Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root as Primary Login: Why Not?

Posted by pudge on from the uh dept.

A user writes, "I help moderate a forum dealing with Mac OS X, and I'm having an awful time convincing a fair portion of our readers that logging in as root all the time is a Really Bad Idea. Worse, though, are the ones who try to convince others to log in as root all the time, claiming it's 'more Mac-OS-9-like,' or saying 'it's not really more insecure,' or even that 'a firewall should deter hackers pretty well.' I know all the standard arguments, but they're not working out. Does anyone here have some real-world anecdotes that I can point to?"

6 of 164 comments (clear)

  1. Why i have to log in as root. by m_evanchik · · Score: 5, Interesting

    I'm a newbie and I always initially log in as root because that's the only way I can get adsl-connect going. I guess maybe I installed it as root, because it doesn't show up or run when I log-in as a regular user. Not a big deal but it is annoying to have to log in as root to get online and then to log out and log back in.

    --

    evanchik.net

    1. Re:Why i have to log in as root. by lexarius · · Score: 5, Informative

      Well, you could have a script run at boot time to connect the adsl, or one that is set to run as root no matter who runs it.

      As for the original poster, I don't know what to say. In OS X root still has to give his password for authentication screens. The only convenience I can really see it having is to mess around with system libraries and configuration files unchecked. Oh yeah, thats right. Most unices aren't very vulnerable to virii because the user isn't root, so the virus can't get at the important things. The most a trojan could do is take out your home directory. Your system would still run.

      Of course, logging in as root makes the system slightly more vulnerable to local attacks, but that isn't saying much.

      Cmd-S during boot-up.
      fsck -y
      mount /
      SystemStarter
      passwd root

      System compromised.
      But thats a feature. I think it can be disabled, possibly by supplying an OpenFirmware password... auto-logging in as root sort of ruins that, though.
      If people want security similar to Windows, tell them to run as root. OS9 is somewhat more "secure" than OSX because it was meant to be stupid-proof. Running as root in OSX is like telling the computer you really know what you're doing. If you don't, you shouldn't.

  2. Root is like crack by Anonymous Coward · · Score: 5, Funny

    Don't smoke it. I did once and got hooked. I ran Mac OS Updates as root. Fuck, I even had sex with my girlfriend as root. Man, that caused some permissions problems. When I started the road to recovery (logging in as Zacks) my girlfriend was all like: "Fuck no! You can't get any cause you don't own me an I don't go groups. You don't have the power to read, write OR execute so get out of my FACE" So I was all HELL NO bitch. And she wuz like you do not have root (superuser) privlages so get out of my TruBlueEnvironment! So then I went chown and chmodded her ass to me. Dat be-otch be up in my hizzouse. What what. Holla!

  3. OS 9 like? Nope. by jasonwileymac.com · · Score: 5, Insightful

    "...claiming it's 'more Mac-OS-9-like,' "
    Nope. Not at all. OS 9 has the same level of protection for itself that OS X does, it just works a bit differently. Tell your friends to try this... In OS 9, drag your System Folder to the trash. Go on, do it. Whupps - you can't. Why? Because you don't have 'permission' to. You can only do it if you boot from a different source, like a CD or another volume. Unix does this far better than OS 9 could, but it's basically the same idea. Logging in as ROOT lets you do anything you want. Toss your kernel? SURE!!! No problem! BAD idea. I feel that if someone doesn't know why they shouldn't be root, that alone is reason enough for them NOT to be.

  4. Here's one. by Eagle7 · · Score: 5, Informative

    Let's say that you want to change the permissions of all the files in your home directory to go-rwx (which make sense). So, you type:

    chmod go-rwx ~/*

    But by mistake, you hit the space bar, and get:

    chmod go-rwx ~ /*

    By the time you realize the hard disk has churned too long, you'd just gone and wiped the permissions on /bin, /sbin, /var, etc. You're system is now screwed up to the point where it's probably faster to reinstall than change all the permissions. If you weren't root, you'd see something like this (from a Linux-PPC box):

    [pts/2@tardis:/home/dmorriso @00:45] chmod go-rwx ~ /*
    chmod: /bin: Operation not permitted
    chmod: /boot: Operation not permitted
    chmod: /dev: Operation not permitted
    chmod: /etc: Operation not permitted
    chmod: /home: Operation not permitted
    chmod: /lib: Operation not permitted
    chmod: /lost+found: Operation not permitted
    chmod: /mnt: Operation not permitted
    chmod: /opt: Operation not permitted
    chmod: /proc: Operation not permitted
    chmod: /root: Operation not permitted
    chmod: /sbin: Operation not permitted
    chmod: /tmp: Operation not permitted
    chmod: /usr: Operation not permitted
    chmod: /var: Operation not permitted
    [pts/2@tardis:/home/dmorriso @00:46]

    And yes, back in the day, I did make this oops and had to reinstall, because I had used su rather than sudo, and had forgotten to un-su. I started using sudo right afterwards. :)

    --
    _sig_ is away
  5. The Mac OS X security story direct from Apple by plsuh · · Score: 5, Interesting
    First, my credentials: I'm a Curriculum Developer with Apple's WorldWide Training and Communications group. I am the author of the Network Security chapter in Apple's Network Administration course. I gave a talk at the last MacWorld on Mac OS X firewalling, and I must have done something right since they asked me to do it again in July in New York. In this post, unlike most of my other postings, I am speaking in my Apple voice.

    That said, Mac OS X has a root user, but root does not have a valid password on installation. The first user that is created via the setup assistant is what is known as an admin user. These are users who are members of the group "admin", a predefined group. Apple provides an API whereby a GUI application can ask for an admin user's password, and thus gain sudo-style privileges for actions such as installing software (which might need to put things in places that can only be touched by root). Also, the /Applications directory also is writable by admin users, so apps where the install is just drag and drop (such as OmniWeb or MSOffice) can also be installed by an admin user and do not require root privileges.

    In addition, admin users have access to the /Library directory, which is where resources specific to a particular machine should be stored. There are four Library locations that Mac OS X searches for resources such as fonts and frameworks:
    • ~/Library - for user-specific items
    • /Network/Library - for resources made available to an entire NetInfo network
    • /Library - for resources specific to a particular machine
    • /System/Library - the base system installation; this area is in general reserved for Apple use, and most people have no need to change anything inside here.

    Note that the /Library tree in general has ownership root:admin with privileges 775. This means that any admin user can add or remove resources from his or her own machine without resorting to using root directly. In fact, if you wanted to add a set of resources that would affect only a particular user (say, give only the graphic artist access to the full set of 300 fonts, and leave everyone else with just the usual system set of fonts), you could install them under the user's ~/Library directory. Because of the default search order, resources in ~/Library and /Library take precedence over those in /System/Library, so you can simply install a framework in /Library and override the OS's default behavior.

    If a user were to log in as root, he or she would immediately gain write access to the /System/Library area, which contains the really sensitive bits of the operating system. As it were on the warning labels, "No user serviceable parts inside!" Logging in as root is the equivalent of unscrewing the cover of a piece of equipment with that warning label. If you know what you're doing and you're careful, you may be able to do something in there, but if you're not careful or don't know what you're doing, you are likely to get hurt. I know of several users who had the bad habit of looking at a bunch of files in their System Folders and thinking, "I don't know what this does, I can just throw it out to gain more disk space," in older versions of the Mac OS. Turning one of these guys loose as root on Mac OS X is likely to cause major headaches.

    From the command line side of the house, admin users are allowed to do anything via the sudo command, which is preinstalled on Mac OS X. If you need root access, you can use sudo to do just about anything from the command line. If you really, really need a root shell, you can always do "sudo -s" and get one.

    In summary: Mac OS X has the tools that you need to perform system administration tasks form either the GUI side or the command line side without needing to log in as root. Logging in as root is the equivalent of opening up a piece of machinery with the warning label, "No user serviceable parts inside", and you should not be surprised if you get hurt when you do this.

    Paul Suh
    psuh@apple.dontbotherspammingmeigetwaytoomuch alrea dy.com

    Note: on Mac OS X Server, root is enabled by default. This is considered less of an issue since it is expected that servers will be run by people who have a better understanding of the issues involved and are more likely to be doing things that need root access, even from the GUI level.