Welcome to the MacNN Forums.

maceye · Jul 11, 2002, 11:52 PM

Is there any reason to not use the root user as your main login in OS X? I heard somewhere that this is a bad thing to do�but the person didn't say why. It seems to me that the root user is an excellent login choice for people (like me) who like to play with OS X's critical files without getting stupid "you don't know what you are doing, go away" messages.

I have noticed, though, that Sherlock doesn't work for the root user�it won't search the root user's home folder. I tried editing the file that tells Sherlock to ignore certain directories (forget what it is called), but that didn't work.

Does anyone know of any other drawbacks? Thanks.

juanvaldes · Jul 12, 2002, 12:15 AM

if your account gets compromised. They have total control over your box. It is a VERY VERY bad thing. If you want to play with those files I assume you are not afraid of the terminal so you can just su anyway.

I'll say it again, it's a very bad idea you gain (IMO) very little out of it that could not be easily accomplished by a su anyway.

and again, bad idea.

Thats all I gotta say about that.

maceye · Jul 12, 2002, 12:37 AM

Well, if a hacker gained access to an admin account they could do almost as much damage�maybe the OS would still work, but they could deystroy applications, files, etc. And as far as the terminal, I am a horrible (slow and often inaccurate) typist, so I prefer to use the Finder to navigate...

Is anyone else doing what I am doing?

benh57 · Jul 12, 2002, 12:43 AM

<blockquote>quote:<hr />Originally posted by maceye:
Well, if a hacker gained access to an admin account they could do almost as much damage�maybe the OS would still work, but they could deystroy applications, files, etc. And as far as the terminal, I am a horrible (slow and often inaccurate) typist, so I prefer to use the Finder to navigate...

Is anyone else doing what I am doing?<hr /></blockquote>Read the archives. You don't want to use root user, this has been discussed many times.

Alex00087 · Jul 12, 2002, 01:30 AM

The root user is disabled by default right? <img border="0" alt="[Hmmm]" title="" src="graemlins/hmmm.gif" /> Just wanted to make sure...

maceye · Jul 12, 2002, 01:53 AM

Alex00087: Yes, but it is easy to enable.

I read a MacNN forum on this root user thing ( <a href="http://forums.macnn.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=46;t=006763#000027" target="_blank">http://forums.macnn.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=46;t=006763#000027</a> ) and from this I can make three assumptions:

1) Microbugs (like the Sherlock thing listed above) can creep up on the root user
2) A poorly written program could cause more problems for your Mac if it is run w/ root privilidges (but this doesn't seem to be a big issue�logged in as an admin a bad program could delete your files, and honestly files are what matters, not the OS or apps, both of which are easily recoverable)
3) Most arguments against using root are basically: "I don't use root becuase I can't handle the complexities of my computer/I can't figure out what not to screw with on my computer so you can't either becuase I am the smartest person in the world�in fact, I am a computer god!"

The first two points are good ones, but the third one is utter crap. I have searched other websites like /., and the 3rd point is repeated more than the first two. Is it so hard to give a simple answer to a simple question!??!? I plan to switch back to a normal user with my new computer (shipped today!) to regain Sherlock capabilites, but my point still stands: why is it so hard to get a simple answer?!

(Oops! I forgot the other clever and often used answer to my original question�"you don't want to do that, trust me")

The ideal solution would be for Apple to create a type of admin that has more control over the system files, but without the issues of the root user. I don't know if this is possible, but it would be nice. I guess I have no choice, but to become a better typist...

[ 07-12-2002, 01:59 AM: Message edited by: maceye ]

ink · Jul 12, 2002, 02:30 AM

If you want to play around as root, then just su in a terminal to the root user and have at it. It's not much of a hassle, and you still have separation between your userland processes and the super user privileges (eg, an out-of-control application can't eat up all the resources if it is not running as the root user). The virus issue, while perhaps important, is kind of a red herring because most OSX users run as 'admin' which gives them incredible filesystem permissions... Although, if you run as a normal user then you're pretty safe.

moki · Jul 12, 2002, 02:37 AM

<blockquote>quote:<hr />Originally posted by maceye:
Is there any reason to not use the root user as your main login in OS X? I heard somewhere that this is a bad thing to do�but the person didn't say why. It seems to me that the root user is an excellent login choice for people (like me) who like to play with OS X's critical files without getting stupid "you don't know what you are doing, go away" messages.
<hr /></blockquote>oiy. For the love of god... don't log in as root from the GUI. It isn't the same as "owning everything" under OS 9.

The difference is that as "root" under OS 9, you're prevented from doing really detrimental things via the Finder, such as dragging the System file to the trash. Mac OS X is also more "fragile" in many ways than OS 9 is, in terms of the file structure, premissions, etc.

As root under OS X, there is no "Are you sure" button. Let me relate a little story about a friend of mine named Ephrin.

Ephrin enabled the root account (something which isn't necessary) and then logged in as root from the GUI (dangerous) while he was drunk (downright apocalyptic), and proceeded to "fix" things.

He did a "Get Info" on his hard drive, changed the owner/group from root/wheel to ephrin/admin, then changed the permissions to be world read/write/executable, then checked the "Apply to all enclosing folders" checkbox.

What this did is it wiped out the carefully set permissions and file ownership in OS X -- causing many things to stop working. It was analogous to: chown -R ephrin / ; chgrp -R admin / ; chmod -R 777 /

He fixed it by reinstalling OS X -- an alternative would be to use this program:

<a href="http://docs.info.apple.com/article.html?artnum=106900" target="_blank">http://docs.info.apple.com/article.html?artnum=106900</a>

In short, learn from this, and don't do what Ephrin did. There's really no reason to log in as root under OS X -- you can easily waste something that will make your life miserable, and you're causing your box to be less secure than logging in as a normal user.

IUJHJSDHE · Jul 12, 2002, 02:43 AM

Along with all those reasons not to do it many programs ban use of it from root for that very reason

starman · Jul 12, 2002, 02:51 AM

Why do you want to do that? You gave NO compelling reason for it.

Do what you want, but as soon as you trash a file you need accidentally, we'll be here saying "we told you so".

Mike

[ 07-12-2002, 02:51 AM: Message edited by: starman ]

Cotton · Jul 12, 2002, 03:35 AM

i used root as my main user for DP4, i think, maybe DP3 - i had gotten tired of su'ing every time some stupid file or .app got it's permissions borked. it's not worth it though - for me it was just the pain of navigating to the root home dir, other than just /users/username

Spheric Harlot · Jul 12, 2002, 03:48 AM

Short version:

Nobody who understands its power regularly logs in as root.
If you do, you have no idea what you're doing, and should by definition not be mucking about as root.

Longer version:

Root is like crack (Score:1, Funny)
by Anonymous Coward on Monday May 06, @12:38AM (#3468107)
Don't smoke it. I did once and got hooked. I ran Mac OS Updates as root. ****, I even had sex with my girlfriend as root. Man, that caused some permissions problems. When I started the road to recovery (logging in as Zacks) my girlfriend was all like: "**** no! You can't get any cause you don't own me an I don't go groups. You don't have the power to read, write OR execute so get out of my FACE" So I was all HELL NO bitch. And she wuz like you do not have root (superuser) privlages so get out of my TruBlueEnvironment! So then I went chown and chmodded her ass to me.
Dat be-otch be up in my hizzouse. What what. Holla!

Go <a href="http://slashdot.org/article.pl?sid=02/05/06/0348213" target="_blank">here [slashdot.org]</a> for more discussion on this. It's a thread started by a desperate mod from MacNN after the fiftieth newbie had asked the same question on these boards.

-spheric*

[ 07-12-2002, 03:53 AM: Message edited by: Spheric Harlot ]

maceye · Jul 12, 2002, 01:25 PM

I used to feel the same way you guys did�that root in the GUI was not needed and unessicatily dangerous�until MS Office died one me. I tried logging in as another user to fix this (didn't work), so then I tried loggin in as root to see if Office would work. It did, and since I use Office a lot, I just stayed as root. I then found out something amazing�it is nice to have the ability to troubleshoot apps (like Office) without running into ugly permsission errors. The fact is that I was used to OS 9 and the permsission system in X could be kind of a pain at times. So root may be unessecary for most, but I don't feel that it is really as dangerous as some people say.

That said, I enjoy being able to search for files on my system w/o the Terminal, so I am going to part with root.

BTW moki, telling me that "my drunk friend Ephrin can't handle root, so you obviously can't either" is exactly the type of morinic argument that I mentioned in my last post. Your point about permissions is good, but telling me that I am as smart as a drunk is insulting and pointless...

[ 07-12-2002, 01:35 PM: Message edited by: maceye ]

cpt kangarooski · Jul 12, 2002, 02:04 PM

While I recognize the traditional reasons to not log in as root, I don't see that avoiding that is of much benefit to most users. What is important to me on my computer are: my documents, my application preferences, and copies of any applicatons that aren't on CD. (e.g. I download and keep installers for shareware and such to avoid the hassle of having to look for them later, dl them over a modem, etc.)
Whether I am root or a regular user, much, if not all, of that stuff is quite vulnerable to either mistakes that I make, or malicious software that runs from within whatever account I am using.
Frankly, the OS is about the least important thing on the system -- I _know_ I have that on CD. It's not a big pain to reinstall it as it would be to recreate all of my lost work.
If OS X were predominately used by multiple human users with their own accounts, e.g. as a shared machine, or as a server, perhaps this would not so clearly be the case. As it stands however, there's little additional danger to running as root that we don't already experience. A vastly updated security/multiuser model that could protect files from _within_ a single account would be quite a different story however; that I'd be interested in seeing.

Zadian · Jul 12, 2002, 02:10 PM

The problem with root is, that once you start using it as the main account there is no (easy) way back.
Every single file and app will be owned by root and changing that permissions back to "normal" is a very time consuming task.

The other problem with root is, that all apps run with root privileges and if something goes wrong it can affect the whole system.

If you have no problems with losing data or installing the OS once in a while there is no reason not to use root. <img border="0" title="" alt="[Wink]" src="wink.gif" />

Parvulesco · Jul 12, 2002, 02:51 PM

<blockquote>quote:<hr />Originally posted by maceye:
Is there any reason to not use the root user as your main login in OS X? I heard somewhere that this is a bad thing to do�but the person didn't say why. It seems to me that the root user is an excellent login choice for people (like me) who like to play with OS X's critical files without getting stupid "you don't know what you are doing, go away" messages.

I have noticed, though, that Sherlock doesn't work for the root user�it won't search the root user's home folder. I tried editing the file that tells Sherlock to ignore certain directories (forget what it is called), but that didn't work.

Does anyone know of any other drawbacks? Thanks.<hr /></blockquote>I don't mean to be harsh, but:

If you have to ask why you shouldn't login as root, "you don't know what you are doing, go away."

hyperizer · Jul 12, 2002, 03:19 PM

Here's what Apple has to say about the root account:

<blockquote>quote:<hr /> The root user should only be used for specific administration or monitoring tasks. After completing a task as the root user, you should log out of Mac OS X and log back in using a normal or Admin user account. You should disable root access if you do not use it often. <hr /></blockquote>The above quote was taken from this <a href="http://docs.info.apple.com/article.html?artnum=106290" target="_blank">Apple KB article</a>.

But I guess you're too smart and powerful to care about what Apple or other Unix experts advise...

rantweasel · Jul 12, 2002, 04:06 PM

<blockquote>quote:<hr />Originally posted by maceye:
I tried logging in as another user to fix this (didn't work), so then I tried loggin in as root to see if Office would work. It did, and since I use Office a lot, I just stayed as root. I then found out something amazing�it is nice to have the ability to troubleshoot apps (like Office) without running into ugly permsission errors.<hr /></blockquote>If you are getting permissions errors, running as root is not the solution. Understanding permissions is the solution. Once you understand permissions, you will understand the errors. Then you will see how to get around the permissions errors without running as root. Running as root exposes you to a lot of risk. If you screw up while running as a regular user, you can can always fall back to the root user to fix things. If you screw up as root, you may not have anything to fall back to. Not understanding permissions is not a good reason to run as root - that's like only driving fast because you don't understand how to use the brakes. When you consider that you have sudo and su available from your admin user account, there is no reason to login to the root account other than fixing the admin account(s).

mathias

cpt kangarooski · Jul 12, 2002, 04:15 PM

Okay, so you say that it's bad to run as root. You say that this is Unix
lore, passed down from Unix admin to Unix admin, while huddled around a
fire of burning printer paper, sharing cups of florinert.
Now justify it.
Let's assume a worst case scenario -- whatever the worst possible thing
that could happen to someone (in software) while logged in as root, and
while logged in as a user. Maybe it is a trojan, maybe it is a typo
involving the rm command, maybe it's something else.
Please tell me, in great detail, what terrible things will happen in both
instances, and what the differences between them are. I'm willing to bet
that, for the ordinary OS X user, who is the only human being using his
computer, it will be so nearly equally disasterous either way as not to
matter. (I'm thinking a bit of the ending of '1941' -- does anyone care
that they saved the front door of the house?)
In fact, the aforementioned problems getting Sherlock to run as root
strike me as a far better reason to not use root than any concerns about
system security in the vast majority of cases.
Nowadays, for the modern single user, 'don't run as root' is as useless,
outdated advice as any other laughable superstition. It accomplishes
virtually nothing, and imposes a lot of hardship in the process.
People who actually admin a system used by many people are a different
lot; what works for them can easily have no bearing on the rest of us, and
vice versa.
We're looking here at the sole user of a computer. What's wrong with root
then?

Toyin · Jul 12, 2002, 04:43 PM

This is what I wrote in the last thread about root

"I ran OS 10.0x as root and the system was unusable for any other user (other than root) within a few weeks. Any file that you manipulate or save as root can only be used by root. This includes preference files in System, Library, and in the root Home folder. Logging in as root is completely uneccessary. if you're having problems with permissions use batchmod to change those permissions. If you have permission problems create a fresh user, see what it's permissions are and fix your set-up based on those permissions.

Yes you could make your system unusable in OS9. However there were very few essential files that you could delete while running (ie System, Finder, Extensions, Control Panel). It's pretty obvious an easy to tell folks, Don't play with files in the System Folder unless you know what you're doing. In OSX on the root level alone you've got .Trashes, .vol, automount, bin, etc, mach, mach_kernel, mach sym, Network, private, sbin, tmp, usr, var, and Volumes just to name a few and then there's the actual System Folder. Personally I knew what 99% of my extensions and 100% of my control panels did in OS9. Very few people can say the same about OSX."

Some updates since then, you can now use the Apple permission correction tool to correct your permissions.

Rickster · Jul 12, 2002, 05:13 PM

We don't avoid running as root because we're all afraid we don't know what we're doing. We avoid it because we have little way of knowing what the software we run is going to be doing behind the scenes.

If I'm a normal or admin user, I can download any random stuff from the net and run it without fear of it doing nasty things to my machine. (As an admin user, the worst it can do is wipe /Applications, /Users/Shared/, some of the stuff in /Library and /Developer, and my home folder. Anything else requires extra privileges. Or it could run some evil spyware or DDoS processes, but they'd be limited to my login session.) If I run as root, it not only can delete anything it wants, it can install kernel extensions or frameworks or startup daemons that spy on me or use my computer to attack others. Or, on a less malicious line of thought, a buggy app could accidentally reset permissions or other attributes on some system file or directory that makes the computer not boot. (For example, imagine if you used some just-barely-ported-from-9 ResEdit-like app to look at a system file. Such bad ports have a tendency to mess up the Unix attributes of files in favor of writing HFS attributes.)

[ 07-12-2002, 05:23 PM: Message edited by: Rickster ]

ppmax · Jul 12, 2002, 05:27 PM

>>We're looking here at the sole user of a computer. What's wrong with root
then?

i think there are plenty of people on this forum that have offered opinion and experience on this topic. moreover, apple supplies guidelines (even quoted above) about why this should be avoided. look at it this way: its like playing with matches. if you are careless you will burn your house down.

either you believe the hype or you dont. the choice is yours--but you have to live with the consequences. if you are confident that you can manage/admin your box with root privs then do it. simply put the worst possible consequences are that you lose your data, things stop working, dont install correctly, and you must reinstall. most users try to avoid these things--but your time is your business. over time i will all but guarantee you that you will hose something. people make mistakes--thats a simple fact--and logging in as root carries alot of responsibility.

for those that complain that typing su occaisionally is too much to bother, create aliases for your terminal for all the commands you typically want to execute as root.

rantweasel · Jul 12, 2002, 06:31 PM

<blockquote>quote:<hr />Originally posted by cpt kangarooski:
Okay, so you say that it's bad to run as root. You say that this is Unix
lore, passed down from Unix admin to Unix admin, while huddled around a
fire of burning printer paper, sharing cups of florinert.
Now justify it.<hr /></blockquote>Alright, we'll do a few comparisons.

Case 1 - I download a trojan/virus/worm with a keylogger, trying to steal my credit card number and passwords:

As a non-admin user, absolutely nothing of the sort can happen. Sure, the software is extant on the Mac, but it cannot be installed without root privs. Phew, saved.

As an admin user, it is possible that I could be tricked. If the malware wants to make itself known and ask for me to authenticate and allow it to install, and I authenticate and let it run, then I'm screwed. Bob Q Hacker is going to max out my credit card buying cheezewhiz and bubblebath, and delete all my email for fun. However, if I don't authenticate it (who okays a software install that they aren't trying to run? You're just trying to check your email, right?), then nothing happens and I'm okay.

As root, I might as well just hand the credit card over to Bob Q Hacker along with a password list. The only way to recover my computer is to format the harddrive and re-install. Not re-install over top of what I have, FORMAT and re-install. Yowch. Lost data, maxed out credit card, delted email, wasted time.

Case 2 - I mis-type in the terminal or accidentally drag something extra (namely, the system folder) to the trash without noticing

As a non-admin user, I get a permission error immediately. Phew, the OS kept me from being a butthead.

As an admin user, I get a permission error also. Phew. But wait, I can try to use my admin privs to repeat what I was trying to do. Now I'm thinking to myself, gee, I'm using root privs, I better be careful not to do something stupid, so I double check that I'm only putting stuff I really want gone into the trash. Phew, I catch my error and don't delete the operating system.

As a root user, I just screwed myself completely, and I have no operating system anymore. Now I have to waste a lot of time re-installing. Oh, crap! Something goes wrong in the install! Now I have to re-format, too! Bummer. Lost data, wasted time, I look like a butthead again.

Case 3 - I'm running a buggy piece of server software, and unknown to me, someone comes up with an exploit for it. They stumble across my cable modem connection and break-in to my computer through the flawed software, and gain a shell as the user running the software

As a non-admin user, they manage to break-in to my account. Uh oh! Fortunately, they are a non-admin user, and they have limited control over the computer. If I notice immediately, I might be able to recover without having to re-format and re-install, although I'll definitely need to fix whatever went wrong. Even if I don't, they might not be able to turn that shell into a rootshell.

As an admin user, they manage to break into my account. Bad. If I notice immediately, I might be able to rip out the network cord before they change the password and start using su or sudo to create a root login for themselves.

As root, they break into the root account, and I have to re-format and re-install, absolutely. I better have backups.

The Point Of it All
The reason people say don't run as root is because a lot of things can go wrong. Some of these things you can control, other things you can't. Privilige separation is a time-honored solution to the problems of buggy software, fumble-fingered typos, attempts to circumvent security controls, etc. This is why apache runs as the 'www' user, and the 'nobody' user own so many files, and so forth. If you insist on setting all of this aside (developed over 30-some years and not without reason and planning), you should be aware of what you are doing, and you should consider the risks that you are being exposed to. There are a number of good reasons why every single multi-user OS you can find has some schema for access control and privilige limitation, and ignoring the lessons that have been taught (as migranes and ulcers) to others is just plain silly.

mrfoxxman · Jul 12, 2002, 07:34 PM

<blockquote>quote:<hr />Originally posted by Cotton:
i used root as my main user for DP4, i think, maybe DP3 - i had gotten tired of su'ing every time some stupid file or .app got it's permissions borked. it's not worth it though - for me it was just the pain of navigating to the root home dir, other than just /users/username<hr /></blockquote>I use the Root User all the time.. again I got sick and tired of "not having permission" from a file on MY computer. Lets face it..I can screw up my computer....thats life. The fix = Dont be a jack @$$ and nothing will get broke! And in response to the whole Home directory thing, you can change the location of Root's home directory with Net Info Manger real easy.....

Mactoid · Jul 12, 2002, 07:40 PM

<blockquote>quote:<hr />Originally posted by cpt kangarooski:
Okay, so you say that it's bad to run as root. You say that this is Unix
lore, passed down from Unix admin to Unix admin, while huddled around a
fire of burning printer paper, sharing cups of florinert.
Now justify it.
Let's assume a worst case scenario -- whatever the worst possible thing
that could happen to someone (in software) while logged in as root, and
while logged in as a user.<hr /></blockquote>For one thing, your computer could be infected with a worm sort of like the CodeRed IIS worms. Fscking up the whole internet for several weeks, that's pretty bad, right?

Also, you make it easier for black hats to gain root access to your machine. From there they can use your computer to do all sorts of illegal things which would then be traced back to you. Your computer would very likely be taken as evidence, and even if you are found innocent, there is a not nearly slim enough chance that you won't get your stuff back. At least without great difficulty.

I really don't understand why, despite the fact that 9 unix experts out of 10 say "DON'T RUN AS ROOT!", and they even live by that advice themselves, all these newbies come around and say "Bah! I know what I'm doing. Plss off!"

Seriously, suppose you go to three doctors, and they all say that you have a very rare disorder. Because of this disorder, they tell you that if you don't stop eating Cheez Whiz straight from the can, you will die in 3 weeks. Would you say to the doctors, "Bah! That's absurd. I've never heard of such a disorder. Plss off!"

Of course not, they have the experience. They know what they are talking about. If you disregard there informed advice just because you don't understand it, then you are a fool and will live to regret it (though not for long).

The same goes for the unix guru's amongst us. I would not flippantly ignore the conclusions drawn from their collective experience. Neither should you.

moki · Jul 13, 2002, 02:10 PM

<blockquote>quote:<hr />Originally posted by maceye:
BTW moki, telling me that "my drunk friend Ephrin can't handle root, so you obviously can't either" is exactly the type of morinic argument that I mentioned in my last post. Your point about permissions is good, but telling me that I am as smart as a drunk is insulting and pointless...<hr /></blockquote>Fair enough. Since you're ignoring my "moronic argument" I will ignore you when you're posting here for help about having accidentally destroying your system by mucking with a file or two that you're not supposed to. Deal?

[ 07-13-2002, 02:11 PM: Message edited by: moki ]

moki · Jul 13, 2002, 02:19 PM

<blockquote>quote:<hr />Originally posted by cpt kangarooski:

Nowadays, for the modern single user, 'don't run as root' is as useless,
outdated advice as any other laughable superstition. It accomplishes
virtually nothing, and imposes a lot of hardship in the process.
<hr /></blockquote>Wow, I think that's the secod-worst piece of advice I've seen you post.

Here are two simple scenarios:

1) If the user is logged in as root, he can change the file permissions accidentally (as my friend ephrin did) in a way that will render the system broken; he'd have to reinstall it. If he tried the same actions as a non-root user, the important system files would have been left intact, and his system working completely.

2) Any applications he runs as root then have full access to the entire OS -- trojans could wipe out his entire hard drive; were he logged in as a user, only files he had permission to write would be affected. Similarly, a virus would have a much easier time infecting and spreading if it had automatic root access -- and it would be able to issue DOS commands like ping -f with impunity.

No, the root / user structure as it is now is a very important safety net. It shouldn't be ignored.

moki · Jul 13, 2002, 02:21 PM

<blockquote>quote:<hr />Originally posted by Rickster:
We don't avoid running as root because we're all afraid we don't know what we're doing. We avoid it because we have little way of knowing what the software we run is going to be doing behind the scenes.<hr /></blockquote>Indeed, you're very likely to find that the people who *do* know a good bit about computers will be the ones who don't log in as root on a regular basis. That should probably tell you something...

Gee-Man · Jul 13, 2002, 03:56 PM

I don't log in as root, and I am quite comfortable with Unix. It's not because I'm following some kind of Unix-god advice handed down to me, I just prefer the safety net of not having ANY of the important system files touched, no matter what happens to my computer or what software I install.

I can understand why, as a long-time Mac user, you'd want to "play around" with the system files as you did in OS 9 and prior - in those days, doing that would actually improve things over what Apple provided you with (deleting unnecessary files, extensions, etc.). And I did that for a little while when I first installed OS X, before I had important data on my new hard drive. I wanted to experiment with OS X with a clean slate and see how "Unix-like" it really was. But what I discovered, similar to my previous Unix experiences, is that there really isn't much in there to play with like there was in OS 9. The optimized and essential nature of the hidden and root-only files in OS X make it kind of pointless to muck around hoping for some benefit. All that stuff has evolved over many, many years - longer than the original MacOS, if you think about it. It's had time to mature. Only the GUI shell of OS X is really new, everything else isn't.

So I stopped using root login, and frankly, I haven't had a single occasion to use it since. Everything I need for MY computer can be accomplished with the admin account, including setting permissions correctly. I never get the feeling of "not having control" like so many on here like to call it - I have the Terminal and su for ultimate control, or GUI utilities like Batchmod for other circumstances. I guess I don't get angry at the computer if it presents an occasional "not enough permissions" dialog - I just go in and change them, period. The OS wasn't trying to insult me and call me an idiot, it was doing its job, which is what I WANT it to do.

My advice is to forget about root. However, if you absolutely feel you want to see it for your own and ignore the advice of others here, play around on a non-essential external hard drive or something for a while. I would imagine you'd come to the same conclusions I came to, that it really doesn't do much for you and has the potential for doing great damage to your system.

Person Man · Jul 13, 2002, 06:31 PM

You know what I say about all the people who want to run as root? Let them. The only people they are hurting are themselves.

Now, I offer a piece of advice to everyone who chooses to disregard the advice to never run as root on a regular basis: AMF YOYO. (Adios my friend, you're on your own).

Meaning, that you will not get help from ANYBODY when you screw up your system by running as root. The most you'll get from us is something akin to "Told you so" or "I hope you've learned your lesson."

cpt kangarooski · Jul 14, 2002, 07:03 PM

Andrew--
<blockquote>quote:<hr />Wow, I think that's the secod-worst piece of advice I've seen you post.<hr /></blockquote>I suppose that I have to ask then, what's the first-worst piece of advice? (incidentally, I wasn't offering advice -- I was questioning the old advice)

<blockquote>quote:<hr />Any applications he runs as root then have full access to the entire OS -- trojans could wipe out his entire hard drive; were he logged in as a user, only files he had permission to write would be affected.<hr /></blockquote>Which is a pointless objection. As I've previously pointed out, on a commonplace, single-user Mac, the user has write permission to the files he values the most; his documents. The OS is of comparatively little value. It at least, is 'backed up' on the original CD. Certainly if someone were pointing a gun at one of the two of them, I'd suggest that he shoot the OS without a moment's hesitation. Even preference files are more important than the OS.

If OS X machines, like Unix servers, typically had many users relying upon them, the situation would be different. That isn't typical for us though.

<blockquote>quote:<hr />Similarly, a virus would have a much easier time infecting and spreading if it had automatic root access -- and it would be able to issue DOS commands like ping -f with impunity.<hr /></blockquote>This is more interesting... but couldn't a trojan do pretty much the same thing from a user account?

moki · Jul 14, 2002, 07:13 PM

<blockquote>quote:<hr />Originally posted by cpt kangarooski:
This is more interesting... but couldn't a trojan do pretty much the same thing from a user account?<hr /></blockquote>No, it wouldn't have write permission to any of the system files, and thus couldn't infect anything system-wide.

Yes, the user's documents are more important to them than the OS -- however, if the user can hose the OS easily by deleting the wrong file, or changing the permission on an important system file, and thus make the system inoperable, they can't get at their files, can they?

Many new users will make mistakes and mess up their system in subtle ways if they are allowed to. Experienced users make mistakes, too, and appreciate the safety net that being logged in as a non-priviledged user affords.

Let's say someone manages to subtly break their computer like my friend Ephrin -- it sort of worked, but he couldn't mount disk images or his iDisk. Most people new to computers wouldn't know how to fix this problem, or even that re-installing the OS would indeed fix it.

Reinstalling the OS is also a major pain for many people -- even if you don't have to reformat your partition, you have to redownload all of the security updates -- basically, put aside an afternoon of doing nothing simply because you wanted to log in as root.

It is a very good thing that the root user is disabled by default, IMHO.

Mactoid · Jul 15, 2002, 12:27 AM

<blockquote>quote:<hr />Originally posted by cpt kangarooski:
Andrew-- <blockquote>quote:<hr />Similarly, a virus would have a much easier time infecting and spreading if it had automatic root access -- and it would be able to issue DOS commands like ping -f with impunity.<hr /></blockquote>This is more interesting... but couldn't a trojan do pretty much the same thing from a user account?<hr /></blockquote>Not exactly. A trojan could run just a regular ping if it is running as a regular user, but it can't do a ping flood, only root is allowed to use the -f flag (FYI, that is what the -f flag does. Ping flood releases a continuous flood of packets. Potentially a Bad Thing for obvious reasons).

Now, why do you think it is that only root can do a ping flood? Maybe, just maybe, the guys who designed it were counting on people not recklessly using root and thereby circumventing there security measures.

<img border="0" title="" alt="[Eek!]" src="eek.gif" /> , I think we're onto something...

IUJHJSDHE · Jul 15, 2002, 12:54 AM

<blockquote>quote:<hr />Originally posted by rantweasel:
Alright, we'll do a few comparisons.<hr /></blockquote>There are slight problems with your comparisons.

<blockquote>quote:<hr />Originally posted by rantweasel:
Case 1 - I download a trojan/virus/worm with a keylogger, trying to steal my credit card number and passwords:

As a non-admin user, absolutely nothing of the sort can happen. Sure, the software is extant on the Mac, but it cannot be installed without root privs. Phew, saved.

As an admin user, it is possible that I could be tricked. If the malware wants to make itself known and ask for me to authenticate and allow it to install, and I authenticate and let it run, then I'm screwed. Bob Q Hacker is going to max out my credit card buying cheezewhiz and bubblebath, and delete all my email for fun. However, if I don't authenticate it (who okays a software install that they aren't trying to run? You're just trying to check your email, right?), then nothing happens and I'm okay.

As root, I might as well just hand the credit card over to Bob Q Hacker along with a password list. The only way to recover my computer is to format the harddrive and re-install. Not re-install over top of what I have, FORMAT and re-install. Yowch. Lost data, maxed out credit card, delted email, wasted time.<hr /></blockquote>You're assuming the credit card info is on the computer, also your asuming that the hacker/virus erases stuff. Your also asuming that there is no way to get rid of it.

<blockquote>quote:<hr />Originally posted by rantweasel:
Case 2 - I mis-type in the terminal or accidentally drag something extra (namely, the system folder) to the trash without noticing

As a non-admin user, I get a permission error immediately. Phew, the OS kept me from being a butthead.

As an admin user, I get a permission error also. Phew. But wait, I can try to use my admin privs to repeat what I was trying to do. Now I'm thinking to myself, gee, I'm using root privs, I better be careful not to do something stupid, so I double check that I'm only putting stuff I really want gone into the trash. Phew, I catch my error and don't delete the operating system.

As a root user, I just screwed myself completely, and I have no operating system anymore. Now I have to waste a lot of time re-installing. Oh, crap! Something goes wrong in the install! Now I have to re-format, too! Bummer. Lost data, wasted time, I look like a butthead again.<hr /></blockquote>You're assuming that something goes wrong with the install to make it sound worse that it is.

<blockquote>quote:<hr />Originally posted by rantweasel:
Case 3 - I'm running a buggy piece of server software, and unknown to me, someone comes up with an exploit for it. They stumble across my cable modem connection and break-in to my computer through the flawed software, and gain a shell as the user running the software

As a non-admin user, they manage to break-in to my account. Uh oh! Fortunately, they are a non-admin user, and they have limited control over the computer. If I notice immediately, I might be able to recover without having to re-format and re-install, although I'll definitely need to fix whatever went wrong. Even if I don't, they might not be able to turn that shell into a rootshell.

As an admin user, they manage to break into my account. Bad. If I notice immediately, I might be able to rip out the network cord before they change the password and start using su or sudo to create a root login for themselves.

As root, they break into the root account, and I have to re-format and re-install, absolutely. I better have backups.<hr /></blockquote>This time you're assuming that the hacker damages stuff and destroys data! You're also assuming that you do notice as admin but don't as root, and I don't think they would have your password from the buggie software and I am pritty sure you need the user password in order to change it or use sudo

And even if I am wrong and they did get the admins password they still don't have the password needed for su.

Your making a lot of assumtions, however in the end I agree with you that using root as main user it a stupid dumb thing, but I think maceye had maid his choice to stay using root before he even started this thread

rantweasel · Jul 15, 2002, 05:48 PM

<blockquote>quote:<hr />Originally posted by IUJHJSDHE:
There are slight problems with your comparisons.<hr /></blockquote>Only where I wasn't clear. Not enough coffee strikes again... My bad.

<blockquote>quote:<hr />Originally posted by IUJHJSDHE:
You're assuming the credit card info is on the computer, also your asuming that the hacker/virus erases stuff. Your also asuming that there is no way to get rid of it.<hr /></blockquote>Sorry, my bad, I'm assuming that they install a keylogger and that they are patient. Also that you actually will use a credit card to buy something online. The keylogger will catch the credit card info as you type it in, having the info saved on the hard drive is just a bonus to make it easy for them.

<blockquote>quote:<hr />Originally posted by IUJHJSDHE:
You're assuming that something goes wrong with the install to make it sound worse that it is.<hr /></blockquote>I'm assuming that you try to do something boneheaded, like delete /System, as I said originally, or 'rm -rf' from a bad location (eg /System), as I said originally. Something going wrong with the re-install is clearly a worst case, but the point is that the worst case with a non-root or non-admin user is a lot better than the worst case with the root user. You wouldn't need to be re-installing at all if you weren't logged in as root when you did something boneheaded.

<blockquote>quote:<hr />Originally posted by IUJHJSDHE:
This time you're assuming that the hacker damages stuff and destroys data! You're also assuming that you do notice as admin but don't as root, and I don't think they would have your password from the buggie software and I am pretty sure you need the user password in order to change it or use sudo

And even if I am wrong and they did get the admins password they still don't have the password needed for su.<hr /></blockquote>I'm not assuming that the hacker damages anything, I'm assuming that you are operating under the assumption that the only way to be sure that there isn't a backdoor left behind from the comprimise is to re-format and re-install. You don't know what they installed, you don't know what they changed, you don't know what they broke. The only way to know for sure (unless you're being way more paranoid than people who log in as root tend to be. People who log in as root tend not to be paranoid, otherwise they wouldn't be logging in as root.) is to re-format and re-install. The difference between the root account and the admin account being comprimised is that with a root shell, they can start with their nefarious deeds immediately. With an admin shell, they have to comprimise the root account before they can get going. This takes some time, presumably waiting for a path-based script exploit (eg add . to the path statement, so that the first place the shell looks is the local directory, then leave scripts named ls everywhere that do whatever nefarious password snatching or whatnot, then execute ls. The legit user runs the script intending to run the real thing, and in the process executes the code.) or a password cracker or something. Once they have the password or the rootshell, you're in just as much trouble. However, with any luck it'll take a while for them to get from the admin shell to full root access. If it takes you an hour to notice that something is going on (which would be VERY VERY lucky), you still have a chance if they got into the admin account. If the hacker has been at a rootshell for the last hour, you're screwed. Also, if they get the admin account password, they only need to 'sudo -s' or 'sudo passwd root' to get the rootshell.

I maintain that my assumptions are fairly reasonable, although a bit heavy handed and biased towards the worst possible case. The whole point is pointing out worst-cases, because worst cases are why you don't log in as root. Yes, I pushed it a bit in the second one, but hopefully at least one person out there will consider the difference between the possibility of something going wrong on the re-install and not having to re-install at all, and decide not to log in as root.