IgnorantGuru's Blog

Linux software, news, and tips

Fear Not Root

Back in the day, we all had root. When you used a DOS or Apple machine, there was just one user – YOU. You learned to be careful. As multi-user systems like Linux arrived on the desktop, this changed.

Linux users are constantly bombarded with the advice “don’t run anything as root!” “Don’t work as root!” “Run things as a user whenever possible!” One OS (Ubuntu) has gone so far as to disable the root user by default. Too many people were getting into trouble with root, they felt.

To a degree, warnings about using root powers are apt. But I also notice that a myth has grown around root, and a phobia around using it, to the point where people are afraid of their own systems. “Let the devs take care of this, I’m just a user.” But that is not the philosophy of Linux, and not the fun of personal computers. Your PC is YOUR domain, so master that domain.

For admins who maintain truly multi-user systems, with dozens or more users whom they don’t know personally, root is indeed to be guarded. But for the average Linux user who maintains a home system, just how risky and powerful is root compared to a normal user? Let’s dispel some myths.

The fact is, unless you have taken extraordinary measures, most of the data on your PC is probably read-write accessible by you as a normal user. If it wasn’t, you wouldn’t be able to save and delete your files! This means that for most of your data, it doesn’t matter if you are root or a user – it’s just as vulnerable. Ironically, this probably is the most valuable data on your PC – your documents, and other personal files. As for the system files that are write-protected by the root mechanism, they are the least valuable, in that they can simply be downloaded and installed again. It might be a pain, but there’s no real risk of loss.

As far as the network is concerned, unless you have taken extreme measures to change the defaults, a normal user can access most of it. They can send and receive data to arbitrary servers on arbitrary ports, just like root. Combined with the normal user’s access to all of the files on your PC, this means that all the data is vulnerable to being spied upon and uploaded off-site from a user level.

Then we have a normal user’s ability to execute arbitrary code. You can run any program you like on your computer as a user. It doesn’t need to be installed as root. It simply needs to be composed or downloaded and executed. This means any virus with your privileges can do the same. The root mechanism does not stop viruses from running as a user, they merely stop viruses from being root-owned and modifying root-protected files. As an admin of a large multi-user system, you might care about this. You don’t want a virus in a user account to spread throughout your system. But as a PC user it doesn’t much matter. Either way the virus is running on your system, with full read-access to almost all your files, read-write access to all your personal files, and full access to the network.

Let’s make a little table comparing what root and normal users can and can’t do on a PC.

Ability root user
Read system and personal files
Modify system files
Modify personal files
Modify/delete other user’s files some
Modify user system settings (/home)
Exchange data on the Internet
Install/remove programs
Run installed programs
Run un-installed, arbitrary programs
Set programs to quietly auto-run at login
Interfere with programs run by the user
Physical access to the machine

IOW, root offers limited protection at best. Now, you might say, “Well, at least only root can mess up my system and programs.” Guess again. Any program or virus running with your user privileges can delete and modify all the files in your home folder, which includes all the settings, configurations, and data for all the software you use. Such an attack would render your computer unusable as you know it – you would have to start from scratch. Sure, the programs themselves would be safe. Yet once again that is the least valuable data – programs can simply be reinstalled, while all your home folder settings and data are a product of your own work. For an admin of a large system, this is good, because only one user’s home folder and data gets wiped out. For a user of a PC, you are that one user, so it doesn’t help much!

Root is a valuable security mechanism to an extent. It is one tool you can use to improve the security and stability of your system. But it is important to see through the myth that root protects all. It does not. It can’t even be said that it protects the most valuable data, at least in a PC environment.

Further, because of the fear people have of using root, they often do things as user which would be safer to do as root. For example, you might download and use a script as user, thinking that is safer. Yet now you have a user-owned script on your system which can be modified by any program or virus without your knowledge. You’d be far better saving the script as root, in a root-owned folder, then running it as user. In this way you are using root to protect you rather than fool you.

Worse, many user-owned and run scripts will make sudo calls to perform root actions. You enter your root password as the script runs so it can perform these limited root actions. Yet how do you know the code hasn’t been modified, and is doing something else as root? This is the perfect setup for a trojan to steal your root password. Then it really will have full access. This is an example of how fear of doing things as root is creating less security, not more. People are increasingly using sudo in scripts instead of making the scripts run as root, which opens up a variety of security issues. IMO, if most of what a script does is system-level, it should be designed to be run only as root. You are then more likely to take suitable precautions. In any case, anything you plan to run on your system should be saved as root in a root-owned folder to protect it from tampering.

There are many advisories warning you about running things as root. But the fact is, for most of your data security and privacy, you should be equally cautious about ANYTHING you run on your system. This includes commercial and ‘official’ software, many examples of which spy on your computer and network use (Adobe Flash leaps to mind). Notice that they do this running as a user, not root. What does it matter that their programs are installed as root? They could just as easily not be installed and simply run (and sometimes are). This area of Mozilla plugins and similar things running as user are a far better place to focus your security concerns. The root issue is minor in comparison.

Be conscientious about everything you use on your computer, knowing that it has access to most of your data and can do most anything you can do. Don’t imagine that running something as user is affording you grand protections. It’s not. It’s merely affording the system files some protection – the very files which are easily replacable and contain little or no personal information.

In addition to being a careful user of software, rely on good quality, up-to-date backups, which are periodically archived onto DVD-R or external HD. Backup your system, which makes recovering from malicious or accidental system breakage a snap, and backup your personal data, including your home folder.

With that done, you will feel much more at ease about using your powers of root. Linux was designed to open up the PC as a creative tool. Don’t fall into the trap of being just a ‘user’. Modify and experiment with your system. Sure, you’ll break things now and then. But that’s how you learn, and with a good backup and recovery plan it’s no big deal. Get comfortable working as root, writing scripts and modding your system, and feel the power at your fingertips.

January 16, 2010 - Posted by | Tips

4 Comments

  1. You should fear and respect the root. Silly linux kids.

    Comment by Smeeg | June 26, 2010

  2. It would be fine to run as root if:
    There was no malware.
    You could trust everybody.
    X11 was more secure.
    Just look at first two reasons and you’ll see why so many Windows computers are compromised.
    Also, in addition to adding security from others, limiting your accounts also protects you from yourself (rm -rf /*).
    And while it is true you can be careful, that will only protect you for so long. Sooner or later you will forget something.
    So as long as we’re not living in a perfect world I’m gonna stick with su and sudo. :P

    Comment by ns89 | July 13, 2010

  3. @ns89: I’m not entirely sure that you actually read the article before disagreeing with it…

    The author is not suggesting that you “run as root”. Instead, they are pointing out some of the flaws to the myth that you should actively avoid using root, as well as giving useful suggestions as to how root ownership over certain types of data can INCREASE your system’s security. Also, the article DOES touch on the topic of your final comment and does mention the issue of su and sudo being a rather false sense of security when evils such as keystroke loggers and other similar malware are concerned.

    While I agree that out of control use of the “Administrator” account is ONE reason that so many Windows computers are compromised, I might add that the MAIN reason so many computers in the world are compromised is that MOST folks using computers today simply don’t understand (nor even CARE) about system security until it personally bites them in the rear. At that moment when a person actually loses data, THEN is when they suddenly become interested in preventing it in the future. Frequently though, they then fall back on a new false sense of security by running “security software” (antivirus, firewall, etc.) without the understanding of it enough to use it properly, nor bothering to keep it updated.

    (Some examples of this would be a person who runs a firewall and then promptly punches it so full of swiss-cheese holes as to render it entirely useless. Or someone who runs a version of Norton “security” which hasn’t been updated since the day they bought their PC nearly a decade ago. Don’t laugh. I’ve SEEN PC’s with BOTH of these problems.)

    I applaud the author of this post for taking the time to write an informative article about some of the myths and false senses of security involved in one common confusion around proper use of the root account on Linux. Better informed = More secure. Period. End of story. ;)

    Comment by Silver Knight | December 14, 2010

  4. fear not root… until the internets are enabled

    Comment by bob marley (@thatBobMarley) | January 3, 2012


Sorry, the comment form is closed at this time.

Follow

Get every new post delivered to your Inbox.

Join 146 other followers