I should not login as root, but ultimately, I make the decisions about MY property. I’ll paint it blue and call it Slappy if I feel like it.

  12. mj

    Thanks for the article.Sometimes it becomes difficult to enter password again and again. Thanks for encouraging it.

  13. Erwin

    I have two different passwords on Ubuntu, one for logging in the system and a second administrator password. The administrator’s password is only valid for a certain amount of time, that’s why you have to re-enter the password.

  14. r

    @ Bill Mattocks

    that’s not a “small problem”, that’s your choice. The article suggests rational reasons “why you shouldn’t log in as root” not, “why you mustn’t log in as root” or “why I ultimately make decisions for the things I own”.

  15. NSDCars5

    su
    *input password here*
    cd /
    rm *
    exit

    My favorite way to use Terminal. :D

  16. spike

    @Robynsveil: Actually it was awaiting moderation – it contains hyperlinks. Didn’t get deleted, I see it. It does pop up a notification telling you so.

  17. Superevil

    @NSDCars5

    So are you trying to be a dick by having someone delete a random file off of their root directory?

  18. Henry

    backtrack linux
    root login

  19. Leslie Satenstein

    In general, you are right to always use SUDO. But there are times where a GUI interface with root priviledges is preferred.

    Here is such a situation.

    I have a system with many users. User A has a directory with about a hundred files. In this directory are files from three applications.

    User A needs to transfer about 50 files to user B and hand over one application.

    Without a GUI interface containing root privileges, we have to do the following:
    1) Log on to User A account create a temp directory, tag the files to be moved to that directory. Do the move via mv command. Since you cannot write directly to User B account, you had to create a temp directory and first move the files there.
    Next you need to have the path to that temp directory with rw–rw privileges by anyone.
    Once you have collected the files, you switch to user B and copy the entire temp directory contents to your /home or where it is going.

    So, for these files we have two extra mv operations per file, as one cannot go from A to B directly.
    You still have to do a chown newname:newgroup * to all these files in the temp directory.

    Consider the alternative.
    With root having GUI access, you tag/mark the files to be moved, you switch to the target directory of the B user and you do a paste. Almost done. You switch to terminal mode to that target directory and as root, do a chown newname:newgroup to the files you have moved across.

    If you were to do the same thing via command line, there is a danger of a error due to sending the wrong file due to finger slip. You now have to do the files one by one,
    One simple mistake, and you have to go into recovery mode.

    So which is less dangerous for root, access by command line or access by GUI?

    When I have my root GUI setup, the first thing I do is remove firefox from appearing. Root must never go onto the web. remember as root, you can do a su userA and be in that privileged mode.
    If you respect that rule– no web browser while in the root GUI logon, GUI is acceptable.

    One should setup sudo to only allow a few commands, such as, for example the mount.

  20. Anonymous

    @ NSDCars5

    You’re a funny guy/gal!


    su
    *input password here*
    cd /
    rm *
    exit

    That’s a great way to hose your system.

  21. cam2644

    Well written piece explaining important info.Thanks

  22. Peter Ridgers

    Leslie Satenstein,

    You could always use mc as root with no gui – as good or better than most 2-panel gui file shifters.

  23. Susan Harley

    What a waste of time.
    Why don’t you write something useful like “Using the maps in iPhone 5″?

Enter Your Email Here to Get Access for Free:

Go check your email!