[Bobby]

Alright, as it stands every time I want to make some kind of change, I always log in as root and do it anyway. To this current day there has been nothing I "havn't done" based on my computer telling me I don't have permissions...


My question is, because of this is there any reason not to use root as my primary login?

I'm also wondering if there is a way to give full root access to another login. I'd rather login with my name, and that is the primary reason I havn't switched completely to root...

[Leia's Right Bun]

Originally posted by Bobby:
<STRONG>
My question is, because of this is there any reason not to use root as my primary login?</STRONG>

Lots security for one. You shouldn't need to use root for anything really.

You are going to get lots of responses saying the same thing...

[mitchell_pgh]

Don't do it. Don't log in as root unless you are willing to accept that you can bring your system down by moving one folder even if by accident. Root is meant to get in.... make a system change... and get out...

[mattstoton]

Bunch of sissies! I use root 24/7 and it works great. You don't lose any security, you can't see most of the files that you shouldn't trash.

[Leia's Right Bun]

Originally posted by mattstoton:
<STRONG>You don't lose any security</STRONG>

[Spheric Harlot]

Originally posted by mattstoton:
<STRONG>Bunch of sissies! I use root 24/7 and it works great. You don't lose any security.</STRONG>

Um.
Your feeling just as cool and suave whanging your dong on the keyboard, while your protective undies stay put doesn't really say anything about your computer's security.
-s*

[ratfink]

Originally posted by Leia's Right Bun:
<STRONG>

Lots security for one. You shouldn't need to use root for anything really.

You are going to get lots of responses saying the same thing...</STRONG>

Except that effectively, I have been "root" on my os7,8,9 machines for 10 years now, as well as on all the 95/98 machines I have ever used, and I have never hosed those machines (The 98/95 machines have a tendency to hose themselves). If permission security is there to stop the sole user of a system from hosing his machines, it's a very bass-ackwards idea. In the event of a single user machine, they can still do anything they want, there is just the inconvenience of having to log in as root to do it. (which I do with some frequency for simple things like emptying the trash.) It's like security through obscurity, except that it's security through pain-in-the-a--.

File permission security is for multi user systems to keep non admin users from hosing the system, or hosing other peoples files. All my home systems are single user systems, why must I maintain them like multi user systems? (Just so it's not thought that I am simply bashing OSX, there is the same problem with my SGI systems as well.) This is one of the things (and admittedly one of the few things) that NT/2000/XP does right. Simply make a user a member of of the administrator group, and they can do what they want. ACL's are much more flexible that the simple unix user/group system.

Geof

[mrfoxxman]

I have used the ROOT user for over a year now. As long as your Not an Idiot you shouldnt have any problems.

[Leia's Right Bun]

Originally posted by ratfink:
<STRONG>

Except that effectively, I have been "root" on my os7,8,9 machines for 10 years now, as well as on all the 95/98 machines I have ever used, and I have never hosed those machines
Geof</STRONG>

Oh really, I didn't know Mac OS 7,8,9 and Windows was a Unix OS. Silly me.

You don't have to worry about hosing your own computer, you shoudl be more worried about somebody hacking in and doing whatever the hell they want with your root account.

But hey, go nuts.

[chwbauer]

As far as I understand the problem about being root is also that all applications you start have root permissions. So even if one is really careful, a poorly written App can hose the system. This is not possible if you start Apps without having root permissions.

[davechen]

Accidentally doing an "rm" in your home directory is much less painful ig you're not root. I've occasionally done a "rm blah *" when I meant to do "rm blah*". Doing that in "/" would trash your kernel.

[chwbauer]

As far as I understand the problem about being root is also that all applications you start have root permissions. So even if one is really careful, a poorly written App can hose the system. This is not possible if you start Apps without having root permissions.

[malvolio]

Two things to consider (which others have already mentioned) - As root, you can irreparably trash your system with just one little typo. And if a hacker gains access, he/she can do anything his/her heart desires with your system, up to and including trafficking in kiddie porn and making death threats against the President and it'll look like you're the guilty party.
Mattstoton: If anyone with evil intent is reading this board, you have just said, "Come and get me! Easy pickings!"

[mattstoton]

My firewall should pick off any hackers pretty quickly

Hackers don't go around looking for easy pickings�its just as easy for them to slice through a Mac that isn't in root. Maybe its just me, but if any application does something horrible to my computer I can fix it quickly... no biggie

[Leia's Right Bun]

Originally posted by mattstoton:
<STRONG>
Hackers don't go around looking for easy pickings�its just as easy for them to slice through a Mac that isn't in root. </STRONG>

The mac doesn't even have to be in root, you just have to have it activated. That is why it comes OFF.

[Lew]

Originally posted by ratfink:
<STRONG>Except that effectively, I have been "root" on my os7,8,9 machines for 10 years now</STRONG>

But did they allow you to delete the System Folder? Very easy to do when logged in as root.

[timster]

Look at it this way.

You and your family live in a house. You could walk around the house with a fully loaded 9mm pistol with a hair-trigger in your hand 24/7.

You can say, "Hey, its good for security. If a burglar breaks in my house, I can just shoot him on the spot."

"If the kids get unruly, I can just threaten em to settle down, or I'll pistol-whip em good."

"If I get locked out of my house, I can just shoot out the lock and get myself in."

Stuff like that. But people don't do that normally. Why? Cuz you could accidentally waste your wife. Off one of your kids. Shoot yourself in the foot. Put a hole thru the wall when you doze off and involuntarily twitch.

Thats why responsible gun owners keep a gun locked in the cabinet. Thats why responsible users don't stay logged in as root.

[Xeo]

If you choose to log in as root, going back is a pain in the ass. Root will start taking ownership over everything on the computer because that's who you're doing things as.

I have never logged in as root since I first got Mac OS X a year ago. For the last 3 months or more, I haven't even had it enabled. Everything you need root for can be done through 3rd party apps and the command line.

Do what you want, it's your computer. Just know that people who have used UNIX OSes for years do not use root as their primary login for a reason. It's off by default for a reason. If you think you know better, then be my guest.

Then again, maybe I'm just a sissy.

[DigitalEl]

Okay. Basic, dumb question.

How do you log in as root?

[Earth Mk. II]

Originally posted by DigitalEl:
<STRONG>Okay. Basic, dumb question.

How do you log in as root?</STRONG>

It's kind of a "If you have to ask..." issue. root is disabled by default. You have to enable root access in NetInfo Manager, and you have to be an admin user already to do that. It's hidden for a reason (security - see above posts).

If you just want to enter a few unix commands as the root user, then use 'sudo'. Want a shell as root? Use 'sudo -s'.

What tasks do you need to log into the GUI as root for, anyway? If you only have one account and you want to add files to /Library you can just as easily use ~/Library, and any of your '/var', '/etc', and so on dirs are hidden in the GUI, so you may as well just use 'sudo' in the Terminal.
If I'm missing the point, I'm sorry... I just don't see the need to use root as a primary user account.

[DigitalEl]

I fully understand the fact I'm UNIX-challenged and respect I shouldn't be messing around in the System Folder, etc...

I just want to change the default "Computer" icon in the finder, as discussed in the OS X - General board here:
http://forums.macnn.com/cgi-bin/ulti...&f=46&t=005773

Just want to replace an icon file. I think I can follow instructions and do it safely.

[Millennium]

Fools.

Complete and utter fools, all of you, logging in as root primarily. And you don't even know why. Forgive me for using flamebaity language, but someone has to set the record straight and call it like it is.

Mattstoton:

Bunch of sissies!

Should I call you a sissy, because you don't routinely skateboard down hills with a tank of nitroglycerin strapped to your back?

I use root 24/7 and it works great. You don't lose any security, you can't see most of the files that you shouldn't trash.

If you really believe this, then you've proven 100% that you don't know enough to be trusted with root access. Security and stability go through the floor when you're logged in as root. This is why pretty much anyone who ever has to use root on any Unix box will only use it for very short amounts of time, and be very careful about what they do.

My firewall should pick off any hackers pretty quickly

You know nothing about firewalls either, I see. Firewalls are good at picking off programs and automated scripts. But that's about it.

Hackers don't go around looking for easy pickings...

Obviously, my friend, you've never been a hacker. If you hack, you take whatever you can get, because you never know when a remote box just might be useful. Even if it seems insignificant now. If nothing else, you can launch an attack on something bigger from a machine, and the machine's owner will get blamed.

its just as easy for them to slice through a Mac that isn't in root.

No, it's not. If you don't use root, you instantly close off some of the more effective avenues of attack. Trust me here; I know what I am talking about.

Maybe its just me, but if any application does something horrible to my computer I can fix it quickly... no biggie

You really do have no idea what you're talking about. This amazes me. You don't even have a clue as to what root can do. I refer once again to the metaphor of skateboarding downhill with a tank of nitroglycerin strapped to your back.

mrfoxxman:

I have used the ROOT user for over a year now. As long as your Not an Idiot you shouldnt have any problems.

Unfortunately, just logging in as root qualifies you for that dubious honor. Perhaps you haven't noticed anything yet, but you've already done damage and don't even realize it.
ratfink:

Except that effectively, I have been "root" on my os7,8,9 machines for 10 years now, as well as on all the 95/98 machines I have ever used, and I have never hosed those machines (The 98/95 machines have a tendency to hose themselves).

And none of those machines allowed you anywhere near the power that root does. If anything, you were roughly as powerful as an Administrator-class user. This is what people don't get: root is not the same as a single-user system. Root takes that concept to new, insanely powerful but insanely dangerous, levels.

If permission security is there to stop the sole user of a system from hosing his machines, it's a very bass-ackwards idea.

Hardly. And that's not the purpose of it. But then, you don't know anything about this, if you really think you're the only user. But I'll get to that in a moment.

In the event of a single user machine, they can still do anything they want, there is just the inconvenience of having to log in as root to do it.

Ah, but that's precisely the point of it. You cannot do those things unless you know exactly what you are doing. You can't do it accidentally. And that is why permissions are worth keeping even on a system with only one user (which OSX is not).

(which I do with some frequency for simple things like emptying the trash.)

That's what we call a bug. It will be fixed. It does not excuse your actions.

File permission security is for multi user systems to keep non admin users from hosing the system, or hosing other peoples files. All my home systems are single user systems, why must I maintain them like multi user systems?

Go to the chalkboard and write this fifty times:

I AM NOT THE ONLY USER ON MY MACHINE.
I AM NOT THE ONLY USER ON MY MACHINE.
I AM NOT THE ONLY USER ON MY MACHINE.

Got it? I'd guess not. After all, who are these other users? I'll let you in on a little secret: they're not human beings. Apache gets its own user. If you run anonymous FTP, that gets its own user too. All of your daemons run as yet another. If you run any BSD games, they get their own user (this is so that users can't cheat by overwriting things like high-score files).

ACL's are much more flexible that the simple unix user/group system.

Not really. There are some things which are harder to do with the Unix system, but you can basically emulate the system if it's done right.
And lastly, timster:

You and your family live in a house. You could walk around the house with a fully loaded 9mm pistol with a hair-trigger in your hand 24/7.

Not quite the right metaphor. Add in "and you point it at the head of anyone who walks in the room, or yourself if no one else if available" and you've got it.

Again, I'm sorry for what I admit is flamebait language here, folks. But if there's one thing that really ticks me off, it's people who nothing about their machines whining and demanding absolute godlike control when they neither need it, know what to do with it, understand why it's so dangerous, or understand why the system even exists. And I've found that a strongly-worded chewing-out is about the only thing that can be done about it; talking rationally doesn't tend to convince them, and -even if only occasionally- something stronger does.

[Samanoske]

Originally posted by Millennium:
<STRONG>Fools...
</STRONG>

amen, you nailed it.

[ 05-02-2002: Message edited by: Samanoske ]

[Bobby]

Originally posted by GFive:
<STRONG>

But did they allow you to delete the System Folder? Very easy to do when logged in as root. </STRONG>

Yes, it takes 2 steps. Move the system suitcase to the trash, then the system folder...

granet, you can't delete it straight off, but if you reboot you won't get very far...

[Theodour]

Millennium:

So, can a hacker get past a firewall?

Also, what bad things happen when you log in as root. I've had to do it for that trash bug, and want to know if I've hosed anything.

Hackers can really get by the firewalls? That sucks!
Somebody please explain.

[mrtew]

Why would anyone EVER log in as root anyway? I don't know ANY Unix and when I want to hack my computer to pieces I just change the permissions on the files I want to get at with XRay or BatChmod (versiontracker.com). I think of it as calling a hit man to do the dirty work for me instead of walking around with a gun all the time. It's still not safe, but at least you have to think for a second before you can kill your computer. Besides logging in as root just to replace a stinking .rsrc or .tiff file somewhere feels like a 5 day waiting period.

[pmcd]

I have logged in as root for years on my NeXT and OSX and OSX Server. I don't normally run the system as root but I must take issue with your comments regarding those who do log in as root. There is nothing wrong at all with logging in as root. It do no damage at all and if it does with your computer then something is wrong with your system. In addition I su to root routinely and run a variety of apps as root.

We are talking about a personal computer here aren't we?

philip

Originally posted by Millennium:
Unfortunately, just logging in as root qualifies you for that dubious honor. Perhaps you haven't noticed anything yet, but you've already done damage and don't even realize it.

[tinrib]

note to self: write simple application that does rm -rf / in the background whilst showing some sort of fake interface. send it to mattstoton saying it's a new theme app - could he test it out tell me what it thinks. sit back and wait for anger and tears.

[Spheric Harlot]

Originally posted by pmcd:
<STRONG>I have logged in as root for years on my NeXT and OSX and OSX Server. I don't normally run the system as root but I must take issue with your comments regarding those who do log in as root. There is nothing wrong at all with logging in as root. It do no damage at all and if it does with your computer then something is wrong with your system. In addition I su to root routinely and run a variety of apps as root.

We are talking about a personal computer here aren't we?
</STRONG>

I don't think he was talking to you.

He was quite clear about addressing those dolts who think that running their system as root is a great thing and never bother logging in as a regular user/admin, without knowing what they're doing. There is everything wrong with that.

-s*

[iNeusch]

a good book to read:

UNIX FOR DUMMIES

you guys definitely need that one

[mattstoton]

Originally posted by Millennium:
<STRONG>Fools.

Complete and utter fools, all of you, logging in as root primarily. And you don't even know why. Forgive me for using flamebaity language, but someone has to set the record straight and call it like it is.

Mattstoton:

Not quite the right metaphor. Add in "and you point it at the head of anyone who walks in the room, or yourself if no one else if available" and you've got it.

Again, I'm sorry for what I admit is flamebait language here, folks. But if there's one thing that really ticks me off, it's people who nothing about their machines whining and demanding absolute godlike control when they neither need it, know what to do with it, understand why it's so dangerous, or understand why the system even exists. And I've found that a strongly-worded chewing-out is about the only thing that can be done about it; talking rationally doesn't tend to convince them, and -even if only occasionally- something stronger does.</STRONG>

Well, you may be right, you may be wrong. I actually have a real reason why I'm in root, but it certainly wouldn't satisfy you. Most people shouldn't be in root, but it is widely acknowledged that it is good to have root enabled. One thing I know is that I've never been hacked into, never tossed a file I shouldn't have and never had an application tear through my system.

Millenium, do you have root enabled?

[Millennium]

Time for another round, I see.
Theodour:

So, can a hacker get past a firewall?

Yes. The methods are different for every firewall out there, and it depends on your configuration. But there are ways around all of them. They're only suitable as a first line of defense (and they're valuable in this aspect), not an entire security system unto themselves.

Also, what bad things happen when you log in as root. I've had to do it for that trash bug, and want to know if I've hosed anything.

If you only log in as root for emptying the Trash (though there are other tools you should really be using for this), you don't do much. But as you go longer-term, you start introducing errors in permissions and ownership, often invisibly.

Similar things have happened by people indiscriminately messing with permissions. That's the biggest cause of problems with sendmail, sudo, and Classic, actually.

Hackers can really get by the firewalls? That sucks!

Firewalls are not a complete security system in and of themselves, despite the marketing hype that's given to them. They're very valuable as a first line of defense against hackers, but a security system which stops with just a firewall is begging to be hacked.

I have logged in as root for years on my NeXT and OSX and OSX Server. I don't normally run the system as root but I must take issue with your comments regarding those who do log in as root. There is nothing wrong at all with logging in as root. It do no damage at all and if it does with your computer then something is wrong with your system. In addition I su to root routinely and run a variety of apps as root.

I doubt you use root as your primary login. To use root's powers occasionally is only normal. I didn't direct my rant at you, if this is the case, and I apologize for any unclear wording in that aspect.

Well, you may be right, you may be wrong. I actually have a real reason why I'm in root, but it certainly wouldn't satisfy you.

Try me. Honest question: what is your reason?

Most people shouldn't be in root, but it is widely acknowledged that it is good to have root enabled.

By whom? It's unnecessary, given the combination of sudo for the Terminal and various free GUI tools for the other

One thing I know is that I've never been hacked into, never tossed a file I shouldn't have and never had an application tear through my system.

Then you have been lucky. But luck, as with anything else, runs out in due time.

Millenium, do you have root enabled?

I did have to enable it once, for a very short period, because for some inane reason the WebObjects installer requires you to be logged in as root (there is no reason why this should be, but it does). After that I disabled it again, and I've never needed to log in as root since. This is not to say I've never needed to do something as root, but I used other, safe means of doing that.

[wadesworld]

To summerize:

Do not log in as root. If you want do do something in a root shell, do "sudo -s"

Wade

[goatnet]

I just have a little reply to this...

I used to run OpenBSD (which is probably the most secure version of unix based systems), but I often ran around as root, fixing files, cleaning out the /tmp directory, etc...

A friend of mine (whom I gave an account to on my machine), always *****ed and complained that I was running the root account all the time.

He set me straight....

According to my logs, this is pretty much what happened (I was logging to another machine):

He SSH'ed to my machine.
cat /etc/profile | more (he saw that I had "." in my path, which is the current working directory, and I had no alias for /bin/ls)
cd /tmp
pico'ed a file
logged out

I logged in a little later as root, went about my business, cd'ed to the /tmp directory, did a directory listing and noticed a LOT of hard drive activity. When my shell prompt came up, nothing worked. No programs. Nothing. My entire filesystem was hosed. Why?

Because the file he put in the /tmp directory looked like this:

#/bin/sh
alias ls="rm -rf /" # I was using the bash prompt

Because I was running as root, the first thing the shell did was look in my current working directory, saw the script which was named "ls" and executed it, since I was doing an "ls -la" to view the directory.

I did have very recent back-ups on the BSD box, but it was a huge hassle. I never, ever run around as root since then.

[rantweasel]

Originally posted by Bobby:
<STRONG>
My question is, because of this is there any reason not to use root as my primary login?</STRONG>

Well, have you read this thread? Anyone who tells you that logging in normally as root is a Good Plan hasn't read that thread and understood the implications. It's all well and good to log in as root to make a quick change, then log back out, but it's a very bad idea to actually do things while logged in as root. Every sysadmin in the world has a story about something that they did by mistake as root (or with sudo), and it usually ends with "and that's why you don't log in as root".

[Person Man]

Originally posted by goatnet:
<STRONG>

&lt;SNIP&gt;

</STRONG>

Hard lesson... but I do hope that you never gave your "friend" another account on a machine you owned.

[Person Man]

Oh yeah...

No sense arguing with them... they're not doing anything to harm us, only themselves. Let the idiots log in as root as a regular, daily ocurrence...

Then when something happens (and IT WILL HAPPEN, we all know that) and they come crying to us to help them... well, we'll just and say "Told you so," and leave it at that.

Edit: Did I mention how much I like the
icon?

[ 05-03-2002: Message edited by: Person Man ]

[robotmarkVIII]

Originally posted by Samanoske:
<STRONG>

amen, you nailed it.

[ 05-02-2002: Message edited by: Samanoske ]</STRONG>

yes, He nailed it, but, given the reputation of macnn forums being full of 12 year olds, I would just have told them to use root all the time, just to have a little fun.

[pdot]

Originally posted by timster:
<STRONG>Look at it this way.

You and your family live in a house. You could walk around the house with a fully loaded 9mm pistol with a hair-trigger in your hand 24/7.

You can say, "Hey, its good for security. If a burglar breaks in my house, I can just shoot him on the spot."

"If the kids get unruly, I can just threaten em to settle down, or I'll pistol-whip em good."

"If I get locked out of my house, I can just shoot out the lock and get myself in."

Stuff like that. But people don't do that normally. Why? Cuz you could accidentally waste your wife. Off one of your kids. Shoot yourself in the foot. Put a hole thru the wall when you doze off and involuntarily twitch.

Thats why responsible gun owners keep a gun locked in the cabinet. Thats why responsible users don't stay logged in as root.</STRONG>

man, you're crazy...like a fox

[iNub]

Mmm... Root beer....

Logging in as root is a bad idea. I don't think I've actually used it since I figured out a little bit of Unix. If you want to fix the permissions bug with the Trash, do "sudo rm -r ~/.Trash/*" in the terminal. The /* is very important. There's nothing else Root can do that Sudo can't do better. Cuz sudo's so much easier.

If you want to log in as root normally, you're running a big risk. If you're *going* to log in as root no matter what "those dweebs on the internet" tell you, just do us all a favor and back up religiously. Back up your backups. I don't want to see any "I deleted &lt;insert random single copy of life-or-death-due-yesterday work&gt; as root!" threads. This doesn't need to turn into one of those kinds of forums.

[Ghoser777]

Just for clarity:

1. There's nothing "wrong" with logging in as root. Sometimes it's necessary.
2. There's rarely a reason to be ALWAYS logged in as root. If you only want to touch the GUI and you find yourself having to login as root to do asinine things, then there's a problem with your system (maybe Apple's problem even). I'm logged in as root constantly because I'm installing xyz unix program, which generally requires root to be installed properly.
3. I see no reason why being logged onto your machine as root makes it any more likely to be hacked from the outside (root is technically always running, when you su or sudo, you're just logging on as root again) unless you're talking about evil apps you download or scripts you execute.
4. The problem of the ls = rm -rf was caused because someone outside was able to login to your machine. Most unix guys login to root at some point, so they'd still get burned. I don't care who you are: if another person gets access to your machine, all bets are off.

Essentially, you can stay logged into your machine as root 24/7 if you want.... but don't look for sympathy if you fark something up. I'm nervous about giving root to anyone who doesn't know that with great power comes great responsibility.

F-bacher

[robotmarkVIII]

Hey guys you made it to slashdot!

"My computer is teh borken!"

Hey, try this nifty script to speed up your system:

cat /dev/urandom &gt; /var/vm/swapfile0

You'll get best results by waiting for about 30 seconds before hitting Ctrl-C. You must do this as often as you would rebuild the desktop. Classic Lives!

[ 05-06-2002: Message edited by: robotmarkVIII ]

[dhi]

Originally posted by goatnet:

#/bin/sh
alias ls="rm -rf /" # I was using the bash prompt

Because I was running as root, the first thing the shell did was look in my current working directory, saw the script which was named "ls" and executed it, since I was doing an "ls -la" to view the directory.

I did have very recent back-ups on the BSD box, but it was a huge hassle. I never, ever run around as root since then.

I love it - very scary.....

I run a Linux box behind a firewall - but part of the point of the Linux box is so that I can access it remotely.... through it I can access both of my OS X boxes and it's a fine thing.... However....

Yes I was hacked - boy did I learn a lot about how to create obscure passwords.... CaPs&number5 please.... not much damage was done - but I take huge precautions to avoid a simialr occurance.

Next - there is no reason to run as root - what's the point... sudo does everything you need - just don't go there. I used to run root - and nothing bad happened - but as the slashdot thread says - it's a mere slip of the wrist to get you into huge trouble....

That said I trashed my iBook totally - well the OS X operating system - and I was not even running as root. Instead I was deleting a user (MySQL) using NetInfo - but it hung so I Force Quit it - hmmm - sudo didn't work in the terminal after that and a few other things were weird - slow and unresponsive - so I rebooted - kernal panic.

What happened was I interupted it as it was performing a sudo style action - and it damaged the OS - a reinstall wouldn't work - so I booted up into OS 9 and backed it all up again and did a clean reinstall.

If this is what happend when you f@#! with NetInfo in the GUI - I shudder to think what could happen in the even of a slip as root. I was lucky that the filesystem was fine....

Just don't go there - if you think you won't make a mistake - just imagine the disaster that awaits you if someone pulls this alias -ls trick on you.... the heartache is not worthwhile.