5

Possible Duplicate:
Concern about logging in as root overrated?

I often hear that it's a bad idea to use root for general use. Why is this a bad idea?

Community
  • 1
  • 3
    Think of it as slipping punches in boxing. You only want to apply as little force as is necessary to solve the task. You only want to slip as much as to make the punch not land, otherwise you'll be off balance, you'll not be able to counter, etc. Conversely, why would you need complete access to the entire system if your task at hand is to create a directory in your user's home path? This principle is common in computing: for example, check out modularity, encapsulation, critical section, resource access protocols, ... – Emanuel Berg Oct 19 '12 at 00:12
  • 1
    It's the the principle of least privilege in action. – donothingsuccessfully Oct 19 '12 at 04:12

1 Answers1

12

Summarizing from this Ask Ubuntu answer, it is a bad idea to run as root because:

  1. You are much more prone to mistakes or software bugs. That program which deleted files as a bug? If it ran as a limited user, at most it can damage stuff in your home directory and on a few other devices (e.g. USB disks).

    If ran as root, it might have freedom to delete everything in the system. Besides, you might be the victim of a buggy script which accidentally deletes critical files.

  2. Similarly, a vulnerability or malicious software can cause much more harm, because you gave it full permissions. It can change programs in /bin and add backdoors, mess with files in /etc and make the system unbootable etc...

  3. You can be victim of your own stupidity. That rm -rf * you ran by mistake, or if you swapped input/output device in dd, would be stopped by your lack of permissions, but if you run as root, you are all powerful.

  4. You don't need it for most uses, except for administrative work.

sudo has similar dangers, but at least they will not (at least they should not) happen by accident - if you typed sudo destroy_my_machine you presumably knew well what would happen, it's very hard to believe one could do it by accident.

For an example of something quite nasty, assume a script that runs rm -rf $someDir/*; if $someDir isn't set, the end result is rm -rf /*.

Community
  • 1
Renan
  • 17,136