Why is it bad to log in as root?
Solution 1
It defeats the security model that's been in place for years. Applications are meant to be run with non-administrative security (or as mere mortals) so you have to elevate their privileges to modify the underlying system. For example, you wouldn't want that recent crash of Rhythmbox to wipe out your entire /usr
directory due to a bug. Or that vulnerability that was just posted in ProFTPD to allow an attacker to gain a ROOT shell.
It's just good practice on any operating system to run your applications on a user level and leave administrative tasks to the root user, and only on a per-need basis.
Solution 2
Just one word: security.
- You're logged as root = all applications are running with root privilegies -- every vulnerability in Firefox, Flash, OpenOffice etc. now can destroy your system, because possible viruses now have access everywhere. Yes, there are only few viruses for Ubuntu/Linux, but it's also because of good security and default unprivileged user.
- It's not only about viruses -- small bug in an application could erase some system files or...
- When your're logged as root, you can do everything -- the system won't ask! Do you want to format this disk? Ok, just one click and it's done, because you're root and you know what you're doing...
Solution 3
Running as root is bad because:
- Stupidity: Nothing prevents you from doing something stupid. If you try to change the system in anyway that could be harmful you need to do sudo which pretty much guarantees a pause while you are entering the password for you to realize that you are about to make a possible big/costly change.
- Security: It has been mentioned already quite a few times in this question but basically it's the same thing, harder to hack if you dont know the admin user's login account. root means you already have one half of the working set of admin credentials.
- You don't really need it: If you need to run several commands as root and you are annoyed by having to enter your password several times when sudo has expired all you need to do is
sudo -i
and you are now root. Want to run some commands using pipes? Then usesudo sh -c "comand1 | command2"
. - You can always use it in the recovery console: The recovery console allows you to try and recover from doing something stupid or fixing a problem caused by an app (which you still had to run as sudo :)) Ubuntu doesn't have a password for the root account in this case but you can search online for changing that, this will make it harder for anyone that has physical access to your box to be able to do harm.
The reason why you couldn't find information about why it's bad is because, well, there is way too much data in the internet :) and that a lot of people that have been using Linux for a long time think like you do. This way of thinking about the root account is fairly new (a decade maybe?) and a lot of people still get annoyed by having to use sudo. Especially if they are working on a server which means they went in with the intention to make system changes. Probably brought on from previous bad experiences and security standards most sysadmins know better but they still don't like it :).
Solution 4
This is a good question. I think the answer is slightly different depending on whether you're talking about a server or a desktop installation.
On a desktop, it is uncommon to use the root
account. In fact, Ubuntu ships with root access disabled. All changes requiring superuser privileges are done through sudo
and its graphical cognates gksudo
and kdesudo
. Given that it's easy to set a root
password, however, why don't people do it?
One reason is that it gives you an additional layer of security. If you run a program as root
and a security flaw is exploited, the attacker has access to all data and can directly control the hardware. For example, it might install a trojan or key-logger into your kernel. In practice, though, an attack can do a large amount of damage even without superuser privileges. After all, all user data - including documents and stored passwords - is accessible without root access.
A more valid point, on a single-user system, is that the user is prevented from accidentally rendering the system unusable. If the user unintentionally issues a command that deletes all files, they will still be able to boot the system, even if the data is lost.
Additionally, most user-facing (X11) applications today are built on the assumption that they're run as a regular user account and without administrator rights. Thus some programs might misbehave when run as root
.
On a multi-user system with non-graphical shell access only, many of these reasons do not apply. However, Ubuntu still reasonably defaults to an inaccessible root
account. For one thing, there is a real difference between gaining access to a user account (with sudo
rights) through a security hole and gaining access to root
, as in the first case disrupting other users will require running sudo
and will still prompt for the account password as an additional security step. For another, it is useful to perform many administrative tasks from a user account and only invoking sudo
when the superuser privileges are absolutely required. Thus when installing a program from source, it is advisable to build the source - running configure
and make
- inside the user's directory and only using sudo make install
in the final step. Again this makes it more difficult to shoot oneself (and other users of the multi-user system) in the foot, and it decreases the likelihood of build scripts wreaking havoc with the system. Thus even on a server it is good advice to stick to Ubuntu's sudo-based administration.
Solution 5
One reason not to run as root that has not (so far) been identified by other answers is traceability. It probably matters less on machines that are primarily single-user machines (your desktop or laptop), but on server machines, if someone is logged in as root
, you don't know who to blame for the actions taken. Therefore, most professional organizations with multiple systems and multiple administrators that need root
privileges require people to login using their own user ID (and password), and then use sudo
or similar programs to operate with root
privileges when necessary.
Otherwise, the primary reasons for not running as root are:
Minimize risk of damage from accidents. If you run
rm -fr / home/me/my-subdir
as root, then you've just dramatically eliminated everything of importance from your machine because of that space after the (first) slash - because the stuff that goes first is the stuff that was added first - little things like the kernel, the/bin
and the/etc
directory. Unix gets upset if you lose those.Minimize risk of damage from malicious outside sites. If you browse as
root
, you're more nearly vulnerable to drive-by downloads of malicious material.
I use MacOS X more than I do Ubuntu, but there, root is disabled by default, and it still is on my machine. I routinely upgrade the kernel and other similar operations - using sudo
(behind the scenes). Similar techniques apply to Linux generally.
Basically, you should only use the all-powerful privileges of root
for abbreviated periods of work to avoid the risk of mistakes.
Related videos on Youtube
Mussnoon
Updated on September 17, 2022Comments
-
Mussnoon about 1 year
I've often come across posts on forums or other websites where you see people joking in such a manner about running/logging in as root as if it's something awful and everyone ought to know about it. However, there isn't much that a search reveals on the matter.
It may be widely known to Linux experts, but I really don't know why. I remember always running as root when I first tried Linux years ago (Redhat and Mandrake) and don't remember running into any problems because of that.
There are actually some distros that have a bright red background with alert signs all over it as wallpaper for the root user (SuSe?). I still use the "Administrator" account for regular use on my Windows installation and haven't ever run into any problems there either.
-
Gaurav Butola almost 13 yearsI think there is no problem in running a program as root. Its just that, you might harm the core of your OS (even sudoers can do that) if you aren't much wise in linux. other than that I don't thing there is any problem. But that's just my point of view.
-
loevborg almost 13 yearsRelated question here.
-
djangofan over 12 yearsThe difficulty of getting into root mode varies between distros. I personally am annoyed by how Fedora doesn't allow you to 'sudo' right out of the box. OpenSUSE and Ubunto do have pre-configured sudo though... and so if you choose the right distro, you can minimize your annoyances at not being able to get access to files.
-
strugee over 10 years@GauravButola even if you're an expert, it's still a bad idea in case an application gets compromised.
-
Rmano almost 10 yearsWell --- AFAIK even running as administrator in Windows is similar to the Ubuntu way --- you are still asked for the authorization to do harmful things (maybe without a password).
-
Rmano almost 10 years@DaboRoss the OP comments that he works in windows as administrator; for my (little) experience in that OS, it seems to me that it is more like Ubuntu: it is a privileged account in the sense it can do whatever you want, but it asks for permission before for example installing new software. So probably the equivalent of using user "administrator" in windows translated to Ubuntu would be to run the main user with sudo configured so that it doesn't ask the pass --- running directly as root is much more dangerous.
-
daboross almost 10 years@Rmano, Ye, I guess that's what I was trying to say. That's basically the difference between running as an 'admin' account and running as root. What I was meaning to say to the OP is that there is a huge difference between root and an admin account.
-
thomasrutter over 9 yearspossible duplicate of Why don't I have a password for "su"? Problems with "sudo"
-
Joshua almost 8 yearsI used to run as root all the time. I woudn't consider it these days. The world isn't what it used to be and some internet-connected programs present too large of an attack surface. If I were back in my no-internet state I might revert but probably not.
-
SDsolar about 6 yearsLet's face it. This is like asking what are the risks of typing
sudo rm -rf /
into terminal. -
Pryftan over 5 years@Joshua Scary even decades ago...
-
phil294 over 5 years
-
-
Mussnoon almost 13 yearsUm. No offense but you might want to read the title of the question and then read the details again.
-
flo almost 13 yearsThis is extremely helpful - and it does relate to the question. It's concerned with the security implications of enabling the account, a prerequisite of running as root.
-
Mussnoon almost 13 years@Stefano Palazzo: While the information provided may be useful, I sincerely can't see in what part lies an answer to what I needed to know. I've read it multiple times.
-
kit.yang almost 13 yearsa more clever analogy.(^_^)
-
jippie over 11 yearsIt is not about blaming someone, it is about being able to figure out why someone made a change.
-
jippie over 11 yearsWe always complain about our PC's being too slow, but it is as if they are optimized for running an rm like that as fast as possible.
-
chavocarlos over 11 years@jippie: I mean 'blame' in the same way that a VCS tracks who did what so that the correct person is attributed with the responsibility for the change, for good or bad, and one of the names for the command that does that tracking is 'blame'. It gives you a person to speak to to find out why something happened. It is not always 'fault' (though depressingly often, the reason for needing to know is because something isn't quite working as expected and there's a need to know why not). So, it is about accountability and trackability rather than necessarily faulting the person for what they did.
-
kbeta over 10 yearsThis is an entirely inappropriate analogy. A child with an AK47 can kill themselves and other people. A unix-user with root access can at most render their system temporarily inoperable. (One can always re-install the os and recover operation).
-
kbeta over 10 yearsData files, which are all owned by my user account, are much more valuable to me than system files. All of your above examples are still issues when logged in as a user, except that the easily-replacable system files are safeguarded.
-
omeid over 10 years@kbeta You're right, my analogy is a bit out of proportion and exaggerated. please move on.
-
Kaz Wolfe almost 10 years@jippie Because RM just destroys the inode link to the file. Doesn't take long to delete a link and mark a space as "free".
-
Rmano almost 10 years...and it protects you from transforming trivial errors in disasters. I am an Unix user/adm since 1990, but still I can surely slip a space in the exact wrong place doing a
rm -rf tmp/tests/*
... -
Eliah Kagan over 8 yearsOn Ubuntu, commands like
rm -fr / home/me/my-subdir
do not actually attempt to recursively delete/
, because/
is treated specially to guard against such mistakes. See the documentation of the--preserve-root
and--no-preserve-root
options inman rm
for details. But the principle is sound: single-character typos do exist that result inrm
deleting everything. For example, if you mean to remove everything in the current directory by runningrm -r *
, but you accidentally put a/
before*
, that would be bad. -
Wilhelm Erasmus almost 8 yearsBut when you have full sudo, you can sudo su and hide your actions.
-
n611x007 almost 8 years@kbeta the analogy is appropriate. the risk is not an inoperable system, but data and privacy loss. the root user can delete the data. please use your phantasy to associate the killing and data loss.
-
phil294 over 7 years1.) Most people will consider their home directory as more important than root dirs, for the former cannot be re-installed. So I don't see your point. 2.) In terms of security, you are right. But coming from windows (where there is WAY more malware around), where I've used the admin account since ever (as many do), I have a hard time considering this a real danger. I am just too lazy to type
sudo
and my password for every second command in Linux. Aren't Linux users supposed to be lazy????? -
phil294 over 7 years
he will still be able to boot the system, even if the data will be lost.
- What's the point of this? If my data is lost, my data is lost and that's it. Linux system software can be reinstalled if deleted, why should I care about data loss in such diretories? On the other hand, data loss in~
is bad. Andsudo
doesn't protect me from that. -
Jeremy Hajek over 7 yearsSolaris treats this command as undefined behavior according to a wide POSIX interpretation (and Bryan Cantrill) and throws an error
-
Chad about 7 yearsDoesn't prevent people being able to log into root.
-
Edgy1 about 7 yearsdisagree -_- :~ :|
-
Constantine over 6 years@kbeta you're assuming that you're running on a computer where the only valuables are your data and system files. In reality linux is often used in a system where there are many users using a system simultaneously. In this case the stability of the system (and therefore the system files) is far more valuable and other user files are important too.
-
phil294 over 6 years@LazyPower thanks for editing your answer, but now I dont understand it anymore. For modifying my private Ubuntu ~ folder, programs dont need sudo rights. Rhythmbox CAN wipe out my entire $HOME/Music directory! And that is all I care about! How is this related to root permissions?
-
lazyPower over 6 yearsThat's a good call out @Blauhirn. I just sent in a follow-up edit to reflect we don't want it deleting the entirety of /usr. In terms of protecting your $HOME folders, nothing like a good backup can help you. I don't think this particular scenario would be related to security as much as good practice. Thanks again for the callout.
-
Juan Quintero almost 6 yearsAnother good practice is to have important data backed up. If you wipe out home directory, you could still boot and just copy over files from the backup. Or, let's say you have a small laptop for travel. It might have some pics, travel notes, train schedule - but nothing too crucial. If you wipe the user files, you can still boot the system up and check in for your flight or find out which bus to take.
-
Pryftan over 5 years@Blauhirn And you think that a compromised system can't pose a risk to your personal data? Think again. And no user of any system should be lazy; any one who is lazy when working at a computer is asking for trouble. And that incidentally includes not backing up your file systems (esp your /home and specific other directories which hopefully /home is on a different volume than your system...).
-
Pryftan over 5 years@kbeta Fair enough but a damaged system configuration can also pose a risk to your data... and of course having backups would be a good idea whether your system is at risk currently or not. Working current backup with a disaster recovery plan would be better yet.
-
Pryftan over 5 years@Blauhirn Backups. And there is a chance of recovery even if it looks bleak.
-
phil294 over 5 years@Pryftan after your logic, youd also need backups of /usr, /bin etc. All I say is that sudo protects the wrong stuff. I feel that for a desktop computer,
~
is more important than/etc
. I can get keyloggers in gnome autostart or have my data modified or read without sudo protecting anything. Once a malicious program has access to my home folder, I dont care if it also has access to the admin content (I think you didnt see my second comment). -
phil294 over 5 years@Pryftan ...Yes, we can encrypt /home, put it on different volumes, blabla. This is not about individual steps, it is about the obligatory need to protect admin data but ignore snoops on home data. Finally, no,
any one who is lazy when working at a computer is asking for trouble
I disagree. Yes, you need to make backups. You should also deeply care for your security. But laziness can lead to great innovation. I automize many things in bash scripts because Im too lazy to type them in 10 times in a row. Is that a bad thing? -
Pryftan over 5 years@Blauhirn Making scripts and programs to do things doesn't equate to laziness; it equates to efficiency. That's the beauty of do one thing well: you can do things that the designers didn't even imagine. And I wouldn't say you'd need a backup of /bin but definitely parts of /usr. 'Unwilling to work or use energy.' 'Characterized by lack of effort or activity.' Automatic: '(of a device or process) working by itself with little or no direct human control.' Even OED disagrees with you.
-
Pryftan over 5 years@Blauhirn And you missed the point I was making, anyway, since given you say the home directory is more important than
/etc
. Problem is I wasn't saying home directory isn't important. I was saying that the rest of it has a risk too if you don't really care about it. False sense of security is one point but not the only. For that matter /var also has some things you might want to backup as does /root as does... But that's really besides the point I was making. To clarify a point: sudo is for something else, yes, but being privileged always could also be a risk to /home. -
Pryftan over 5 years'a decade maybe?' Much much longer than that even from when you wrote this. Even without sudo there is su not to mention e.g. the wheel group (for example). Privilege separation is always important and always has been important and always will be important. Otoh not as many people used Unix based OS that many years ago and many who do are used to always being an administrator.
-
Pryftan over 5 years@EliahKagan But yet if you were to do...
chown -R nobody:nobody ../
from say /etc would it protect you? If you were to do that on /etc it would cause you a world of hurt. Similarly is.*
when recursively running a command. -
Pryftan over 5 years'If you're the only person who uses your computer, the harm you can do only as root might not really be higher than the harm you can do with your regular user privileges. But that is still no reason to expand your risk' Not to mention it puts you in the habit of it... then you go to another system and what happens? Same with the absurd idea of making people get used to
rm -i
by way of shell alias. You go to a system that doesn't have that and then what? Baby sitting a user from mistakes like this is never a good idea when you consider humans are very much creatures of habit. -
Pryftan over 5 years'Maybe I'm not completely precise because I don't know the exact mechanism, but when you fill up a disk with a non-root account there are always a few kilobytes left.' Perhaps you refer to lost+found directory ? If so you can as administrator specify how much to reserve. I want to say the typical default is 5% but I could be wrong and it can be changed. It's quite useful though even if rarely needed. Apparently there is more on it here (I remember it from my years of use): unix.stackexchange.com/questions/18154/…
-
Pryftan over 5 yearsAlthough technically there is a way to log actions including every single command. This goes for every user. See process accounting e.g. here: linuxjournal.com/article/6144 And it's only safe truly if you need to be root; otherwise it's not entirely safe (exploit, etc.) even if the command should be safe.
-
Lionel Gaillard over 5 yearsApprently it's not limited to ext filesystems: unix.stackexchange.com/questions/7950/…
-
Pryftan over 5 yearsYep. I knew that :) But thanks for adding that too.
-
phil294 over 5 yearsI opened a new question in security.se security.stackexchange.com/questions/180555/…. ill come back to the comments later. - (updated link)
-
HopefullyHelpful over 5 years@jippie, it should have a build in 10 second countdown
-
Andreas H. almost 5 yearsFinally a real and differentiated answer, instead of the usual 'never do this'-mantras. +1 and thanks for this.
-
Sean McCarthy almost 4 yearsBrilliant answer. Best I've seen. Thanks so much for explaining it so well for Linux noobs like me.
-
Heetola over 3 yearsso it means that an application should never be launche this way? : sudo myApp.py because it would be the same as rurring it from root?
-
therobyouknow over 3 years+1 upvote on anser and upvote on Andreas H.'s comment. Thank you sjas very much: a down-to-earth answer, which is pragmatic rather than dogmatic.
-
Scorpion about 3 yearsYes I agree, garyshood.com/root xkcd.com/1200 bkhome.org/archive/puppylinux/technical/root.htm. "Is someone steals my laptop while I' m logged in, they can read my email, take my money, and impersonate me to my friends, but at least they can' t install drivers without my permission."
-
Nils Lindemann over 2 yearsTo learn an OS it is OK to not put any sensible or valuable data on it and log in as root, to be able to see all folders and edit all settings. Then, if you have learned how the system works, reinstall and log in as non-root. I am doing this on Fedora, which is as simple to use as Ubuntu (and in my experience more stable), but allows root logins. I prefer having an option to opt out.
-
Cristy over 1 yearBut if there is only one user on the system and that user needs sudo privileges, aren't the privileges/access rights the same as root?