OK, I don't kno if this is a really stupid question or not, but I was wondering if there are any differences between logging in as "root" or under my personal username? If I set my username as administrator, do I have the same amount of control over my computer as I do if I log in as "root"?

I am the only person using my computer, so I am not worried about security and the like...

Any help would be appreciated :-)

[Scott_H]

There's a "root vs admin" thread around here somewhere?

For the most part you should just log in as you. Root can do anything including mess up the whole system with a misstyped unix command. Trust me, I've done it


When you first get a new system I'd expect a lot of loggin in as root when you are setting stuff up. After a while you'll log in as root less and less.

In a nut shell, stay out of root unless yor're going root stuff.

[mac freak]

I disagree -- I have my system set to autologin as root, because of what you said: My powers are not limited. I personally don't use the Terminal for anything, really, and logging in as root allows unlocks the prefs and lets me put folders and files in the first directory of my hard drive (just a "macish" thing).

If there is some obvious non-command-line reason as to why I shouldn't log in as root, I'd like to hear it

------------------
Be Happy.

Originally posted by mac freak:
I disagree -- I have my system set to autologin as root, because of what you said: My powers are not limited. I personally don't use the Terminal for anything, really, and logging in as root allows unlocks the prefs and lets me put folders and files in the first directory of my hard drive (just a "macish" thing).

If there is some obvious non-command-line reason as to why I shouldn't log in as root, I'd like to hear it

Well, as has been said, root has amazing powers. So for instance, you can see everything on your drive, as well as mess it up, and you won't be questioned. So if you're logged in as root, and some program you run tries to do something bad, you won't be questioned. I understand that there are also disk protection reasons not to run as root all the time. Also, if you want another reason, root owns virtually all the programs run by the system to provide the environment. So root can take down the system in an amazingly bad way. And since Unix, while powerful, is fragile with respect to the filesystem layout, this could be bad.

In general, you want to run as a user.

Ricky

[kennedy]

As a long-time Unix user, I will testify to the wisdom of staying out of 'root' except when needed. Unix tries to protect normal users from goofs; but it assumes 'root' is a god and will simply obey -- no matter how obviously catastrophic it might be.

Permission settings are your friend! It allows you to cruise along happily with some assurance you can't accidentally do something really stupid... except when you 'su root', at which point you should become hyper-paranoid and double and triple check every command you type and exactly what directory you are in and so on. I personally don't like to be paranoid all the time... I like it when the system pops up and says "you must be root to do that" and demands I enter the root password... gives me a chance to re-think what I'm doing.

And yes, when not in command line the opportunity for direct goofs is reduced, BUT keep in mind that your 'root' priviledge is often passed to every program you execute... did everyone of those programmers consider "what if the user is running this as root?" Probably not... which means they might not do some checks that they assume permission checks would catch.

In the last 10 years, I may have only been saved by permissions a dozen or two times... but those are worth it! And then there's also some important education you gain as you learn what things require you to be root... there's a good reason usually... though its not always obvious at first.

Use the power of Unix to your advantage... don't fight it! Its cryptic commands may be geeky... but the design of the functionality underneath is simply brilliant. Also, keep in mind those Unix geeks don't like anything that gets in their way... but none of them run around all day as 'root'... rather they designed the OS such that it works great without being 'root' for almost everything. Follow their lead on this one.

[Spheric Harlot]

Isn't there also an issue with Virii and Trojan horses, etc.?

On Unix, harmful programs can only do "real" damage when they run in root. If you're not logged in as root, they will need to attain root status somehow in order to mess up your system. Any attempt to switch to root can be monitored and harmful action easily caught.

At least, that's the way I understand it...?

-chris.

[Millennium]

Agreed. I've used Linux and other Unices for some time, and I can tell you this much: never log in as root. Your powers are hardly limited as a normal user (since, if you have the password, you can su to root whenever you want). But when you su to root, the computer basically considers you to be God, and won't even warn you when you do something stupid.

And yes, the virus/Trojan thing is valid. If you catch one as the user, The Bad Guy can still only affect you, because you can't affect anyone else. But if you catch it as root, you're screwed beyond screwed, because you can affect everything. This is particularly crucial right now, since there is no anti-virus software for OSX yet. Ever tried ripping virii out of an infected OS9 system you haven't backed up using nothing but ResEdit? I have. It's not fun. And it doesn't get any easier in OSX, since there are currently no resource editors for it either.

And yes, putting apps on the root of your drive is "Mac-ish." It's also a very bad idea in OSX and even OS9; organization is a Good Thing. It pays to develop good organizational habits; OSX may enforce that but you really should start doing it in OS9 too.

The system will let you su to another user in the GUI almost every time you would need to (not always, yet, but I attribute that to its bet status). There's a good reason for that; you do not need root access under normal conditions, and in fact it's very dangerous to have it. That's why the OSX instruction manual doesn't even mention root; most users will never need to touch that account (assuming Apple fixes some of their GUI problems) and it's frankly too dangerous for a newbie to be even touching.

[SezMe]

While root may be dangerous, it does allow total control, and Mac users are used to near total control. For example, it's easy enough to disable a classic Mac system by dragging the Finder to the Extensions folder. Most of us like it this way.

Ok, perhaps staying out of root is useful for things like that, but I find it extremely annoying having to enter a password for simple things like changing the startup disk or other common system preferences. I hope Apple comes up with a more flexible Multiple Users app that lets regular user with admin access change non-destructive things without constantly re-entering passwords. A "this could be dangerous" dialog box would be far preferable in my opinion.

[leperkuhn]

The people that are logging in as root are the ones that throw away extentions & control panels without even thinking about it. I dont like not being able to put folders/items at the first level of my HD. thanks for whoever pointed out "su", its very cool.

[Millennium]

Oh, great, more of these...


Get used to not putting apps at the root level of your hard drive. It's bad practice. Not only can you do damage by using root for unnecessary tasks like this, but you are doing damage by putting unnecessary things there, as you will find out when you first try to insert or mount a disk that has the same name as any of those folders. Granted, this is because of a rather stupid move by Apple (namely, mounting drives at the root level instead of in their own /Drives directory, where they cannot conflict with directories), but it's bad for other reasons which I'll get to momentarily.


One, it's simply bad organizational habits. Organize your Home directory as you would have organized the root level. That's what the Home directory is there for. It needs to be integrated better into the OS (namely, so it actually appears to be the root level) so people won't try to do what you are doing, but this is something I'm sure will be fixed.


Two, it's dreadfully insecure. Nuff said on this one. Apple isn't all the way there with security yet, so until they get their act together you still have to be security-conscious.


There are other reasons, but those are the two biggest. The fact is, there are two ways of doing things here that are conflicting: the Unix way and the Mac way. They evolved on separate philosophies. Sometimes the Unix way is wrong (esoteric commands with completely nonsensical names), but sometimes the Mac way is wrong. In this case, the Mac way was wrong, and Apple has taken steps to correct that. The problem is, a lot of users have developed bad habits which now have to be unlearned. I had to do this too, when I was first learning Linux, and later Unix, and wanted to stick apps any old place I wanted. But eventually I learned why this is a bad idea, and carried those skills over to my Mac (though I gave my directories much better names than you'd find on most Unix systems, something I'm glad to see Apple do also). And you know what? The organization was better overall than the chaotic system I'd had before.

[EDIT: just a little markup trouble I had to correct...]

[This message has been edited by Millennium (edited 10-03-2000).]

[Spheric Harlot]

Originally posted by leperkuhn:
The people that are logging in as root are the ones that throw away extentions & control panels without even thinking about it. I dont like not being able to put folders/items at the first level of my HD. thanks for whoever pointed out "su", its very cool.

Yeah, and I really appreciate that any cracker can place funky scripts all over my system with root privileges, without me noticing...that's what I call an *open* system.

This isn't good old Kansas anymore. You're asking for trouble.

-chris.