Run As The Root User Account

For discussions about security.
Message
Author
User avatar
666philb
Posts: 3615
Joined: Sun 07 Feb 2010, 12:27
Location: wales ... by the sea

Run As The Root User Account

#1 Post by 666philb »

i thought this was quite funny ...http://www.garyshood.com/root/
Bionicpup64 built with bionic beaver packages http://murga-linux.com/puppy/viewtopic.php?t=114311
Xenialpup64, built with xenial xerus packages http://murga-linux.com/puppy/viewtopic.php?t=107331

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#2 Post by nooby »

Whoah good that you warned me that was so funny my stomach hurts laughing that much.

But this comment is alarming read this one more time:
Update: My Shout Out To dionoea At VLC

I participated in a thread on the VLC forums
http://forum.videolan.org/viewtopic.php?f=13&t=48356
where running as root was a major issue. Basically, VLC had implemented code that blocked the root account from running the video player. It was hardcoded into the program. The reason for this was because some of the developers felt that nobody should run VLC on the root account, even though it would work fine.

Us root users made our case for running VLC on whatever account we want, and some pansy named Remi Denis-Courmont kept trying to argue that we shouldn't be running as root in the first place, so we have no business demanding that VLC removes their idiotic and unnecessary root check.

Thankfully, a developer named dionoea was able to come to a compromise with us. She added a compile time option that allowed VLC to be ran under the root account. The USE FLAG "run-as-root" was introduced into Gentoo's portage so that VLC can be compiled this way. Thank you, dionoea.

If you can think of any other projects that give you a hard time about running as root, let me know. Remember, it's your computer. Don't let anyone tell you what you can and cannot do.
I mean what is going on. Hardcoded to shut root user out.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
666philb
Posts: 3615
Joined: Sun 07 Feb 2010, 12:27
Location: wales ... by the sea

#3 Post by 666philb »

Yes there are quite a few apps that have an annoying root warning, and some even more annoying apps that will refuse to run as root. Silly things like xscreensaver have a root warning, why? it's beyond belief! Other apps you have to hack them to actually get them to run. I don't know if you've tried the VLC from portablelinuxapps.org but that has been compiled to not let you run as root. Here's what it says when you run it in a terminal

Code: Select all

# ./VLC
VLC is not supposed to be run as root. Sorry.
If you need to use real-time priorities and/or privileged TCP ports
you can use ./VLC-wrapper (make sure it is Set-UID root and
cannot be run by non-trusted users first).
Imagine the uproar if it refused to run under an account with 'administrator privilege' on windows!
Bionicpup64 built with bionic beaver packages http://murga-linux.com/puppy/viewtopic.php?t=114311
Xenialpup64, built with xenial xerus packages http://murga-linux.com/puppy/viewtopic.php?t=107331

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#4 Post by nooby »

666philb I have a very naive idea. It could be a kind of insurance or damage management. In USA there is a culture of suing the company if something goes wrong so to not get sued they try to warn for anything.

So VLC and others try to curb, to stop the flood of people suing them for letting in the bad guys through some vulnerability in their product?

Cover that asses as we say over there. That would make it very logical but I totally agree that it reads like a joke. It is a kind of bad joke when one see it first time.
Last edited by nooby on Thu 21 Apr 2011, 06:32, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Eyes-Only
Posts: 1043
Joined: Thu 10 Aug 2006, 06:32
Location: La Confederation Abenaquaise

#5 Post by Eyes-Only »

Hi Philb!

That link to that article is absolutely precious! I'm glad you posted it! :D Let me tell you something: I've been using a computer now for 25 years ( going on my 26th year pretty soon come to think of it! ) and the entire time as either "Admin" or "root".

When I used Windows I only caught ONE virus - period.

In those 25+ years I've never destroyed my computer. "Accidently" I should add. LOL! A few times purposefully for the heck of it just for fun. And yes - you read that correctly. :wink: Boredom does funny things to the mind...

The biggest mistake I've EVER made whilst running as Admin/root was that I ended up deleting my Mozilla ( now SeaMonkey ) profile and hence all my email/addressbooks. And yet even THAT wasn't such a huge disaster as it sounds because I make weekly backups. The most I lost were a few new emails and updates from forums. Big deal and big whoop IMHO. ( For the record: I've never used a "recycle bin" nor "trashcan" as I've either shredded or by-passed and gone directly to delete. )

So all this hubbub over "running as root", such as is currently going on at "DW" and elsewhere? I just take it with a pinch of salt and go on. Two things, however, that I have learnt: #1 I rarely EVER tell ANYONE I run as root as I'm tired as being looked down upon as a 4th class citizen in Linux. #2? I've come to LOVE and bookmark articles like the one you've posted above!

Thank you for giving me my "Smile For The Week" my fellow Puppian Friend! :D

Now I have some Fluxbox themes to go and install if I didn't delete them... ;)

Cheers/Amicalement!

Eyes-Only
"L'Peau-Rouge d'Acadie"
*~*~*~*~*~*
Proud user of LXpup and 3-Headed Dog. 8)
*~*~*~*~*~*

seaside
Posts: 934
Joined: Thu 12 Apr 2007, 00:19

#6 Post by seaside »

One step you can take to run programs that complain about "running as root" is to change the "PROGAM.desktop" file in /usr/share/applications as follows:

Code: Select all

Exec=su -c YOUR-PROGRAM-EXEC spot 
Cheers,
s

User avatar
Luluc
Posts: 200
Joined: Wed 16 Mar 2011, 07:10

#7 Post by Luluc »

seaside wrote:One step you can take to run programs that complain about "running as root" is to change the "PROGAM.desktop" file in /usr/share/applications as follows:

Code: Select all

Exec=su -c YOUR-PROGRAM-EXEC spot 
Cheers,
s
Yes, but that does not work for me on Puppy 525. Does it work for you?

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

Run As The Root User Account

#8 Post by L18L »

seaside,
thanks for sharing your

Code: Select all

Exec=su -c YOUR-PROGRAM-EXEC spot 
Going to try it in wary

Edit: Now I see there is Browse as user "Spot"

User avatar
666philb
Posts: 3615
Joined: Sun 07 Feb 2010, 12:27
Location: wales ... by the sea

#9 Post by 666philb »

i'm pretty sure rambo didn't run as spot
Bionicpup64 built with bionic beaver packages http://murga-linux.com/puppy/viewtopic.php?t=114311
Xenialpup64, built with xenial xerus packages http://murga-linux.com/puppy/viewtopic.php?t=107331

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#10 Post by nooby »

Rambo is the one that inspired Barry to make a safe Spot to hide behind :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

Re: Run As The Root User Account

#11 Post by L18L »

L18L wrote:Going to try it in wary]
Succeeded!
was multilingual wary503q
started the code from CLI there was an error about permissions

Code: Select all

chmod +w /dev/null
made it work.

Note, starting from default browser icon you are root.
dragging defaultbrowser.desktop to the desktop and then klicking that will start defaultbrowser as user spot.

My apologies for having misused your thread. :oops:

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#12 Post by nooby »

example of what a total newbie has to learn in protected OS.

I am in Peppermint Ice now. Taste good indeed. No Spearmint at all. The Real Thing as we say.

Anyway it did not allow me to save changes to grub.cfg due to the decent rule that one should write a 40_comment or whatever name it has and then do a grub update too.

Anyway it all get overwritten when the Pepper update so what the heck.

So I got more and more angry when the su and sudo failed to allow me to get permission to save. So Google to rescue. This is a GK machine so one need to gksu leafpad and path to the file one want to edit. Now it saved. Thank Earth for her nature to just be.

But the odd thing is that despite everything looks normal the edit does not show up so maybe something odd is going on. cflf or lfcf or somethinglike that?

How can text that looks perfectly normal in the editor be invisible at boot?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
myke
Posts: 102
Joined: Tue 15 Mar 2011, 16:20
Location: Québec

Root: Historical Perspective

#13 Post by myke »

This business of "running as root is bad" is a fallacy in my opinion.

The whole idea of having different levels of access to a PC was derived from people's experience with mainframes. In the old days (the late '60s, '70s and '80s), mainframes ruled the roost. These mainframes had programs dealing with the payroll, employee personnel files, market analyses, accounting figures, scenario analyses, the nuts and bolts of a business. Very early it became clear if the mainframe failed the business could go under.

So the mainframe had different groups of users that had access to only the data and programs which they needed as part of their jobs and I/O for the programs was physically handled by computer operators based on instructions given by programmers (IBM had Job Control Language - an ugly POS). The users were physically separated from the machine. This was all done to ensure the integrity of the data and the machine.

Minicomputers were controlled in the same way.

What characterizes mainframes and minicomputers was (and is) that they were almost always multi-user systems.

Today's Linux systems are derived from that heritage. The root account is a simplification of the concept of users with high levels of privileges. However, in general, with PCs, we are dealing with single user systems. Users usually are not physically separated from their PCs. Furthermore, the data that users handle is more precious than the PC software. So security should centre on safeguarding data not safeguarding the software.

To summarize, security efforts should focus on keeping data safe, say, by doing frequent backups and we should not fall into the trap of the "running as root is bad" fallacy as what should be protected is your data and running as an ordinary user or root is irrelevant. You can always download the system again and install whatever additional pets you need. A bother but not the end of the world.
AA1 D255E-keucr slacko 5.3;luci;mijnpup; tw-os; with:Emacs,gawk,noteboxmismanager,treesheets, freeplane, libreoffice, tkoutline, Sigil, calibre, calendar. magic&Noteliner(wine), kamas (DOS)

User avatar
sickgut
Posts: 1156
Joined: Tue 23 Mar 2010, 19:11
Location: Tasmania, Australia in the mountains.
Contact:

#14 Post by sickgut »

lol

i have 2 vps's connected to the internet 24/ 7 and they both run all their apps as root.
on a commodore 64/ amiga 500/ amstrad cpc6128 whatever old microcomputer you have used, they are single user and you are effectively root when you use them. Maybe the ppl who awear you must not login as root should launch a campain to destroy such computers. Did anyone here ever accidently type in like 20 characters in the specific sequence needed to delete all the files on any of their disks using these computers?

when you use windows 95 or windows xp or whatever you are usually in a single user environment and that is fine. Its acceptable even tho you are at the exact same risk of deleting everything from your C drive as you are when you are logged in as root on a linux system.

has anyone here accidently highlighted every file on there windows OS then right clicked on them and pressed delete? have any of you accidently gone to the start menu then run then typed cmd then once in the commandline accidently entered in del *.* /s ?
Has for instance a cat walked accross your keyboard and typed in rm -rf /* ?

its fine to be a root level user on any other OS than linux the experts will have you believe.

On windows its taken as a given you can run whatever files you like and remove them and thats cool. But login as root on a Linux system and what you get is:

DUDE! DONT YOU KNOW IF YOU LOGIN AS ROOT AND YOU ACCIDENTLY TYPE RM -RF /* THEN IT WILL BREAK YOU R SYSTEM? DUDE YOU GOTTA LOG OFF AND LOGIN AS A NORMAL USER.... NOW!!!

its like the firewall issue, linux doesnt need one but everyone says you gotta run one so most people do even tho they dont need to. The linux root issue os the same, everyone says you shouldnt do it so alot of people dont do it and that is the only reason people dont login as root, because everyone says you shouldnt.

You gotta wonder what goes on in the psyche of someone who wakes up in the morning and logs into their linux system as root then freezes and then starts shaking in fear because they just *might* accidently perform the intricate and delicate and precise finger movements that are required to enter in rm -rf /* .

I run everything as root. if its worth doing its worth doing as root. when people tell me that ppl shouldnt run stuff as root, i say: "well...... im not a retard. Maybe someone with some severe mental disability or disassociative personality disorder might accidently enter in rm -rf /* but im sure a normal person would realize they where infact typing on the keyboard and maybe they should look at what they are typing. If you sleep type then maybe you shouldnt sleep next to your keyboard. If you sleep walk and sleep login as root and type rm -rf /* then you really shouldnt be living by yourself at home or even be within 10 meters of a computer and you possibly need to be looked after in a mental institution or something. im sure normal people dont usually and accidently type in rm -rf /* ".

just my 5 cents worth
sickgut

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#15 Post by cthisbear »

The root issue is the biggest BS exercise out there.

Give me the money shot...excuse the French.

///////

I should have bookmarked the page where someone here recently posted
as to why root >> existed >> from the days of IBM.

This crap will produce more division here than any other event.

And who is going to stand up and answer all the questions
when browsers and printers etc don't work.

A meaningless pathetic exercise.
I will use a similar description posted by Caneri years ago, in evicting
someone off his server.

Barry ...you have been sucker punched.

How about fixing Wireless Security instead?

Such as this...My latest April 2011 technique .

http://murga-linux.com/puppy/viewtopic.php?t=66936

No...no response...wireless needs more security.

Yet we drone on with this Root shite.

Now instead of being different to all the othe Lemming robots,
we have been assimilated.

A true case of if you whine the more...idiots hear the roar.

Chris.

User avatar
Eyes-Only
Posts: 1043
Joined: Thu 10 Aug 2006, 06:32
Location: La Confederation Abenaquaise

#16 Post by Eyes-Only »

Amen and Halleluia to the last two of you, sickgut and Chris, for very well-made statements!! I salute you each! ( Why can't we have a salute smiley? LOL! )

I'm being totally serious here. I can't remember if I posted earlier here in this thread ( hey, I've got a bad memory and I post a lot :P ) but in over 25+ years as root in both Windows, BeOS, and Linux the worse I've done is accidently delete my email directory. But that didn't matter because I make often AND frequent backups ( which I believe Sickgut said we should be teaching people to do more of, right? ) and I'd lost only a few emails - none of any import really.

And as stated above about the firewall on Linux? I have to laugh at that one! I've gone to more of these "hacker sites" ( Not just the common one of "GMR" is it? He was a top hacker who turned to work for the Feds? ) and all they get is a "ping" reply that I'm here. But able to actually HACK my ports? They have to be opened for that to happen! And these "cracks" you hear about? - bingo! - those are "opened ports". DUH!

Sorry... I shouldn't allow myself to sit here and get upset over what has become my "Biggest Pet Peeve" as one day Mrs. Eyes-Only will find me slumped over the keyboard...

Oh, and by the way: The one here who had written that truly great essay about "Running in Root" ( I believe you had mentioned that Chris? ), the person who wrote that was Nathan of "GrafPup" fame. Someone around here - ruddy toothpick if I can recall just who now of course! - has a nice link to that essay in their sigfile. Really a brilliant exposition done by Nathan who is truly numbered as one of the "Linux Greats" in my book - even if I never could get along with the gentleman ( our personalities seemed to have clashed ), I much admired the man as I did learn oodles about Linux off from him as he had extreme patience with me!

And I guess this is far more than enough of my ramblings for today! Thanks everyone for enduring this "frothing-at-the-mouth". :(

Cheers/Amicalement,

Eyes-Only
"L'Peau-Rouge d'Acadie"
*~*~*~*~*~*
Proud user of LXpup and 3-Headed Dog. 8)
*~*~*~*~*~*

SimpleWater
Posts: 94
Joined: Tue 19 Apr 2011, 11:53

#17 Post by SimpleWater »

hello, thanks for sharing

yes puppy users have full beards. I have tried ubuntu, and found it a big annoyance to type in sudo, and after sudo be prompted with a user password completion. On everything, from updates, to deleting some files, to making slight changes in configuration files. I agree with sickgut, i mean, can you accidentally type in -rf /*? or any other destructive command? Anyone who knows bash does not just "accidentally" type in some bad code. Was there ever such a case?

And did anyone else notice 01micko on the list? I think he is supposed to be one of the puppy developers, anywho, i did the same. I have not been in linux for the longest time, but on windows there was never any reason not to be an administrator. If the teletubies ran as root, i run in root.
Eyes-Only wrote:I'm being totally serious here. I can't remember if I posted earlier here in this thread
you might one to check page 1 :wink:

User avatar
Eyes-Only
Posts: 1043
Joined: Thu 10 Aug 2006, 06:32
Location: La Confederation Abenaquaise

#18 Post by Eyes-Only »

DUH!

Thanks oodles SimpleWater for pointing out my oversight! LOL!! ( Or would that be "undersight" since I missed so much? Whatever! :lol: ) And in the process you gave me several postings to read which I'd missed that were simply awesome!

Anyway, yeah... I've been so busy between emails, reading, and posting @ various topics here - unusual for me where I rarely ever venture outside of "Derivatives/Software" - that I often forget where I've posted and what I've said. lol. Oh well, as they say in English, "The mind is the first to go!"

It's true. ;)

Cheers/Amicalement,

Eyes-Only
"L'Peau-Rouge"
*~*~*~*~*~*
Proud user of LXpup and 3-Headed Dog. 8)
*~*~*~*~*~*

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#19 Post by Aitch »

If you 'accidentally' type rm rf /

You're a DORK!!

Throw your computer away, you are a waste of space, and a danger to everyone

Puppy [as root] Rules!

Eyes-Only [quote me for link] Image


Aitch :)

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#20 Post by jpeps »

I'd agree Puppy works just fine in root, and eliminates the whole sudo hassle. That said, I don't run in root and use sudo, not really for security but just because I'm used to it, and for me it adds colors...another step away from Windows that is unique to Linux. For example, running running a browser with sudo uses the config in /root, and without it uses a config in my designated home directory. There are many possibilities for those who like to fiddle with various permissions, write their own software, have other users on the machine, etc, etc. Linux provides an abundance of possibilities at the cost of some additional learning and complexity. As mentioned, some programs won't compile in /root, and common apps like cups need "nobody" to work.

BTW/ I once DID wipe out an entire partition with rm -r * accidentally. I think it was very late, and I thought I was inside a directory. It happens fairly quickly. It can also happen from within a script if something screws up. In that case, not being in root could really be a blessing.

Post Reply