Got root?
After a post by Rik van Riel over at Kernel Planet, I read an interview with Linspire's Michael Robertson.. Quote:
I think, like everything, it's a question of balance. Ease of use, versus security. I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
(...)
So, I don't see the added benefit. I DO see it's an added pain in the ass when grandma tries to change her wallpaper, and it tells her "you don't have root privileges". What are you talking about, man? I'm just trying to use my computer, or change the clock, or any one of a hundred other things.
First, I really hope the example about grandma's wallpaper is just that – an example, and an extreme one at that. If Linspire really needs root for you to change the wallpaper, then something is very wrong.
That being said, here's a few things to consider:
- What's worse? Losing your data, or losing your data and having to reinstall your system? Considering your target customer, I'd say the latter.
- Not running as root makes it less easy for a viral attachment that my dad likes to doubleclick on (in a Stef Murky sort of way) to be automatically started at boot, and thus makes it less easy for my dad's computer to be part of this DDoS-attack against whitehouse.gov. The fact that non-root can't modify firewall rulesets will help in that area, too.
- There are a few 'reserved blocks' on your file system (by default, 5% of the total number of blocks), that only root can write to. The purpose of these blocks is so that in case of a full hard disk, root can still do things like move files around, run programs that need temporary files, or run fsck. By running everything as root, you break this assumption and, thus, create problems in case someone really fils his or her hard disk.
There are more issues, but these are the first ones I could come up with.
Add a comment