Confessions of a Real-World Linux Admin: “I Always Login As Root.”

hatred to admit it, this sound like me:(

I am writing this on my SUSE desktop at home. I can’t remember the last time I logged in as root. If I need to install or change something, I just select the appropriate item from control panel or YAST. YAST will ask for my root password, and I can make changes as root while still logged in as a limited privilege account. The key, of course, is that I have to provide my root password to make the change. If I need to use a console, SUSE has a handy SU console.

Most linux distros require (or strongly suggest) setting up a limited privleged account for daily use (Linspire, are you listening?). SUSE goes so far as to set the default wallpaper on roots desktop to be bright red with pictures of bombs and hazard signs on it, just in case anyone misses the point.

Whether or not all admins use it, it is much easier to run a *nix with limited accounts than any Windows system.

Entering your root password into YaST breaks the rule of never running any GUI stuff as root. GUI toolkits are just too complex to offer any kind of assurance against buffer overflows and other kinds of vulnerabilities.

The only safe way to do stuff that needs root access is from the command line.

I’ve had plenty of core dumps (buffer overflows) when running utilities from a command prompt. Anyone of these can be a vulnerability, just like a gui, if you working with anything downloaded from the internet. I use YasT (whether GUI or command line, ive used both) to configure my system like windows control panel or install updates from SUSE. I never surf the internet with root privileges, even to trusted sites like amazon or google.

The bottom line concerning the internet:

As Fox Mulder would say, “Trust no one”.

Just because you are paranoid doesn’t mean there aren’t people out to get you

Never access the internet with root or admin privileges, not even google. Someone can craft an html string which appears in the google search results and causes a buffer overflow.

Run all webservers and databases as limited user accounts. Never run them as root

Never store any personal or sensitive information on a Windows system that is connected to the internet. It is just too vulnerable.

Did I mention, “trust no one”?

Hello BJ Gillette,
“Yesterday, land0 wrapped me on the knuckles…

Before I get started let me just hide the ruler …

However I am glad to hear that your boss got a laugh out of what I wrote.(even if he was laughing at me.) What I wrote was meant to be exaggerated and some what satirical while attempting to prove a simple point and maybe make some people think.

Since it seems like I missed the mark I will try, try again.

Lets say that all people who are SysAdmins of medium size businesses that run as the root user continually are named “Kurt”(you were expecting “Dick” huh? ).

It used to be that before “boss man”(who we will refer to as BM) brought the Nix system into the mix that Kurt was free of blame for security breaches, crashes, blue screens(BS) and fill in the blank_______ . It was the faulty defaults of M$(broad strokes here).

So the BM wants Nix he wants to reduce the stress for the whole company.
Besides the fact that all of his toastmaster buddies say they have had next to no problems after making the switch to Nix.(catchy huh?)

The security of the system is now Kurt’s responsibility there is no more M$ crutch. If the network goes down more often than the BM’s toastmaster buddies he will figure it out. It could even be after a couple of real FU’s Kurt will no longer do Kurt things and log in as root all the time. He may even go to KA meetings.
“Hello my name is __________ and I used to be a Kurt.”
“Hello,__________.”
“I have not used root for my login for 6 months because unemployment sucks.”

EB, the Kurt story is only disturbing to you because you’re clueless.

If *I* were to always run as root, that would be stupid of *me* because Linux *is* my desktop. I do many things that don’t require root privileges.

As Kurt explained to you at the start, Linux is not his desktop. Kurt is not stupid. Everything Kurt does requires root privileges.

Root privileges are root privileges. Using sudo only buys you a little logging and slightly better password management. There are unavoidable risks involved with root privileges, and thinking that sudo will make them go away is ignorant.

If, as Kurt says, the server room is only accessible to a few people, who have the root password anyway, staying logged in is not a risk worth talking about. Especially since most businesses use computers where physical access can be used to get root access.

The most important thing Kurt should do security-wise is keep up with security updates to his web, email and ftp server software. The logging in as root issue is a trivial issue given the circumstances he described.

For other circumstances, e.g. desktop Linux, it may interest you to know that Ubuntu’s install procedure configures sudo for the user, so one would have to try extra hard to get into a situation of constantly logging in as root.

I’ve run as root on my personal machine for ages now. Su and sudo are basically a major pain when it comes to developing software which hasn’t quite got it’s security together adaquately to run properly as a normal user (or relies on other bits of software which hasn’t got it’s security together adaquately!).

There’s also the other side of the coin: running as a normal user and believeing your machine is the *most* secure thing in the universe can lead you into fairly reckless behaviour like visiting pron, trog, shareware and warez sites (if you visit pron, trog shareware and warez sites, then you may as well *assume* you’re machine will be 0wn3d regularly and can live with it being trashed).

And if you’re not confident enough to live with mistyping CLI commands, then you shouldn’t ever ride your bicylce without those extra wheels or go swimming without those armbands.

And having a backup up is a total must have even if you run as a normal user.

For administering servers, root login is a must have and if you’re developing a server app, being logged in as root for long periods is normally required. And being logged in as root on a production machine is even more fun!

Yes, the Manual says you shouldn’t muck about with production machines “live”, yes the manual says you shouldn’t log in as root unless you really need to, but until the day you experience something like having to exceeed the speed limit to *avoid* a major road accident, you’ll won’t realise the Manual is written as a *general* guide for best practice but there are many instances that the Manual just doesn’t cover.
Most often it’s the “the boss needs this yesterday” condition that they don’t cover.

Finger pointing and sneering at admins who login as root is fairly childish in my book.
And is generally the attitude of newbies who setup servers that get 0wn3d fairly soon after going online because they lack experience.

I know a couple of people who think I’m mad logging in as root but then they’ve never been sysadmins running multiple servers. And they probably drive at 40 in built up areas and but only do 50 on a motorway.

I’ve used Linux now for about 8 years and never seen a sucessful penetration of any machine under my wings. But know that I’ve just said that, I’ll probably find one of machines has been zombie for about 7 years !

ok well this dude is too lazy to use or even configure sudo then he deserves the insults. I am not suggesting that he become a perfect security professional but his laziness and uncooperative apathetic security practice is contagious for those admiring subordinates who he might work with. So next time your speeding down the interstate and I pull in behind to follow you, please please slam on your breaks so that I will learn not to do like you do.

Hey, I’m the Kurt running FreeBSD. =)
Sometimes it seems to me that more mature, old-school linux/unix users are a little “elite” and so there’s a dead area in the learning curve. The “For Dummies” style stuff get’s you started, and you learn all this cool stuff and continue to teach yourself, but the gap between there and becoming a security minded, uber admin is little documented, no-man’s land.

Much like Kurt, I run Linux as a server, not as my desktop. There’s no point in my logging in as any other user than root; every time I log in, it’s because I’m going to tweak the Apache config, adjust SpamAssassin rules, or whatver else.

Use some GUI control panel? Sorry, I’m logged in via SSH. This is what the command line is *for*.

There would be absolutely no point in setting up sudo, because that would just force me to type “sudo” in front of every command. (And the commands would *still* be run as root, because *they need to be*.)

People are misunderstanding the advice about logging in as root. It’s not “never log in as root, ever” - if that were the case, we could just get rid of the root account altogether, right? It’s “never log in as root *unless you NEED to*.” And system administrators need to.

I log in as root all the time (servers only, I don’t use it as a desktop). Most everything I do requires root. I don’t run x-windows or even have it installed on the system. Using sudo for every command and typing in the password many times seems less secure to me.

As for accessing the internet from it, of course I do. There is SCP, dig, tracert, nmap, etc. I suposed that I could run most of those as a limited user having to switch between root and my account seems pointless.

My services are setup secured; chrooted and limited users where possible.

root is there for administration, so use it for that. if you think using sudo will protect you from some of the programs you are running, why are you running them? Please, take a class, read a book, and learn what the commands you run do.

BJ Gillette

“You didn’t miss the mark at all. Your insight was received in the spirit it was given… and enjoyed. We’re all on the same page.”

Thank you for clarifying. I just wanted to make sure that was the case. I bet your tech support guy was surprised to find out that he is your boss now! hehe

“You just gave me an easy intro, so I could bring folks up to speed on our discussion without having to rehash it. ( Cheezy writing trick)”

Good thing I rehashed it… doh! lol

As for the comments referring to security minded people with derogatory remarks. There are very good reasons why you should not use the root account as your own personal login.

There is an illustration often used by those guilty of not following guidelines.

“There is a speed limit but that does not stop anyone from speeding now does it.”

I propose that using the root user as your login on a Nix system is more like not wearing your seat belt. All of us are all speeding down the road of the super computer highway it is inevitable that you will be crashed into. In the end it is the safety equipment you use that determine if your network has a better chance of living through it. In a multiple machine network you will be responsible for the multiple machine pile up that happens as a result of your negligence and the money it costs not to mention the loss of trust from the one who signs your checks.

Buckle up we care.

Well on a counter note by adding an additional user to logon that gives an would be attacker one more target to try and penentrate. Just another account with another password that can be penetrated. As stated an many linux security books you should only have accounts that you absolutely need.

So if someone logs in as root every 3 months to do maintainence on their server and that requires root privileges I don’t how thats a bad thing. Your basically saying “don’t use the root account for what its for.”

Explain to me how typing sudo before each command suddenly just made your box a fortress.

sudo rm -rf /*

Also by typing the root password over and over each time you use sudo increases the likely hood that you type it in the shell on accident and save it in your history file. Or it make it easier to identify with a keylogger. Or how about this outlandish one, your keys will wear out the attacker will know what keys to push!! We can get as paranoid as we want.

Lame article, while I completly agree with the workstation, I think this really is just someone trying to feel smarter than others. While I agree you should at least log out as root when your finished, it should be noted that you have no security without physical security.

So if you want to be secure, unplug your computer and just memorize everything in life. Until they invent a machine that can read minds, you will be safe.

Now if you want to truly add some value in the article explain what major security holes logging in as root to do root activities creates compared to using sudo.

BJ Gilette:
This article bills itself as a horror story and derides Kurt’s behavior, when Kurt isn’t doing anything unreasonable. I would not call names if it weren’t for the “I’m smarter than Kurt” attitude throughout the article and in many of the comments. If you didn’t understand Kurt’s answers to your questions, you should have asked follow-up questions, not written a derogatory article to show off your ignorance.

I don’t generally go around calling names when people are ignorant, except when their ignorance leads them to think they’re smarter than others. Hopefully the candor from me, Kai MacTane, dblood and rootloger will help your quality control on future postings.

rootloger:
With sudo you type your own password, not the root password.

In Kurt’s organization, using sudo would eliminate the need to coordinate a root password change when an admin leaves, but that may not be a big issue depending on the organization.

Using sudo would also help them have logs of who did what. Again, that may not be a big deal depending on the organization.

B Lewis:

You’re a dumba**.

B Lewis,
Contrary to your portrayal, the article seems quite sensitive to the busy admin. I see a lot of questions/answers, but little commentary. Why the sensitivity? Have a Coke and a smile…

We all know that abusing the root account isn’t necessarily best practice, but we do it anyway. Why? Because it’s easier, plain and simple.

- T

BJ Gillette
All I have to add is thanks for the interesting and enlightening article and your banter, you have gained a new reader here.

I admit I don’t get the sudo thing. You can do root commands with a regular user’s password. So… all they need is your password to do root things? How is that more secure than having to login as yourself, then having to su to root with the root password? Until someone comes up with a reasonable explanation, I’ll keep using ’su root’ when I have to do root things. Then again, it’s not for a business. If I got hacked, it wouldn’t be too devastating (but it has yet to happen).

His root usage doesn’t sound too bad. I’ve been using Linux since 1997 and while I always login as a user on my desktop system, I often login as root on my servers. The real problem arises when you browser the web, irc etc… as root where vulnerabilities in whatever software you are running could mean someone dropping a root shell on your box.

I am see that some people do not really appreicate what sudo is for. Or how to best set it up. NEVER set sudo up with the root password. The main thing that sudo does (and by the way it’s biggest use is ’sudo su -’, so you only have to use it once) is give you a solid log of who did what. In the case of my critical servers at work NO ONE, NO ONE has the actual root password so that if root shows up as having logged in we know there is trouble. That being said, I do not expect everyone to follow that pracitce, hell I don’t follow it on all my servers.
Whata lot of the readers seem to miss is that Kurt is logged in as root not becuase he does not “get it” or has even really thought about if he should or not, but becuase he is just to damn busy to worry about security that _interferes_ with getting work done. That is the universal trade off and bane of security. How much are we willing to hassle with when we have to get something done? As an example, why isn’t openBSD the major web facing server? Becuase the security on features on the OS exceed the Kurt Hassle Threshold (not knocking openBSD, best security I know of, just a real bear for your harried Kurt to try and learn/setup/use with the BM riding his/her butt).

me-
a couple reasons for using sudo: first is logging, by forcing admin to use sudo I can tell how the last person to be root was, or the last person to be root be fore things went bad. Secodn reason to use sudo is to, in theory, make it harder to accidently cripple a box by deleting/modifing or other wise do doing bad things. Unlike ’su’ which could allow for keystroke login of the root password, sudo would only allow login of your password. Maybe not a great improvement in security, but again with the sudo logging you can tell who got compromised. Mind you most of the sudo benefits are found in a multi-admin setting.
Ubuntu makes good use of it by allowing only a normal user, to step up privileges only when needed. Does this require some smarts on the user’s part? Sure. In a case where you are teh only person on the box maybe you will get no advantge from sudo.
On my personal system I normally just use ’su’ for when I need elevate rights as the only person using the box is me. Using ’sudo’ does not give you much greater security , it does provide better auditing of what is happening on the system. It is improved auditing that makes sudo a recommened practice.

I never logon as root. In fact, I don’t remember roots passwd. However…

I tend to do this when needing roots privileges -

$ sudo su -

I know, it’s no different than just loging in a root. But it doesn’t have the psychological stigma so it makes it easier for me to do it.

Evan you backed up the use of sudo with some solid reasons why its a good idea.

Positives:
1. Monitor logs for root activity that you know would not be done by your users.

2. Multi admin situation.

Negatives:
More user names and passwords that have to be controled and protected.

To clarify what my mistake on my comment about typing the root password, you still are putting in the password to give root privleges for whatever command you are doing and the end result is the same. Imagine if you sudo with passwd.

I only use sudo on my ubuntu workstation besides that I either logon on as root or use su for servers, but thanks for your additional comments it will give me something to ponder.

With your comments this post finally has some value and I appriciate that.

BJ Gillette I think you know the ‘what’ but you don’t fully understand the ‘why’. In this instance the ‘what’ is a security practice. If you understood the ‘why’ you’d know that there are specific exceptions to the ‘what’.

I don’t think your pedantic and somewhat dogmatic approach to security will get you in to trouble in this instance but in general it’s not good to think you know that which you do not know(socrates). I say this because while Kurt’s actions are a precise exception to the ‘what’, you disagree with him and call him dumb for it(if you can reason by syllogism anyways). I posit that this is because Kurt knows a little more about the ‘why’, althought it’s likely that he knows less about the ‘what’.

The precise exception here is when your are the sole admin of a server where you don’t need need to do any non root things logging in as root is ok.

speaking as a liberal arts major who always logs in as root, it’s “rapped on the knuckles,” not “wrapped.”

(just kidding about the login part… god know, like most liberal arts majors, i don’t need admin privileges for my burger-flipping job.)

I suggest the author statrt a series of articles for the Kurts of this World letting them know how to think like a sys admin.

I expect one could use RUTE as the refernce material.

Ok so the guy sounds completely logical. And how does not running as root all the time protect against exploits against programs from the internet? that makes no sense.

i also admin some linux boxes and always run as root. like im going to type my password in everytime i want to restart a service or edit a config file.

as far as i can tell, the perils of running root are
1) typos
2) running untrusted scripts

neither of which i do. I think it comes from the mindset that some cluseless luser will accidently type rm -rf / like all the jokes say and then own a multi user box. Thus the fear of root was beaten into peoples heads. Its like the urban legend that you have to wait after eating before swimming. its a psychological fear not a real one.

That should read “against programs downloaded and installed from the net” the meaning being that your not going to go around knowingly running code from a disreputable source, so you would have to eventually log in as root to get it installed anyway.

Funny … I have been doing this for about 20yrs now in one fashion or another - long before there was a such thing as formal training. There were no schools other than a computer science course at a university. Even the government (FBI) was hiring all the hackers they could find just to put a security team in place.

Flash forward 20 yrs - now there are nothing but schools and training. Suddenly your a putz if you don’t have training? Who taught your Instructor? … who taught him? - etc …

Eventually you get to a guy that didn’t get any formal training and taught himself - correct?

BJ Gillete,

I got linked here from reddit so I’m not familiar with your articles. Also, with what I generally read I don’t expect technical articles to be satirical.

As I understand it now after rereading, it seems to me that you think what Kurt does is ok and that land0 is the pedantic one?

(WARNING THIS POST IS NOT FOR THOSE OF YOU WHO ARE WEAK AT HUMOR OR HAVE HAD YOUR FUNNY BONE CALLOUSED BY WATCHING LATE NIGHT TELEVISION.)

BJ Gillette wrote

“That holier than thou garbage goes way past Linux. But Linux has somehow attracted more than its share.”

Ah ha! You speak of “The Merlin Syndrome” my fine two footed friend. A syndrome so devastating and so horrible and despicable that it has hindered the development of “good things”(thanks Martha) in every “corner of the world”(which would imply that it is flat) from the beginning of recorded history. What is it exactly? That will be the subject of my first article here at emailbattles.com entitled(shockingly) “The Merlin Syndrome” (which may or may not make it past the censors)

“Back to Kurt and land0… So between Kurt and land0, who’s pedantic? Nobody. Each is operating as correctly as that individual feels is practicable, within the knowledgebase and environment presented.”

Well said.
——-
Hello all,

It is not really a question of who is right or wrong here! It is merely a matter of choice coupled with the question of responsibility.

As for being pedantic,
Before I go out in public I also double check to make sure my zipper is zipped and my business is not exposed. So alas for me it is more a matter of consistency.

To be honest, this “self taught” person needs to read and research more in adminstrating networks in a business scenario. The thing he’s missing is reading about procedures and such used in other organisations.

At best, you can view this as very half-arsed. Meaning that, when this person reads material and such, they only read what they need and that’s it. They don’t bother getting a good idea of the overall picture and how to do things properly. (procedures and such that have been well-developed).

From a security perspective, this is a BAD approach to managing or doing anything, let alone networks. I see this all the time at a University level. People are rushed into producing a solution that gets them a grade. The problem is, lecturers want to know how you got their and if the approach was done in a logical manner. (They want to teach you a way of thinking…Its sad that 90% of people don’t even see that!)

To me, it stems from the fact that the modern world demands results in a quick manner. The problem for humans, is that we tend to produce what we need at the cost of some things (the rush to produce results often produces low quality)…The best example is Microsoft. They’re so into producing things fast and wanting to be in every tech market, that they’re producing nothing great. At best, they’re producing “just enough” quality solutions.

OK, so to counter “Some commenters even expressed disbelief that any Linux user on earth would use root for personal login,” you point out an example of someone who uses root for admin purposes only.

But really, I’m just not seeing the humor. OK, you were just posing as someone making a lame argument feigning superiority; maybe you were really making a joke about people who do that. I’ll try to laugh more.

Although, I would think if humor were your purpose, someone like me taking it seriously would only enhance and perpetuate the joke. Shouldn’t you be making replies that show even more cluelessness and feigned superiority to see how mad you can get me?

B Lewis: Are you this boring at every party you go to?

B Lewis may be a (insert adjective here), but he makes a good point in that the use of sudo is better suited for large *nix shops with more than 5 admins.

Great typo. it makes the guys with the bling, who chant instead of sing “wrappers”.

Dear Sir

when i change hosts name then i got the error

kindly advise how to reconfigure sudo

sudo: unable to lookup edubuntu via gethostbyname()

I have almost always logged in as root to adminster our servers. But I will now rethink that after your interesting exchange with “Kurt”. I see the error of my ways, though I do find it a hassle to sudo. Thanks for the enlightenment.