Fear Not Root

Back in the day, we all had root. When you used a DOS or Apple machine, there was just one user – YOU. You learned to be careful. As multi-user systems like Linux arrived on the desktop, this changed.

Linux users are constantly bombarded with the advice “don’t run anything as root!” “Don’t work as root!” “Run things as a user whenever possible!” One OS (Ubuntu) has gone so far as to disable the root user by default. Too many people were getting into trouble with root, they felt.

To a degree, warnings about using root powers are apt. But I also notice that a myth has grown around root, and a phobia around using it, to the point where people are afraid of their own systems. “Let the devs take care of this, I’m just a user.” But that is not the philosophy of Linux, and not the fun of personal computers. Your PC is YOUR domain, so master that domain.

For admins who maintain truly multi-user systems, with dozens or more users whom they don’t know personally, root is indeed to be guarded. But for the average Linux user who maintains a home system, just how risky and powerful is root compared to a normal user? Let’s dispel some myths.

The fact is, unless you have taken extraordinary measures, most of the data on your PC is probably read-write accessible by you as a normal user. If it wasn’t, you wouldn’t be able to save and delete your files! This means that for most of your data, it doesn’t matter if you are root or a user – it’s just as vulnerable. Ironically, this probably is the most valuable data on your PC – your documents, and other personal files. As for the system files that are write-protected by the root mechanism, they are the least valuable, in that they can simply be downloaded and installed again. It might be a pain, but there’s no real risk of loss.

As far as the network is concerned, unless you have taken extreme measures to change the defaults, a normal user can access most of it. They can send and receive data to arbitrary servers on arbitrary ports, just like root. Combined with the normal user’s access to all of the files on your PC, this means that all the data is vulnerable to being spied upon and uploaded off-site from a user level.

Then we have a normal user’s ability to execute arbitrary code. You can run any program you like on your computer as a user. It doesn’t need to be installed as root. It simply needs to be composed or downloaded and executed. This means any virus with your privileges can do the same. The root mechanism does not stop viruses from running as a user, they merely stop viruses from being root-owned and modifying root-protected files. As an admin of a large multi-user system, you might care about this. You don’t want a virus in a user account to spread throughout your system. But as a PC user it doesn’t much matter. Either way the virus is running on your system, with full read-access to almost all your files, read-write access to all your personal files, and full access to the network.

Let’s make a little table comparing what root and normal users can and can’t do on a PC.

Ability	root	user
Read system and personal files	√	√
Modify system files	√
Modify personal files	√	√
Modify/delete other user’s files	√	some
Modify user system settings (/home)	√	√
Exchange data on the Internet	√	√
Install/remove programs	√
Run installed programs	√	√
Run un-installed, arbitrary programs	√	√
Set programs to quietly auto-run at login	√	√
Interfere with programs run by the user	√	√
Physical access to the machine	√	√

IOW, root offers limited protection at best. Now, you might say, “Well, at least only root can mess up my system and programs.” Guess again. Any program or virus running with your user privileges can delete and modify all the files in your home folder, which includes all the settings, configurations, and data for all the software you use. Such an attack would render your computer unusable as you know it – you would have to start from scratch. Sure, the programs themselves would be safe. Yet once again that is the least valuable data – programs can simply be reinstalled, while all your home folder settings and data are a product of your own work. For an admin of a large system, this is good, because only one user’s home folder and data gets wiped out. For a user of a PC, you are that one user, so it doesn’t help much!

Root is a valuable security mechanism to an extent. It is one tool you can use to improve the security and stability of your system. But it is important to see through the myth that root protects all. It does not. It can’t even be said that it protects the most valuable data, at least in a PC environment.

Further, because of the fear people have of using root, they often do things as user which would be safer to do as root. For example, you might download and use a script as user, thinking that is safer. Yet now you have a user-owned script on your system which can be modified by any program or virus without your knowledge. You’d be far better saving the script as root, in a root-owned folder, then running it as user. In this way you are using root to protect you rather than fool you.

Worse, many user-owned and run scripts will make sudo calls to perform root actions. You enter your root password as the script runs so it can perform these limited root actions. Yet how do you know the code hasn’t been modified, and is doing something else as root? This is the perfect setup for a trojan to steal your root password. Then it really will have full access. This is an example of how fear of doing things as root is creating less security, not more. People are increasingly using sudo in scripts instead of making the scripts run as root, which opens up a variety of security issues. IMO, if most of what a script does is system-level, it should be designed to be run only as root. You are then more likely to take suitable precautions. In any case, anything you plan to run on your system should be saved as root in a root-owned folder to protect it from tampering.

There are many advisories warning you about running things as root. But the fact is, for most of your data security and privacy, you should be equally cautious about ANYTHING you run on your system. This includes commercial and ‘official’ software, many examples of which spy on your computer and network use (Adobe Flash leaps to mind). Notice that they do this running as a user, not root. What does it matter that their programs are installed as root? They could just as easily not be installed and simply run (and sometimes are). This area of Mozilla plugins and similar things running as user are a far better place to focus your security concerns. The root issue is minor in comparison.

Be conscientious about everything you use on your computer, knowing that it has access to most of your data and can do most anything you can do. Don’t imagine that running something as user is affording you grand protections. It’s not. It’s merely affording the system files some protection – the very files which are easily replacable and contain little or no personal information.

In addition to being a careful user of software, rely on good quality, up-to-date backups, which are periodically archived onto DVD-R or external HD. Backup your system, which makes recovering from malicious or accidental system breakage a snap, and backup your personal data, including your home folder.

With that done, you will feel much more at ease about using your powers of root. Linux was designed to open up the PC as a creative tool. Don’t fall into the trap of being just a ‘user’. Modify and experiment with your system. Sure, you’ll break things now and then. But that’s how you learn, and with a good backup and recovery plan it’s no big deal. Get comfortable working as root, writing scripts and modding your system, and feel the power at your fingertips.

January 16, 2010 - Posted by IgnorantGuru | Tips