Linux Mint Forums

You should not log in as root - it's a simple as that
You have sudo (or gksu) for root tasks

I understand the dangers, and accept them.

Maybe - but the rest of us don't accept them - this is exactly why all sorts of things can hit Windows and you may end up spreading crap

ppetit wrote:

I get a message warning me about running as root. I understand the dangers, and accept them.

I just can't over emphasize what an incredibly bad idea it is to run in X as root. You apparently see this message often which leads me to believe you are using root to do everyday user tasks, as one would in Windows.

Your behavior not only affects you but everyone else on the net also. Running as root just invites others to take your box away from you. It will then be used for spam, adware transmission, denial of service, and many other nefarious and anti-social tasks. It also gives Linux a bad name to people who don't know any better.

How about posting your current IP. I would like to have a completely anonymous and remote proxy server.

To answer your question, yes, you can remove the nag message, but I won't be the one to tell you how to do it. Sorry.

Fred

No you will not be told how to turn it off and it is not a religious thing
Read Fred's post again
There are really only two reasons to log in as root
Recovery mode
You have to do a really major job that needs root privileges and then you log out again and run as normal user
Both these cases happens sporadically and the warning message is no problem
No distro wants you to do your daily work as root - Ubuntu and its offsprings has taken this a a step further in the special way you use sudo
Topic locked

I locked this because this has been answered over and over again and I did not want to discuss this again
However I got a PM from the original poster where he asked to be told why you should not use root, not just to be told not to do it.
This is exactly what Fred and I have been telling above
I think this topic tells the story very well
http://www.linuxmint.com/forum/viewtopic.php?t=1030
I'll leave the topic unlocked, but I won't participate any more in it

ppetit wrote:

I would like to know how it is possible for someone to take over my machine, because I am running as root, and in a way that would not work if I were not running as root. I need to be convinced it's possible, and that includes details.

I will attempt to clarify this for you to a certain extent. I will not however, turn this thread into a how-to for taking a computer. If what I say to you is not sufficient to convince you, so be it. I don't need for you to believe me enough to give specific instructions and workable code.

First you need to understand that when you are running in X as root every GUI program you run is run as root. Let's take the browser for an example. You are surfing the net and click on a link labeled pictures. One of these pictures redirects the browser to save a small file to /init d. instead of the browser catch. Since the browser is running as root the system dutifully complies without warning or complaint. The file is saved as a root file with execute privileges. The next time you start the computer /init d. runs as is normal, executing the rogue file. This rogue file opens a port and broadcasts the current IP to an IRC channel bot. The bot then sends whatever code it chooses to your machine, sets it to root and execute, unknown to you. The rest is history, as they say.

Had the browser not been running as root, any file downloaded could not be saved anywhere but in the non-execuatable catch. Also, the execute bit could not be set because only root can do that.

The above is only one of many ways you can get into trouble running X as root. Most of the time you will not even know that you are owned. That is the whole point. To have a fully functioning box under your direct control. Breaking your box would defeat the whole purpose of taking it in the first place.

But you may not be aware that there are a large number of people who believe that, while it was once a problem, it no longer is, and there is no longer any need for the home computer user to avoid running as root.

This is back asswards, so-to-speak. The exploits of today are much more sophisticated and widespread than they were in the past. To say that there is less risk now than there has been in the past is just plain wrong headed. The vast majority of the computers that make up bot-nets are individual home computers. Yes, 99% of them are Windows boxes, but that is only because they are more common and easier to break into. All that will change as Linux becomes more and more popular and new users insist on running in root.

I hope this was somewhat enlightening.

Fred