0

I have heard the advice to not work as root user. One convention is to create a server@server user (instead of root@server) and do all the rest administrative tasks as that user.

What is the advantage of logging in as a non-root superuser, compared to root, from the security point of view?

Nickolai Leschov
  • 1,141
  • 5
  • 13
  • 26
  • There is no "non-root superuser" except as a misnomer on the internets, I believe. Maybe you should include a link to sources explaining this convention. – goldilocks Apr 06 '14 at 15:00
  • @TAFKA'goldilocks' is there any reason you can't change the name of the user who has the UID 0? I think you can have a non-root root quite simply by editing /etc/passwd. – terdon Apr 06 '14 at 16:02
  • You can create additional accounts with the UID 0. I believe we've discussed this somewhere before here. – slm Apr 06 '14 at 16:29
  • @terdon True. And if you change your name, you will no longer be terdon. However, this seems a frivolous point since the OP refers to a "non-root superuser, compared to root". If this "non-root superuser" is root with the name changed, obviously they are exactly the same. However, if you google "non-root superuser", you'll see the cruft I'm referring to, which IMO has confused the OP. But I've been wrong before, which is why I asked for a clarification. If this is a misnomer, we should not let it be propagated further here. It needs to be explained properly, or corrected as a mistake. – goldilocks Apr 06 '14 at 16:30
  • @TAFKA'goldilocks' indeed, my understanding was that the OP is referring to the idea of making the super user's user name not root to protect from brute force attacks on root's password. – terdon Apr 06 '14 at 16:31
  • @slm Unless there is a mechanism by which those "superusers" can have their privileges delimited in a way that "root" cannot, it's still a red herring issue. As in, irrelevant. There is no sensible question. – goldilocks Apr 06 '14 at 16:32
  • @terdon That would be a fair question but you have to read a lot in to get that -- if this is the case, the question is textbook unclear, since it could be interpreted a bunch of ways. – goldilocks Apr 06 '14 at 16:33
  • @TAFKA'goldilocks' - I wasn't commenting on the Q, only that there was a prior discussion on UID 0 8-). I voted to to close this as unclear. – slm Apr 06 '14 at 16:41
  • Related: http://unix.stackexchange.com/q/1052/135943 – Wildcard May 08 '16 at 05:56

2 Answers2

4

It's not just a security issue. It's a "I'm less likely to destroy my system by accident by typing something stupid" issue. As goldilocks said, there is no such thing as a "non-root superuser". Common sense dictates that you should run with as few privileges as possible. That is all.

Faheem Mitha
  • 35,108
2

The advantages of a "non root, unlimited superuser" are essentially nil (unless you count the protection against brute force attacks - many more attempts will be done against root than against server).

The advantages appear as soon as you delegate functions and create a set of limited superusers, or superuser commands through the sudo mechanism, because this way you can run those administrative tasks -- and only those. A successful break-in in the "webserver admin" personality will then be able to restart a webserver or rotate logs, but not install administrative software, run privileged commands, lower the firewall shields.

Of course this assumes that you have defense in depth - for example the "create new file for website" function of sudo will check that the new file requested is not a special file, is not executable, and is in a valid webroot. The sudo gcc command will have to verify that the issuer is not overwriting a system binary with a different file, and so on. If by just typing sudo su an ordinary user can get superuser privileges, then the system might actually be less secure than if it only had a root user (think of a fire-and-forget "joe" account with guessable password: in such a case, it would supply a ready backdoor to rootdom).

LSerni
  • 4,560
  • I'm still curious as to what a "limited superuser" would be. I can't find any explanation of this anywhere. – goldilocks Apr 06 '14 at 16:36
  • Perhaps it would be better described as a "power user". Someone who has the same rights as the superuser in some fields, but not all. It was traditionally done by carefully SUID'ing key binaries, or supplying suid wrappers, before sudo came by. – LSerni Apr 06 '14 at 18:08
  • Yes, I'll agree that is a much better and less confusing term. "Administrative user" is probably better still. Someone who can leap tall buildings in a single bound but is not faster than a speeding bullet or more powerful than a locomotive is not Superman. It is just someone with a superman-like ability. ;) – goldilocks Apr 06 '14 at 18:49