Root Login [Solved]

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
Hoser Rob
Level 9
Level 9
Posts: 2831
Joined: Sat Dec 15, 2012 8:57 am

Re: Root Login

Postby Hoser Rob » Tue Jan 05, 2016 5:04 pm

dorian_mode wrote:... I was interested in a more detailed explanation of 'why' never gui as root?


Jeez. Try a search engine. Say with the string "linux why you should not be root".

In larger multiuser unix/linux installations, typically there is only one staff person with root privileges. The system administrator. An SA I know has a T shirt that says "I am root. Kneel before me". This is only partly for security reasons.

In unix/linux if you have root privileges ... n.b. this is not the same as sudo privileges ... the system will assume you know exactly what you are doing. This is much worse than buggering up ownership of files. You can seriously break your system.

The bottom line for me is that if you need to ask why you shouldn't be root, and why ubuntu doesn't have a root password by default, you sure as hell should not be root.

User avatar
austin.texas
Level 20
Level 20
Posts: 11698
Joined: Tue Nov 17, 2009 3:57 pm
Location: at /home

Re: Root Login

Postby austin.texas » Tue Jan 05, 2016 5:04 pm

Please note that any text editor or any graphical program, should be opened with the command "gksudo" not "sudo".

Using sudo to run a graphical program opens up a possibility of messing up file permissions.
Sudo runs as the current user with elevated privileges. This has the potential of changing file permissions of certain user config files (relating to your graphical environment) when running graphical apps. You may find errors occurring when running these apps again without sudo, because some of the configuration files may have become owned by root instead of the user.
gksudo (kdesudo under KDE) runs the apps as root user thus any file permissions touched are on root's files, not the users files.
Running these apps again without gksudo/kdesudo will always have the normal behavior.
Mint 18.2 Cinnamon, Quad core AMD A8-3870 with Radeon HD Graphics 6550D, 8GB DDR3, Ralink RT2561/RT61 802.11g PCI
Linux Linx 2017

Cosmo.
Level 22
Level 22
Posts: 15445
Joined: Sat Dec 06, 2014 7:34 am

Re: Root Login

Postby Cosmo. » Tue Jan 05, 2016 5:11 pm

dorian_mode wrote:I was interested in a more detailed explanation of 'why' never gui as root?

Because in this case the whole environment, in which you are running, runs with elevated rights. That is what Windows does if you login with a admin account and this is the reason, why Windows systems are a comparable easy to vulnerable systems. That means, if an attacker gets somehow into the system (maybe via Internet) he has all rights and can do, what he wants to.

Modern OS's have the ability to make use of privilege separation (also Windows NT, 2000 and up), but Windows practically undermines this, because for MS comfort counts higher than safety. There is indeed no need to do such a stupid thing. A Linux user, who is member of the group sudo (that is at least the user account, which gets created during installation) can do all needed things via sudo (terminal commands) or gksudo (kdesudo in case of the KDE desktop) for graphical programs. But as long as the Linux user does not execute a command for doing some system tasks, all runs with limited privileges. Result is, that the system is protected against attacks.

There are people who argue, that they are the owner of the computer and they want to do whatever they do. They don't know, or they don't understand, that at the moment, when an attacker was successful, they are no longer the owner of the machine; all what they have is the imagination of being the owner. Compare it with your home: You are the owner, but only as long, as the burglar didn't came in, because you missed to close doors and windows properly. It least I don't know any person who would leave all possible entries open with the "argument" "I am the owner".

cwsnyder
Level 6
Level 6
Posts: 1242
Joined: Wed Oct 20, 2010 6:49 am
Location: Nappanee, IN, USA

Re: Root Login

Postby cwsnyder » Tue Jan 05, 2016 5:28 pm

Why never GUI as root?

Many errors never show up in a GUI. Also, many warnings never show up in a GUI. Simply launch (without sudo) some of your favorite applications and watch the terminal screen to see the results, which will show that I speak truly.

Do you know exactly what your application in a GUI does? Have you examined the code, including all system calls on dependencies? Do you know what temporary and configuration files are used in what folders, with what owners, and what is changed during operation of the program? How well does your GUI clean up after itself? Are you aware of buffer overflow and underflow boundary conditions? These aren't a problem if you run as a normal user, but can really mess up your system for any 'normal' user login from a root login.

I would not say never GUI as root, for example Synaptic package manager and archive manager may not operate as required if run as a normal user, but certainly never run a program as root which can be run as a normal user.

Even distributions which set up a root user as default warn about logging in as root except under specific circumstances, which usually precludes logging in to a graphical desktop.
LMDE Mate 64-bit, LM17.3 Cinnamon 64-bit
Debian Mate 64-bit, Xubuntu xenial 64-bit, Ubuntu-Mate 14.04 64-bit, Antergos Xfce 64-bit, PCLinuxOS Mate 64-bit

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 6:09 pm

Thank you both, Cosmo and cwsnyder for the detailed explanation. This is very helpful, I appreciate it.

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 6:20 pm

austin.texas wrote:Please note that any text editor or any graphical program, should be opened with the command "gksudo" not "sudo".

Using sudo to run a graphical program opens up a possibility of messing up file permissions.
Sudo runs as the current user with elevated privileges. This has the potential of changing file permissions of certain user config files (relating to your graphical environment) when running graphical apps. You may find errors occurring when running these apps again without sudo, because some of the configuration files may have become owned by root instead of the user.
gksudo (kdesudo under KDE) runs the apps as root user thus any file permissions touched are on root's files, not the users files.
Running these apps again without gksudo/kdesudo will always have the normal behavior.


Thank you for this. I was reading an example earlier today where someone operating as root had inadvertently changed file ownership to root and was unable to access them as user. Thankfully his problem was resolved with help from forum members. His experience combined with your explanation is gratefully appreciated. :)

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 6:28 pm

Hoser Rob wrote:
dorian_mode wrote:... I was interested in a more detailed explanation of 'why' never gui as root?


The bottom line for me is that if you need to ask why you shouldn't be root, and why ubuntu doesn't have a root password by default, you sure as hell should not be root.


There are a lot of things I want to learn, and I am not to proud to ask. Please point out for me where I asked "why ubuntu doesn't have a root password by default."

dorian_mode

Re: Root Login

Postby dorian_mode » Wed Jan 06, 2016 1:47 pm

I appreciate the response to this thread, I have learned more about this topic in one day from the explanations given here than I did in a year using ubuntu. Although the ubuntu forum is extremely helpful, I always felt stymied when asking about this topic. Thanks to everyone, I'm sure this thread will benefit more than just me. :)

User avatar
II-Trax-II
Level 2
Level 2
Posts: 67
Joined: Sun Jul 03, 2016 3:18 am

Re: Root Login [Solved]

Postby II-Trax-II » Fri Jul 07, 2017 12:35 am

<quote> any mentioning logging into Root</quote>

Adding to this thread. Pjotr was right in his warning "Don't activate the root account and for God's
sake don't ever login graphically as root."

Editing Fstab I changed the UUID's to paths (/dev/XXX) they were correct. I had a situation with Win10 I won't get into as it would take a leap of faith, yet requred the format of the Windows partition. Logging into Linux Mint Cinnimon the first time since the Fstab edit I was in what seemed a new Install of mint.

The Fstab was back to UUID's and Gparted showed that Root and Home had changed positions with me being in Root yet called home. Switching the UUID's of Root with Home got me back but each day is a different error, missing program, or problem of some sort. I'd be the first to admit I can't pull out of this one and be required to reinstall my Mint OS.
Binary Image

User avatar
F M Waterman
Level 1
Level 1
Posts: 26
Joined: Mon Jul 24, 2017 8:22 am

Re: Root Login [Solved]

Postby F M Waterman » Tue Sep 12, 2017 1:18 pm

Although it has been some time since anyone has added to this post, I would like to comment that of all the posts I've read in all of the forums I participate in, or have participated in, this specific post is one of the most cogent and informative that I have had the pleasure to read,

Thank you to all that have participated in its creation.
Just because you're paranoid doesn't mean Big Brother isn't watching everything you do and without any judicial authority OR oversight![/i]

fruitkiller
Level 4
Level 4
Posts: 271
Joined: Tue Aug 05, 2014 7:52 pm

Re: Root Login [Solved]

Postby fruitkiller » Sat Sep 23, 2017 1:01 am

I want to be able to login as root, just once and quick, the way I found for Linux Mint Rebecca (17.1) worked once as a kind of "enter your login" which Ubuntu and Mint had in the past, not sure about Ubuntu now, I quit when 12.04 was making my hair stand up in anger at times, and when I "upgraded" to 12.10, it couldn't handle gnome-classic, it would boot but it was impossible to click on anything then I switched to Mint 13 and 15 quickly thereafter and followed up 16, 17.3 (not going into 18 territory yet, as it is not compatible with some hardware on my main desktop.

Anyway, my VPN service, which I mainly add openvpn servers to the network-manager to, is in the greats, the kind you settle on after looking at that gigantic table of VPN services and their features (or bugs) or outright failures. Mine's pretty solid for various reasons, and I was rather curious when it was the first vpn service that had instructions on how to use L2TP/IPSEC protocol. So just to test, I followed the guide and added just 3 servers and tried it and yep, it worked. I got L2TP IPSec VPN Applet and L2TP IPSec VPN manager. That's all nice and dandy, it's already much more of a pain than in windows where they have a gui, they don't for linux, gotta add the files and the key files etc. logins and passes all manually and then 3 months later you need to delete a bunch you installed because they are no longer operational and you need to download the config files and the key-files again. Anyway, I found that in case I can't use OpenVPN for some reason, L2TP IPSec meanwhile could be an option better than pptp (for god's sake, they should stop, microsoft even replaced it with sstp which just a little vpn providers offer, likely for very good reasons).

The problem is when I say reboot or shut down the PC cleanly, through System->Shut Down or Restart, I'll see Mint's Logo and then it will disappear and I will see some text, modemmanager shutting down, and something about Amsterdam-3, Stockholm-8, Austria-9 (not actual names, but the 3 servers) being somehow shown,I'm not sure it's saying disconnecting (if it would, I would have panicked a long time ago, but that's stuff happening in the back, or in the other user I created just to be able to "debug" caja when suddenly (rarely happens, but it does, it will go into Zombie mode and there's no folder browsing possible, so I made that other user to log in and do a short command to bring back caja to life and logout. Is there a logfile of your last shutdown and/or restart? I could show you, I want to know what's going on, and since it's not something that should show up as it's not a PID, if I don't turn on the manager, the icon doesn't show up in the notification area. So that's why I want to go into root and somehow delete L2TP related packages while there. But first, being able to remember what happens at shutdown, something I see rarely would be useful for me and others to have a guess at what is going on.

User avatar
JerryF
Level 7
Level 7
Posts: 1638
Joined: Mon Jun 08, 2015 1:23 pm
Location: Rhode Island, USA

Re: Root Login

Postby JerryF » Sat Sep 23, 2017 9:16 am

Hoser Rob wrote:Jeez. Try a search engine. Say with the string "linux why you should not be root"...

Then why have a forum?
Don't forget to edit your original post and add [SOLVED] to the beginning of the Subject line if your problem has been fixed.
My main language is English. I speak very little Portuguese, and a whole lot of gibberish.

fruitkiller
Level 4
Level 4
Posts: 271
Joined: Tue Aug 05, 2014 7:52 pm

Re: Root Login [Solved]

Postby fruitkiller » Mon Oct 16, 2017 3:55 am

^^
Indeed, let's all just trust our masterminds at google. *cough*duckduckgo*cough*ixquick*.

But also don't believe what you read on the internet, it's all false, especially on these dark corners of the internet called "forums" or BBS'! :roll:


Return to “Other topics”