dan677915
By:
dan677915

Why Not Use Root Account All The Time?

October 18, 2015 1k views
Security

Everybody has heard, and seems no one argues, with the suggestion that logging in with a the root account be avoided. Here it is, at the start of the instructions for building a LAMP stack on Ubunutu 14.04:
*
Prerequisite: Before you begin with this guide, you should have a separate, non-root user account set up on your server. *

I am not persuaded. When I am the only one with the root password, there is not any good reason not use it basically all the time. Some situations require restricted permissions, such as the accounts with ftp access to web directories. But when I login to do stuff, I think typing sudo all the time is a hassle. It becomes such a habit, it doesn't stop me from doing anything by accident. An expert told me that the name of the root account is known and therefore subject to brute force attacks to get in with its password. How is that risk mitigated by me not using the root account? If the root account is disabled from login with a password, requiring ssh keys to login, then what is the problem?

I would be glad to be corrected. Looking forward to responses.

2 comments
  • With application security vulnerabilities, there could be more ways to access or damage a computer than by knowing the username/password. When you install/run programs as root they will run with full root privileges. If there is a bug or security hole in the application, serious damage could be done.

    For example, a program could have a bug that might accidentally erase the entire /usr directory if it runs as root. Or some programs might have vulnerabilities that would allow an attacker to run code on your system remotely without needing to know a password. If the program is running as root, then the attacker could have free reign to do anything from stealing information to compromising the kernel to formatting the disk. However, if the program were running with a restricted user account, then they couldn't do nearly as much damage.

    Using sudo appropriately is a security model that has been in place for a while because it works. Administrative tasks can be run with elevated privileges on an as-needed basis without as much worry about vulnerabilities. It can also be a bit of a safety net for moments of carelessness.

  • Thank you for responding. I am surprised it took so long to draw a response on this one, since everyone knows why it's such a bad idea to use root for everything.

    When apps need an account, giving them the root account is stupid, for the reason you gave, but that is the topic. The topic is, what account to use when you are the sys admin doing your work. Should we use accounts that are not the root account, same as apps need to be limited. I say that is a waste of time

    Regarding the safety net, I think that is tale people like telling, but it makes no sense. Are you saying that requiring more keystroke per command, errors are less likely? It might make errors less frequent, as a by product of each command taking longer to initiate.

    As for the "it works" statement, I never heard of root not working, so what does that have to do with anything?

    The only time it make sense not use root all the time is when you have multiple administrators on the same system. In that case, everybody has to have their own account.

1 Answer

This question was answered by @bunsemaster:

With application security vulnerabilities, there could be more ways to access or damage a computer than by knowing the username/password. When you install/run programs as root they will run with full root privileges. If there is a bug or security hole in the application, serious damage could be done.

For example, a program could have a bug that might accidentally erase the entire /usr directory if it runs as root. Or some programs might have vulnerabilities that would allow an attacker to run code on your system remotely without needing to know a password. If the program is running as root, then the attacker could have free reign to do anything from stealing information to compromising the kernel to formatting the disk. However, if the program were running with a restricted user account, then they couldn't do nearly as much damage.

Using sudo appropriately is a security model that has been in place for a while because it works. Administrative tasks can be run with elevated privileges on an as-needed basis without as much worry about vulnerabilities. It can also be a bit of a safety net for moments of carelessness.

View the original comment

Have another answer? Share your knowledge.