Xfce Forum

Sub domains
 

You are not logged in.

#1 2019-08-15 05:10:54

johnywhy
Member
Registered: 2011-10-09
Posts: 283

[Solved] Desktop As root?

Is it recommended to not log into xfce desktop as root?
If so, how come?

thx

Last edited by johnywhy (2019-08-21 04:45:42)


arch xfce x86_64

Offline

#2 2019-08-15 23:13:52

MountainDewManiac
Member
From: Where Mr. Bankruptcy is Prez
Registered: 2013-03-24
Posts: 1,115

Re: [Solved] Desktop As root?

There are many ways to screw up one's system... that are NOT possible to achieve unless one has root level permissions. Therefore, in order to do so, the regular user must (basically) consciously say, "Yes, I really do want to pooch it." So to speak.

Regards,
MDM


Mountain Dew Maniac

How to Ask for Help <=== Click on this link

Offline

#3 2019-08-15 23:55:51

johnywhy
Member
Registered: 2011-10-09
Posts: 283

Re: [Solved] Desktop As root?

ok, so simply logging is as root won't hurt anything.
It's simply risky due to user-error, correct?

Therefor, if an admin needs to perform a whole slew of root activities, it's just convenient to log in as root-- then they don't have to keep typing their password.

Last edited by johnywhy (2019-08-15 23:57:09)


arch xfce x86_64

Offline

#4 2019-08-17 21:17:05

Aravisian
Member
Registered: 2019-08-17
Posts: 410

Re: [Solved] Desktop As root?

johnywhy, you read MDM correctly. Yes, you can absolutely do that for that reason and the only risk is in User Error.
I have, as MDM put it, "Pooched" my system many (embarrassingly many) times this way... <Cough> including last night nearly resulting in yet another wipe and reload... Fortunately, I was able to recover that one. Though I am still picking up the pieces.
I have gotten so good at wipe-n-reload that I can do it and have everything set back up to my preferences in under ten minutes, now.
Using timeShift or Dejaup or your back up of choice, please ALWAYS make a back up copy of ~ on a cloud or thumb drive anytime you log in as root. If you are anything at all like me, you may get in a hurry, hit "delete" and realize .0045 seconds too late what you just did.
I also keep and update a text file list of the programs I install and use that I can reference after a restoration so I can go down the list and re-install programs I lost.
I am not content with just using the system, I poke, prod and peer under the rocks. I wonder, "what happens if I change this?" "What happens if I alter that?" and while that often is rewarding, it often is destructive. To the average user, they probably do not have my curiosity problem.

Offline

#5 2019-08-17 21:36:53

johnywhy
Member
Registered: 2011-10-09
Posts: 283

Re: [Solved] Desktop As root?

Seems to me that logging into desktop as root and opening terminal is no riskier than logging in as non-root, opening a terminal, and doing su or sudo. You can poke and experiment and pooch your system just the same.

Last edited by johnywhy (2019-08-17 21:38:13)


arch xfce x86_64

Offline

#6 2019-08-17 21:42:55

Aravisian
Member
Registered: 2019-08-17
Posts: 410

Re: [Solved] Desktop As root?

johnywhy wrote:

Seems to me that logging into desktop as root and opening terminal is no riskier than logging in as non-root, opening a terminal, and doing su or sudo. You can poke and experiment and pooch your system just the same.

You have a point. I think the risk factor is based on the Constant reminders. When logged in as non-root, you get Password Prompts that keep you aware. But if a person starts logging into their desktop as root, they can get forgetful and be a bit hasty.
It's probably wise to minimize doing that and stay on your toes if you do.

Offline

#7 2019-08-17 21:51:35

johnywhy
Member
Registered: 2011-10-09
Posts: 283

Re: [Solved] Desktop As root?

That's why I don't install sudo. Seems very risky to me that a non admin can perform root actions with their own non-root password!

Removing sudo causes root actions to require a root password. That's how Windows does it. I think it's safer.

Last edited by johnywhy (2019-08-17 21:52:00)


arch xfce x86_64

Offline

#8 2019-08-18 01:52:11

Aravisian
Member
Registered: 2019-08-17
Posts: 410

Re: [Solved] Desktop As root?

johnywhy wrote:

That's why I don't install sudo. Seems very risky to me that a non admin can perform root actions with their own non-root password!

Removing sudo causes root actions to require a root password. That's how Windows does it. I think it's safer.

For what my opinion is worth...
I think your points depend on how many users there are on that machine. For mine, I am pretty much the only user. Any root issues are my own as are any risks. If you have more users on one machine, the higher the risks and the more secure you must make it.
Yes, MS Windows assumes that; But I prefer Linux allowing that decision to the end user, myself.
I suspect that the average reader of threads like these are people using their own computer with their own intentions with it. As such, suggesting a general good idea or bad idea "rule" makes sense. The more users like me that mess up their O.S., the more people on forums must help us clean up our messes.
IF they choose to.
It is perfectly safe to Log In to your desktop as Root. Everything you do after may present higher risks. I have done it a couple times. I have used "sudo su" only a couple times, as well. On my own machine with no other users.
I learned to stick with entering my password every time. Occasionally, I roll my eyes when  password prompt appears... But I prefer that to the numerous times I wiped and reloaded. At least now I am used to re-installing the whole enchilada... When I first transitioned to Linux from Windows... there was a good three weeks of a dark cloud hanging over my head. Keep in mind, I am High Risk merely because I keep destructively going in LOOKING for changes to make to the O.S. to see what happens:D
Imagine if I was just a clutz.

Offline

#9 2019-08-18 14:52:07

johnywhy
Member
Registered: 2011-10-09
Posts: 283

Re: [Solved] Desktop As root?

good points! i would say that sudo is a convenience-backdoor, not an added layer of security.

Sudo is, technically, potentially a reduction in security. Without sudo, if an attacker gains the non-root user password, it won't gain them access to root. But sudo turns the non-root user password into a root-password. That's a significant attack vector.

I think your point is that sudo increases security on a psychological level, because it's a "reminder".

But imo that's at-best a slight compensation for the loss of security caused by sudo. Having a non-root user repeatedly enter their non-root password isn't a strong reminder that they're executing root actions! To the contrary, it blurs the psychological distinction between root and non-root. Sudo turns non-root users into root users.

Instead of giving them "reminders", i'd rather give them a separate root pw. Imo, that will enforce a stronger psychological distinction between root and non-root actions. Also creates a strong distinction between root and non-root accounts -- even if it's the same human doing both logins. "Hm, non-root pw, that means i'm wearing my non-root hat right now. Ok, root pw, that means i'm wearing my root hat now."

linux fans love to claim linux is more secure than windows, but i think they can't claim sudo makes linux more secure. Imo, it makes linux less secure than without sudo. In Windows, non-root users could never use their non-root password to do root actions.

cheers!

Last edited by johnywhy (2019-08-26 17:03:50)


arch xfce x86_64

Offline

#10 2019-08-26 17:16:30

johnywhy
Member
Registered: 2011-10-09
Posts: 283

Re: [Solved] Desktop As root?

if sudo can be config'd to disallow explicit sudo commands, but still be used for it's other features, that could be a solution.


arch xfce x86_64

Offline

Board footer

Powered by FluxBB