Jason Adams's picture

Greetings!

I'm just curious why TKL opted to forgo the route of users and user permissions and do everything from the root superuser?

I ask because I'm an aspiring Linux user and when I talk about TKL in Linux channels I get severely repremanded when the exprienced users realize I'm working from the root user. I tend to tell them I don't know enough to debate the matter. It does make sense, but I mean to give TKL the benefit of the doubt. Someone mind helping me understand?

Thanks!

Forum: 
Tags: 
Jeremy Davis's picture

I recall this coming up ages ago (when I was still very new to Linux too) and one of the TKL core devs (I think it was Liraz) put a pretty good argument across (it totally convinced me anyway) and perhaps if you search you may be able to find it. I probably can't recreate it with the clarity and elegance that was done then, but I can say that the core devs are certainly not Linux slouches and take security seriously (they both have history of working within military IT security).

From my understanding/perspective, the general rule on using limited user accounts definately applies to a desktop system (or any system where you often have users logged into the system - at the commandline). But on a server system where all the processes are running in non privelidged accounts anyway and user commnadline logins only occur for maintenance and setup the hardline 'don't log in as root' reasoning breaks down somewhat.

Perhaps a good way to start is to explore the reasons why you would run as a 'sudo user' rather than root. The reasons as I understand them are:

  1. Reduce chances of accidentally breaking things - by requiring you to type your password for any potentially destructive commands allows you to stop and think "do I really want to do this?", "do I know what I am doing?", "do I understand the consequences?"
  2. If you leave your computer unattended and logged in that no one else can come along and perform destructive commands without your authority.
  3. Someone trying to hack your system needs to work out your username as well as your password. With a system with the root account enabled they only have to work out your password. A case of security by obscurity...
  4. Can't think of any others, although perhaps there are...

So let's look at these:

  1. Reality is that a user that can run sudo can do just as much damage to a system as the root user (sudo in essence allows the user to run as root once they have put in their password). On a system where you are only logging in to perform maintenance and/or setup, most if not all things you will do will require root/sudo access. So this advantage is much less relevant and just becomes extra typing everytime you want to do stuff... (Just means you need to put in your password twice).
  2. As a general rule you wouldn't be wanting to leave a logged in terminal open anyway. In my personal practice I never locally log in anyway (always login via SSH session which automatically ends when you close it).
  3. Whilst you could argue that this adds an extra layer of security, securtiy by obscurity is no real security at all. And in this day and age of the ability to easily and cheaply aquire use of 'super' computers (and/or many multiple computers - think AWS) with the complexity limitations on usernames (must start with a letter and generally can't include special characters) if someone is committed to breaking into your server then it doesn't significantly raise the bar...
  4. ....

And a final thought is that if you are really serious about security then ideally you should set a highly complex string as your password and instead use a key pair to login. With consideration to point 3 above this significantly raises the bar to brute force attack to a point that IMO the 'extra' security gained by not using the root account becomes inconsequential.

Bottom line is that if you are concerned about it, then you can easily install sudo and create a limited user account and disable root access. That's the beauty of Linux! :)

Jason Adams's picture

While I couldn't find the post your referring to, your recollection of it makese sense enough.

It's interesting, as I get further into Linux and talk to different people, there's less sentiment over how well something works, and more debate over how securely it works. I'll be asking how to do something, but the experienced user seems more keen on making sure my server is in an underground bunker; functional questions seem to annoy a lot of them.

Honestly, and especially to you, JedMeister, I've appreciated TKL considerably because it's probably the most humble Linux community I've come across. Most other places the users seem aghast I wasn't born with a predisposed knowledge of Linux. Astonishing, I know. ;)

Thanks for explaining!

Jeremy Davis's picture

But I did find another post of mine from a few years ago also mentioning it, but I couldn't find it then either... - perhaps I imagined it all! :)

Yeah personally I tend to be a pragmatist. I think security is important, but let's be honest; if you want a totally secure server then you need to make it totally physically secure (encased in concrete in an underground bunker!?) and not have any network connections at all. Secure? You bet! Useful? No not really! Obviously that's taking it to the extreme but there are always tradeoffs in life.

Anway, thanks for the positive feedback. I guess where I come from was that I too was a Linux newb and really struggled the first few times I 'had a go' at Linux. Early on I found most Linux info had an assumed baseline of knowledge that I just couldn't quite crack. By the time I wandered across TKL I was having my 3rd or 4th go at Linux and had found some success with Ubuntu and developed some baseline Linux knowledge (mostly from the Ubuntu community). So I felt right at home here and over the years of playing with stuff (and breaking plenty...) and helping others solve their problems I have learned quite a bit...

Anyway, enjoy! :)

Add new comment