Scenario / Questions

I have a feeling this is a stupid question, but this is something I’ve wondered for awhile.

I have a VPS and this is my first big linux venture. I am the only person who has access to it. My question is, what is wrong with just logging in as root as opposed to making an account and giving them sudo access? If a sudoer can do everything root can, then what’s the difference? If a hacker could crack my password to my standard, non-root account, then he could also execute sudo commands, so how does a hacker cracking my root account matter any more or less?

Find below all possible solutions or suggestions for the above questions..

Suggestion: 1

If you’re logged in as root, you can easily wipe directories or do something that in retrospect is really dumb on the system with the flip of a finger, while as a user you normally have to put a few extra mental cycles into what you’re typing before doing something that is dangerous.

Also any program you run as root as root privileges, meaning if someone or something gets you to run/compile/browse a website that is dangerous and wants to damage your system, such as a trojan or other malware, it has full access to your system and can do what it wants, including access to TCP ports below 1024 (so it can turn your system into a remailer without your knowledge, for example).

Basically you’re kind of asking for trouble that logging in as yourself may prevent. I’ve known many people that ended up being glad they had that safety net in a moment of carelessness.

EDIT: There is also the issue of root being the most well known, thus an easy target, for scripts and hacks. Systems that disable the account and instead force users to use sudo means that any attempt to crack root from ssh or a local exploit to the account are banging their heads against a wall. They’d have to guess/crack a password and username. It’s security through obscurity to a degree but it’s hard to argue that it doesn’t foil most script kiddie attacks.

Suggestion: 2

If you wouldn’t allow an idiot to log in to your server as root, then don’t always run as root yourself. Unless you can hand on heart say you’ve never been an idiot. No, really? You sure? 🙂

Benefit: reduces possibility of you being root and an idiot simultaneously.

Suggestion: 3

The main reason is mistakes. If you are always root, simple typo might really screw up the system. If you only log in as root or use sudo to do things that require it you minimize the risk of making a dangerous mistake.

Suggestion: 4

When you’re root you get lazy about permissions, since you have access to everything all the time, you don’t care when things are 777 or 644 or whatever. So if you ever do let anybody else on to your system that you don’t want to have access to everything, it all of a sudden becomes a real hardship to make the machine safe to use by other people.

Suggestion: 5

There are a few key priciples behind not logging in as root:
1) Root password is never sent across the network at login time
2) No way to tell who did something if multiple users login as the same account(root or other).
3) Accidentally doing something ‘stupid’

Suggestion: 6

It’s more for protection against yourself so that you have a second chance to review the higher privilege commands you’re trying to run, analogous to UAC in Windows. It’s pretty easy to accidentally do something like rm -rf / while logged in as root.

In addition, you have traceability. This isn’t a big problem in your situation where you’re the only one (theoretically) issuing commands but the ability to log and trace back to an individual is a key component to many forms of analysis.

Suggestion: 7

The difference is mainly:

that you can’t do anything bad by accident.

that “evil” code cannot take over the system.

Notice: evil code does not necessarily mean that anyone has already access to the system.

Suggestion: 8

You should always use accounts with the lowest level of privilege possible. Running as root all of the time encourages bad habits and laziness that will make life unpleasant when you are working with multiple users or expose something to a public/semi-public network.

Also keep in mind that password cracking is only one compromise scenario — and isn’t the most common scenario either. You’re more likely to fall victim to a browser vulnerability, or a vulnerability in some daemon thats running on your system.

Think about code that you use without thinking. For example, the Linux port of Adobe Flash, which is a steaming pile of poop that has only become usable in the relatively recent past. How secure do you think that code is? Do you want that to be able to exert full control of your system?

Suggestion: 9

It can prevent against SSH brute force attacks. Every unix has a ‘root’ account. However it’s not clear from the outside what your ‘sudo’ username would be. Hence if someone wants to try to brute force their way in, they know there’s a root account and will probably try it. However they don’t know where to start if you’re using sudo.

Suggestion: 11

My advice would be to try using root all the time for a while; you’ll soon discover why you shouldn’t 🙂

Suggestion: 12

Even if I don’t trust in “security by obscurity”, there is surely an advantage to use a custom login instead of the ever-existing root login. You can thus also configure SSH to prevent root logging in.

As other said too, root can do everything without any confirmation. So using an unprivileged user can prevent stupid mistake and typos.

Another argument in favor of multiple user accounts is to run different softwares under different users. Doing this, if a security flaw is exploited in one application, the exploiter can only access files and resources accessible to its running user.

One last point for not using root : resource consumption. Root has no limit on how much memory, processing time, file handlers or disk space he can use. On a lot of filesystems, there are data blocks which are reserved only to root. So a normal user can never use them to fill your disk. ulimit command can also be used to restrict the memory and file handler number a user can consume. But if you are root (or an application running as root), nothing prevent you to change this limit.

Suggestion: 13

Yes, I agree with you, and I think that is a question of protection against human errors and sometimes against malicious programs.
The bad thing that I have never seen is that using root as the default gnome account.
I think that most users that do that are the Windows users recently migrated to Linux or Unix.
Try to copy the usage of the Administrator privilege to root.

Suggestion: 14

There is nothing wrong with being logged in as root. It helps develop muscle memory to only type safe commands and promotes accuracy of thought when performing actions with big consequences. I highly recommend working as root to get better at system administration.

you also get to do cool stuff like ping -i 0.2 -c 1000 example.com