What is the advantage of not running as root? [closed]

Posted by Shmuel Brill on Server Fault See other posts from Server Fault or by Shmuel Brill
Published on 2012-04-04T03:17:41Z Indexed on 2012/04/04 5:31 UTC
Read the original article Hit count: 550

Filed under:

linux

|

user-permissions

Possible Duplicate:
What's wrong with always being root?

All modern brands of Linux highly discourage (or disable) one from running as root instead of a normal user.

I do not understand why.

As a "normal" user, one could

Download a rouge program from the internet.
Run it (After all, one isn't root, what can it do).
It installs itself in .bashrc or .xinitrc
It writes a rouge "sudo" and "su" and adds . to the path
Not noticing that . is in path, one runs sudo.
The rouge program now has root password and can do anything it wants in the system.

Even if 3-6 doesn't happen, the program could still

Be part of a botnet.
Read all files in the home directory and send them back (mine for SS#, Credit Card numbers, bank account numbers, etc).
Send spam.
Run a backdoor server to allow an attacker a chance to connect to the machine to determine vulnerabilities.

It seems that the whole "permissions" thing (root/non-root) is just to prevent amateur crackers from getting into the system, so the question is:

Is there a point in avoiding running as root, and is there a way to protect oneself if one wants to run unsafe code?

© Server Fault or respective owner

Related posts about linux

apt-get install and update fail

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I've got a problem with apt-get update and apt-get install ... commands . every time update or installing fails and errors are : Get:1 http://dl.google.com stable Release.gpg [198B] Ign http://dl.google.com/linux/chrome/deb/ stable/main Translation-en_US Get:2 http://dl… >>> More
kernel module compiling error

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
sh@ubuntu:/home/ccpp/helloworld$ make gcc-4.6 -O2 -DMODULE -D_KERNEL_ -W -Wall -Wstrict-prototypes -Wmissing-prototypes -isystem /lib/modules/`uname -r`/build/include -c -o hello-1.o hello-1.c hello-1.c:4:0: warning: "MODULE" redefined [enabled by default] <command-line>:0:0: note: this is… >>> More
Build-Essentials installation failing

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am having trouble accessing the several critical header files that show to be a part of the build process. The "Ubuntu Software Center" shows "Build Essentials" as installed: Next I did the following two commands, which did not improve the problem: ~$ sudo apt-get install build-essential [sudo]… >>> More
Updating Debian kernel

as seen on Super User - Search for 'Super User'
I'm trying to update my Debian machine to 2.6.32-46 (which is the new stable). However, after doing apt-get update my apt-cache search linux-image shows me: linux-headers-2.6.32-5-486 - Header files for Linux 2.6.32-5-486 linux-headers-2.6.32-5-686-bigmem - Header files for Linux 2.6.32-5-686-bigmem linux-headers-2… >>> More
Serial connection over a single USB cable (Windows to linux, or linux to linux)

as seen on Server Fault - Search for 'Server Fault'
I'm helping out with a project for an embedded device that only has USB and no serial. This device is running Linux. These days, when we need to connect to a serial port on a device we typically use a USB to serial adapter (on something like a phone system or a load balancing device, etc). I would… >>> More

Related posts about user-permissions

Setting up Pure-FTPd with admin/user permissions for same directory

as seen on Server Fault - Search for 'Server Fault'
I need to set up 2 Pure-FTPd accounts - ftpuser and ftpadmin. Both will have access to a directory that contains 2 subdirectories - upload and downlaod. The permissions criteria needs to be as follows: ftpuser can upload to /upload but cannot view the contents (blind drop). ftpuser can download… >>> More
User Permissions: Daemon and User

as seen on Super User - Search for 'Super User'
Hello: I often run into this issue on Linux, and I'd love to know the proper way of solving it. Say I have a daemon running. In my example, I'll use LigHTTPD, a webserver. Some software, like Wordpress, enjoys having read/write access to files for updating applications via a web interface, which… >>> More
changing user permissions dynamically

as seen on Stack Overflow - Search for 'Stack Overflow'
I am designing a system on SharePoint. There is a approval list for the items. The members can approve, reject and edit the items. One from approval list has to fill the "assigned to" field in the item while approving it. The user who is added to "assigned to" field should able to edit the content… >>> More
SQL Server 2005 user permissions

as seen on Stack Overflow - Search for 'Stack Overflow'
I have created a database and some dbo.tables. Now I want to create a user that are can read and write to these tables, but not modify or drop. However I want this user to be able to create own tables and let him do what he want with these. Is this possible? Could someone explain how this can be… >>> More
Row level user permissions, help with design

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Say I am creating a forums application, I understand how to design a forum level permission system with Groups. i.e. you create a forum to group mapping, and assign users to a group to give them access to a particular forum. How can I refine the permissions to allow for row level permissions… >>> More