It opens up your system to exploits, such as "Trojan horses" and other
"nasty things." When you run as "root" you are running as a 'privileged
user" and thus, I guess, Linus (author of Linux) felt that you should know
what you're doing. There are some files, etc which can ONLY be written to by
"root" and while a user may LOOK at the files, they can't EDIT them. For
example, the file which controls which services will be available (sorry, I
forget what it's called) is NOT user-writeable, however it IS root-writeable
(otherwise, you'd never be able to modify it <G>) If you are running as a
standard user, even if someone managed to "hack" your account, there's not a
heck of a lot that they could do to the system. However, if they get the
root password, or can give you a hostile app and convince you to run it,
they could throw your system wide open.
A friend of mine did this one time -- he visited a website as "root" and a
hostile applet "cracked" his system and he was forced to reinstall Linux to
get rid of it. Basically, I have no experience doing things on-line as
"root," I have learned from the experience of others and let OTHERS bear the
pain of discovering why you should only log in as "root" to do "Admin"
stuff.
Now, I log in as "root" and as "john" every day at work. However, I don't do
anything in the "root" account for the most part. That login is there
basically so that if something happens, I can shut down the system cleanly
or shut X if it locks up (which it has on occasion.) Having an open "root"
login isn't necessarily a dangerous thing, if your computer is physically
secure from tampering. However, my advice would be that you shouldn't have
an active "root" login if your computer is physically accessible by
unauthorized personnel.
John
PS...this is a good question, so I'm forwarding this conversation BACK to
Linux-Newbie (don't recall if that's where I originally posted that message,
but it's a good place to put it <G>)
----- Original Message -----
From: Richard Salts <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 03, 1999 7:05 PM
Subject: Why root is dangerous
> John,
>
> In a post about KDE, I read that you consider the user doing things in
> Linux as 'root' to be dangerous to the system.
>
> Could you please explain why this is so?
>
> Thanks,
>
>
> Richard
>
