Slashdot Mirror
Root as Primary Login: Why Not?
A user writes, "I help moderate a forum dealing with Mac OS X, and I'm having an awful time convincing a fair portion of our readers that logging in as root all the time is a Really Bad Idea. Worse, though, are the ones who try to convince others to log in as root all the time, claiming it's 'more Mac-OS-9-like,' or saying 'it's not really more insecure,' or even that 'a firewall should deter hackers pretty well.' I know all the standard arguments, but they're not working out. Does anyone here have some real-world anecdotes that I can point to?"
I'm a newbie and I always initially log in as root because that's the only way I can get adsl-connect going. I guess maybe I installed it as root, because it doesn't show up or run when I log-in as a regular user. Not a big deal but it is annoying to have to log in as root to get online and then to log out and log back in.
evanchik.net
I'm as mimsy as the next borogove but your mome raths are completely outgrabe.
My main reason for why you don't use root entirely is eventually no matter how careful you are you WILL make a mistake. Be it rm, chmod, mv, it will happen. If you use another account and try to do as much as you can as a none root user and only su up you will be less likely to simply careless do something.
But that is my 2 cents, my advice would be to present your argument, if they don't want to listen and want to put their boxes at risk, let them. When they accidentally make a mistake bring their system down they will learn. If they don't learn from that and keep recommending bad admin practices to others, well they are morons. But that is another issue.
I hate to say it, but they're going to have to get burned before they understand why they shouldn't log in as root all the time. Everyone I know has rm -rf'ed something important once, but just once.
this sig intentionally left blank
Don't smoke it. I did once and got hooked. I ran Mac OS Updates as root. Fuck, I even had sex with my girlfriend as root. Man, that caused some permissions problems. When I started the road to recovery (logging in as Zacks) my girlfriend was all like: "Fuck no! You can't get any cause you don't own me an I don't go groups. You don't have the power to read, write OR execute so get out of my FACE" So I was all HELL NO bitch. And she wuz like you do not have root (superuser) privlages so get out of my TruBlueEnvironment! So then I went chown and chmodded her ass to me. Dat be-otch be up in my hizzouse. What what. Holla!
"...claiming it's 'more Mac-OS-9-like,' "
Nope. Not at all. OS 9 has the same level of protection for itself that OS X does, it just works a bit differently. Tell your friends to try this... In OS 9, drag your System Folder to the trash. Go on, do it. Whupps - you can't. Why? Because you don't have 'permission' to. You can only do it if you boot from a different source, like a CD or another volume. Unix does this far better than OS 9 could, but it's basically the same idea. Logging in as ROOT lets you do anything you want. Toss your kernel? SURE!!! No problem! BAD idea. I feel that if someone doesn't know why they shouldn't be root, that alone is reason enough for them NOT to be.
There are a lot of threads at various mac forums with this topic, but a current one is here at MacNN forums.
MacNN forums seems to have a well deserved reputation for being full of idiots. Especially in the OS X threads.
Say hello to "Bobby" from Ventura California, who started this thread :)
Let's say that you want to change the permissions of all the files in your home directory to go-rwx (which make sense). So, you type:
/*
/bin, /sbin, /var, etc. You're system is now screwed up to the point where it's probably faster to reinstall than change all the permissions. If you weren't root, you'd see something like this (from a Linux-PPC box):
/* /bin: Operation not permitted /boot: Operation not permitted /dev: Operation not permitted /etc: Operation not permitted /home: Operation not permitted /lib: Operation not permitted /lost+found: Operation not permitted /mnt: Operation not permitted /opt: Operation not permitted /proc: Operation not permitted /root: Operation not permitted /sbin: Operation not permitted /tmp: Operation not permitted /usr: Operation not permitted /var: Operation not permitted
:)
chmod go-rwx ~/*
But by mistake, you hit the space bar, and get:
chmod go-rwx ~
By the time you realize the hard disk has churned too long, you'd just gone and wiped the permissions on
[pts/2@tardis:/home/dmorriso @00:45] chmod go-rwx ~
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
[pts/2@tardis:/home/dmorriso @00:46]
And yes, back in the day, I did make this oops and had to reinstall, because I had used su rather than sudo, and had forgotten to un-su. I started using sudo right afterwards.
_sig_ is away
For the old unix hacker it looks like you're logging in as root, but that's not really the case. At install time the system creates two users, both have the same name and the same password!
One is just a user, the other is root. In previous versions ( i haven't tested it lately) you could change the password of one but it wouldn't result in a password change of the other (which gave alot of headaches).
Now if you log in you're the normal user, and you can't do anything really dangerous. You need su (which needs to be activated, it isn't possible by default) or sudo to do something as root. Also when you're doing an install that requires root the installer will ask for a super user.
In both cases you use your own username and password (if your user is created at startup). So If somebody sneaks behind my computer when I'm gone to do something else, they can't really do anything dangerous. They would still need a password!
You can make more users if you want without any rights (that's easy), but the system works better than it looks because you don't log in as root!
You can if you want to btw. The password of root is the same as the password of the user.
It does nail down the importance of good passwords which is something that alot of macusers are new to.
As a command-line user, I understand the value of not logging in as root all the time.
However, most Mac users couldn't use a command line if their life depended on it and probably don't even know that MacOSX has a command line.
The MacOSX user who's a classic mac user will probably never use the command line; if they have to rename a thousand files to add an extension or a prefix or whatever, they'll do it by hand, not by using a tcsh script.
So, the question is, how much damage can one do from the MacOSX GUI at root? I don't know. I have accounts on other ppl's MacOSX computer (namely, at my University) but have never been logged in as root.
Of course, not logging in as root doesn't only protect you from yourself. It also protects you from "trogan" install programs, which say they'll do one thing, and in fact delete the entire hard drive or something else like that.
social sciences can never use experience to verify their statemen
Mod this up. It's supposed to be funny. I don't see how it's a troll.
That said, Mac OS X has a root user, but root does not have a valid password on installation. The first user that is created via the setup assistant is what is known as an admin user. These are users who are members of the group "admin", a predefined group. Apple provides an API whereby a GUI application can ask for an admin user's password, and thus gain sudo-style privileges for actions such as installing software (which might need to put things in places that can only be touched by root). Also, the
In addition, admin users have access to the
Note that the
If a user were to log in as root, he or she would immediately gain write access to the
From the command line side of the house, admin users are allowed to do anything via the sudo command, which is preinstalled on Mac OS X. If you need root access, you can use sudo to do just about anything from the command line. If you really, really need a root shell, you can always do "sudo -s" and get one.
In summary: Mac OS X has the tools that you need to perform system administration tasks form either the GUI side or the command line side without needing to log in as root. Logging in as root is the equivalent of opening up a piece of machinery with the warning label, "No user serviceable parts inside", and you should not be surprised if you get hurt when you do this.
Paul Suh
psuh@apple.dontbotherspammingmeigetwaytoomuc
Note: on Mac OS X Server, root is enabled by default. This is considered less of an issue since it is expected that servers will be run by people who have a better understanding of the issues involved and are more likely to be doing things that need root access, even from the GUI level.
I'll only tell you the anectdote salient to this article. He would, of course, only log in as root as the KDE rpm front-end wouldn't work when you're logged in as a regular user and he didn't want to figure out how to use the the command-line rpm (I don't know if currently KDE does a sudo/su-type thing using the GUI, but it didn't back then - if you ran kfm as non-root, you couldn't use the RPM front-end).
At one point he could no longer log in. Problem? / was full. He was downloading all his stuff into /root (a one gig partition) and /home (20 gig partition) was completely empty. You could log in from console, but not from XDM since XDM creates files in /tmp upon login. He had no idea how to get from XDM to another virtual console, so he was effectively locked out of his machine.
My point? Give up. Don't worry about it. They will not learn why logging in as root is bad until they get burned. Especially since you're just a forum moderator - if you were getting paid to do this and your job depended on these machines staying up, you would have every responsibility to ensure people were properly following your policies; but, as a mere guru to these people, allow them to learn in the most effective fashion: trial by error.
OS 9 like, sounds like "More Mac like", and logging in as root is not.
My first Macintosh manual (for the Macintosh 512k) had the following to say about installing the "Programmer's Switch": "The Programmer's Switch is used to create an Interrupt or a Reset. If you do not know what an Interrupt or a Reset is, you do not need this switch". While people may criticize this, it has always been Apple's strategy to protect users from their own stupidity.
So really to emphasize the parent post, "If you do not know why to log in as root, don't do it." Period. Nuff said
Alex -- (And I don't even normally log into my BSD box as root)
Absinthe makes the heart grow fonder
The problem is, IMHO, the mere existence of root, as opposed to a more fine-grained approach - things would be much nicer if "may bind to a port <1024" wouldn't automatically imply "may rf -rf /". It's nice to see that some unixes seem to move in this direction, but, well, HURRY THE F*CK UP, developers! ;)
Programming can be fun again. Film at 11.
All you had to do was boot from a floppy or CD, mount your disk, and move the directory back. I have had to do this after toasting libc before.
Karma: Good (despite my invention of the Karma: sig)
I realize this is slightly offtopic and I can probably kiss some karma points goodbye but, did anyone else notice a modified image at the top of this page? This image was at the top of this story.
I Don't Work Here
I hate it when some systems add this to the default .cshrc/bashrc/whateverc. IMO, relying on such an alias is asking for trouble. What happens if you're on another machine that doesn't have that aliased? What if the alias didn't take effect (something bad in your .cshrc caused it to stop parsing before that)? I've seen people use this alias to get into the habit of typing 'rm *' and just saying N to the files they wanted to keep. Bad idea.
The intentions are good, but I think if you're playing with fire (doing things as root), you should be forced to be absolutely careful and type everything out just as you really meant it.
Say hello to zMac.
Those of us who might not be able to responsibly handle using root as our primary login want to.
For the record, I have root enabled - but I rarely log in with it.
The question should be, "Why do people who don't understand root access have it?"
:)
Perhaps you should lobby the companies these people work for to have their root (or admin) access removed
I hold it, that a little rebellion, now and then, is a good thing. -- Thomas Jefferson
...to understand why *nix is not ready for home user desktop prime time.
Syntax error: loose != lose, affect != effect, then!=than
After they have wiped out thier system ask them if they know how to install the OS ;-)
Its sort of like NT do you give all your users admin priveledges or just the ones you trust?
Only 'flamers' flame!
Not Running as root is a general safety factor in many aspects some that are stated and some that are not.
/* is a desasterous command. Also sometime I acedently click and drag a folder into an other folder. Doing this as root would alow me to move stuff that needs to be in its place to an other spot.
/etc/passwd
/lib directory but you forgot about it and downloaded a file there. Then when you actually needed the file you cant find it so you have to run the find command. With a restriced access it allerts you that something is not right before you wast time.
1. Running as root is not forgiving of simple typo's rm ~
2. Not running as root is one of the first line of defence from protecting yourself from Viruses and Trojans. If you dont have access to mess up your system good chances the file attachment you opened up will not have permission.
3. Programming as non-root is good it could prevent you from accedently messing up important files Say you open("file","w") except for a open("file","r") and say file was
4. Stops you from making a mess of your file system. Say you were in
5. You know when you are doing something that may cause problems. If you cant do it as your own account then do an sudo to run it this makes you concious that you may be doing something that may damage the system so you will be more alert.
6. Sometimes other people use your computer and they may not be as carefull as you.
7. On multy user systems it may make people feel unconfortable if you use root all the time because they have no sience of privacy of there home directory. (This is a weak one but its true)
8. It is a lot easier to crash the computer as root and running apps as root. You cant always trust other people code
9. Loggin in as root all the time increases the chance that someone snooping your network will find the root password and create real damage.
10. Some programs may give them selfs a lower (nice) level and eatup your system resourses.
In generally running as root needs you be on on edge when ever you do something and the potential cost outwaigh the benefits
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Have her read at -1 to never speak to you again...
....an even more significant reason:
/uneducated/ user(and sometimes not even clicked on...just received by something like Outlook) while logged in as root....and poof there goes the whole machine....lucky, at least for the rest of us cause at least that users box is gone.....or really unlucky for the net community at large if the virus/worm/et.al. keeps the machine and starts doing nasty self propagation.
1)As root you have the ability to not only do damage to your own user files...but you have the ability to damage/destroy the whole system. Being a user on a UnixOS is one of its beauties. No matter how bad you screw up as a user, its only your files...the system will still be there.
2)OSX runs a number of Microsoft Applications....i.e. the Office Suite, and Outlook...which are notoriously prone to security problems.(albeit, quite a bit less on Mac)
Mix those two reasons and you get something like Windows, where one script sent by email, clicked on by an
So, just dont do it. There is so little a regular user needs root for...and for that Apple has provided sudo....built in from the start.
Dimes
In my analysis, there are three reasons.
I'm proud of my Northern Tibetian Heritage
Nope.. You're logging in as an admin user - which is perfectly fine IMHO and much safer than running as root.
Sudo lets you run commands as root without actually running your shell or whatnot under root - when the program is finished, so is your root access and you can't foof the system by accidentally doing rm -Rf / or something.
Those who will sacrifice Freedom and Security will get Windows...
I don't get it. Why do people feel the need to be root anyway? I have been an OS X user since Beta. I host my website on OS X and recently OS X server. I have configured Apache, BIND, Sendmail (ugh) and Postfix. I compile C++ source from the command line. If for some reason need to run a command as root (which can be frequent) i use sudo. There is a program called pseudo that will run apps as if they are root by drag/drop-ing files on top of it. If the user is an admin, they can config the system and install by simply providing their passwd. I have activated root from NetInfo to access certain functions but never once needed to log in as root. What is all the fuss is about?
z(p)
Bleh!
I understand that you can accidentally delete every file on your hard drive, but it's not as easy to accidentally do as so many people claim. You have to want to recursively delete all the files at a certain point in your directory tree - I personally never use rm -r and most people who don't understand the trouble with root wouldn't even know how to use the command. They're much less likely to type it in, and then even less likely to type it in when their pwd is '/'.
I think that the classic example also downplays the dangers of typing in 'rm -rf ~/' - back when I did helpdesk work I had many more reports of people erasing their personal files than system files. It's much worse in my opinion to lose all your personal files than to lose important operating system files because they can't be replaced as easily (and these people almost never make backups). These were Windows 3.1 and 95 machines usually, so there was not much stopping them from deleting crucial files except their lack of knowledge. And all they would have had to type is "deltree c:\windows" or "del /y c:\windows\*.*" from any command prompt.
So my point is that home users logging in as root is bad practice, but not likely to cause any problems that couldn't easily happen on most Windows systems (since XP creates passwordless administrator accounts by default I am including it in this category). If an OS X user (or desktop linux user for that matter) logs in as root all the time, and then one day royally screws up his/her system, he/she will probably be able to reinstall, or find somebody to reinstall, the system files that only root can destroy. The personal files, those which the user could have destroyed without root, will be deleted either way:
So the lesson is: don't log in as root unless you know how to reinstall the OS.I really hate signatures, but go to my website.
So is "viri"/"virii" an old joke! I know that I first encountered it in the sixties, as a little kid. My mom used it -- and she was an English major and professional editor and writer. She was well aware that it was incorrect, but it tickled her sense of humor (as did some other malformed words and phrases, such as "swell foop", which she used more-or-less consistently throughout her lifetime).
And how do you tell if people are using it "tongue-in-cheek"? When people use "boxen", they usually use it as if it were a real word, and don't draw any special attention to it. Pretty much the way they use "viri"/"virii". Unless you have previously unsuspected telepathic powers, you're using guesswork, and have no factual basis for your claim. Since I first encountered Tom C.'s humorless diatribe over a year ago, I have looked in vain for any evidence that anyone at all takes the silly misspelling seriously. I have failed to find any. It's a little more popular than "boxen", but then it seems to have spread through science fiction fandom, which was a little bigger and more widespread than hackerdom back in the sixties when all this silliness started.
As for the ridiculous "it's not proper Latin" argument, well, that's just dumb! This is English we're talking about, not Latin. Hell, the word "television" mixes Latin and Greek roots, and by the measures you're applying, is a REAL abomination. Why don't you start a crusade to stamp out the word "television" instead of wasting your time on a mild (and admittedly not-very-funny) joke.
and what led me to the question was the nth time i was unable, as the admin (the name put in at install time), i am often stopped at the gates when trying to read/write something to/from my wife's subdirectory /users/hotchick.
/users
One fateful night, i was, yet again, doing some printing for her (the printer's upstairs where my machine and the printer is) from her TiBook, and so i logged in as me on her TiBook to print her stuff...
well, i couldn't get into her subdir... so i tried batchmod - and that doesn't (apparently) have a -R on it, so then i went to the CLI to
sudo chmod -R 777
fine.
the GUI STILL wouldn't let me into her subdir until i rebooted the Finder... damnit.
then, later on that night, when she went to work on one of the files later, it turned out that when i had opened one up and made some changes for her, is changed the owner to adminboy - and hotchick couldn't open the files any more...
arrrrgggh!!!! Its my fscking computer, and i want me or my wife to be able to read/write either/or's files to our heart's content. This includes ~/pictures (where things _have_ to be for iPhoto) and other "predetermined" subdirectories.
i even went so far as to repartition the machine with a 18 gig primary drive, and a 2 gig hotchick_HD so that i could turn off file permissions..
of course.. that check box doesn't ACTUALLY work - because not a day later - after the fresh install and all - all her stuff is on the 2 gig part - and when i maked some changes, she wasn't able to open those files later.
so - if i have 2, and only 2, users on a machine that want to have separate logins (login-time differences, like desktops, Dock position, etc) but we want complete control of each other's files on the machine..
i don't want it when i edit a Word file for her that it makes it "read only" when she logs in later to work on the file.
so - that was, in a rage after the 100th time she came to me complaining that the computer wouldn't do what WE wanted it to do... in Pudge's conference..
:FOR THE LOVE OF GOD, I"M JUST GOING TO LOGIN AS ROOT FOR NOW ON, DAMNIT!
i didn't mean it.. but my quandry - non-system files being universally unprotected for all users to see and use - and how to get there in a very Mac OS 9-like way.... is still unresolved.
guns kill people like spoons make Rosie O'Donnell fat.