Myths - You will harm your system as root
First, this is not an endorsement for the use of the root account under Linux. This is to dispel the falsehoods from the scaremongers and idiots that continue to spread the Myths about using root.Unquestionably there are situations where user only access is appropriate. Public computers as well as those used by business and government employees are such cases.
Yet, these computers must function with limited access and therein is the challenge. This requires a system that is usable, yet reasonably secure from the actions of the incompetent as well as the malicious.
The Business Model:
To understand one of the main sources of the Myth, I think it is best to first understand the Linux Business model. "Follow the money" is the first step.The marketing, hype and spin surrounding Linux would have one believe that this free software is the culmination of a big warm, touchy, feely, global, multicultural community that devotes itself to helping each other. Bullshit, that is mostly an illusion.
Now that is not to say there are people from all over the world that freely make contributions to code and even freely provide software. Even I have published software under the GPL and allow it to be freely distributed. However, I did not do that to get some warm squishy feeling of community from my work. When I solve a problem or write an application to perform a task, I do it because I need it and no one else has provided it (yet). I allow it to be used by others because I am not in the software business nor do I want to expend the effort marketing and promoting my work. The probability is that I would spend far more of my money and resources promoting my work than I would get in return, the activity would be a net loss, so it just isn't worth the effort. This is reality.
Of course some companies do make money with Linux.
Red Hat is a prime example of such a business model. Unlike Microsoft who sells a license to use their proprietary software, Red Hat offers a complete Linux distribution, with source code if you want it, for free. You don't buy a license and you don't even buy the software, you can have it free. Where they make their money is selling service. If you want updates for the software, you pay a yearly fee. If you want customer support, that comes with the yearly fee as well.
For anyone that thinks putting together several thousand discreet pieces of software is an easy task, take a look at the Linux From Scratch (LSF) project. Just reading the manual gives a good understanding of how a system is compiled. Compiling a complete system is a monumental task and is only compounded by the efforts to coordinate the updates of these thousands of packages from hundreds of sources. Of course someone will notice that Kernel.org, the Gnome desktop and even Open Office are non-profit organizations that provide many of the key parts of Linux for free.
What people don't see is where the funding for these key groups comes from... If you look behind the scenes, you will learn that Red Hat provides major funding for these and other key organizations. Not from altruism, not hardly. It is from mutual benefit and practicality. Red Hat needs up to date kernels and a desktop. Without those things, Red Hat has no product to provide service for.
As a practical mater, yes Linus Torvalds wrote the Linux kernel, yes he made it freely available. However, keeping up with kernel development is a big job and Linus has to pay his bills and eat too. Hence, he ended up working for kernel.org and is paid for his work via Red Hat and other major contributors.
Linus is not a little elf that lives on nothing and writes kernel code all day for fun.
Next, it is important to know who the customers of Red Hat, Suse (Novell), Canonical (Ubuntu) etc. really are. These are almost exclusively large business and government agencies.
As I started out, these are exactly the places where access to root would be unacceptable, yet the systems must be usable from restricted user accounts and authorized administrators need full access from time to time within these user accounts. In these places, sudo has to work.
Free distributions:
On the surface, this gives no explanation for the existence of free projects Like Fedora (Red Hat), OpenSuse (Novell), Ubuntu (Canonical) etc.Why would these organizations expend effort making a completely free edition with updates available to any user? Again, it is not because they are a bunch of touchy, feely, squishy, warm hearted guys.
In return for the expense of offering these free systems, they get a vast return on investment.
This comes in the form of millions of beta testers. For any Linux distributor to test and certify their system on countless variates of hardware combinations would be a vast expense in labor and equipment. Whereas the 6 million users that installed Fedora 6 gave Red Hat a vast base of hardware to test for nearly no cost.
The cost was mostly of the bandwidth, that even then they split with universities and government agencies that provide free bandwidth for the distribution. There are costs to administering and distributing Fedora, but they are no where near the costs of doing all that testing themselves.
Of course in such a free for all environment where there are hundreds of developers providing code, spiffy new features, or whatever whim the coders have takes priority over bug fixes or the functionality requests of the corporate clients. A few releases of Fedora showed this to be the case, where many new features were introduced, yet ancient old bugs and usability issues went untouched.
Red Hat could see this was a problem and put some of their own staff to work cleaning up bugs to make Fedora ready as the base of the next Red Hat Enterprise Linux (RHEL) release.
Red Hat knows where the money comes from even if no one else does.
Sudo and Root
For the incompetent, yes they can mangle a system using the root account. However, they can mangle it equally well using sudo. Sudo (Super User DO), momentarily gives the user almost full privilege of the root account.If you have any doubt about that, read this over at the Ubuntu site:
http://ubuntuforums.org/announcement.php?f=331
A brief quote from that page:
As requested by some, for the education of our users, here are some common examples of dangerous commands that should raise a bright red flag. Again, these are extremely dangerous and should not be attempted on a computer that has any physical connection to valuable data -- many of them will even cause damage from a LiveCD environment. Again, DANGEROUS COMMANDS -- look but DO NOT RUN. Also, this is far from an exhaustive list, but should give you some clues as to what kind of things people may try to trick you into doing. Remember this can always be disguised in an obfuscated command or as a part of a long procedure, so the bottom line is take caution for yourself when something just doesn't "feel right".
These warnings are for good reason. There are many commands that can mangle the user account, and with sudo added to the command, they will mangle the system just as well. There is no cure for stupidity.
For the person that maintains their own system (the typical home desktop), the user account gives absolutely no protection from incompetence. In a business environment, the system administrator (who has the sudo password) will need to perform certain privileged tasks from time to time. This is the real purpose of SU or Sudo, to allow the real authorized system administrator to access the system and make changes to a users account or settings.
Remember who it is that is paying the bills and providing the profit for Linux?
The Myth: Yet the Myth persists from the scaremongers and ignorant that "You will harm your system with root".
(I believe the myth is also propagated by the distributors too).
Comments on the Internet abound with statements like:
You should NEVER EVER create a root login. There is a good reason why this is disabled by default. So just don't. Use sudo su instead.
But of course these people never say what problem or damage it is your are going to cause.
They leave it to your imagination that root has some special power that can magically destroy your system in ways mere mortals can not comprehend or perhaps they try to imply that the root account has the ability to burn your motherboard into a slag heap.
The truth is not that root will harm your system, incompetence will harm it as a user or as root.
Not that I recommend dispensing with a user account, but I have no user account even on my Ubuntu system.
Some of the very best examples of how to mangle a system with sudo can be found at this site:
My 10 UNIX Command Line Mistakes
Some were done as root, some with sudo. Sudo or root, either way mangles the system. The best one on the site might be this one:
Joren 06.22.09 at 9:30 am
I wanted to remove the subfolder etc from the /usr/local/matlab/ directory. So I accidentally added the ‘/’ symbol in a force of habit when going to the /etc folder and I typed from the /usr/local/matlab directory:
sudo rm /etc
instead of
sudo rm etc
Without the entire /etc folder the computer didn't work anymore (which was to be expected of course) and I ended up reinstalling my computer.
I am annoyed by having to enter sudo, sudo, sudo sudo over and over again with a password.
I am also annoyed by having to add that to almost every line of all my scripts to get them to run.
This insane repetition is well known and well complained about. Hence, sudo now has commands such as
sudo -
or
sudo -i
and that is supposed to let you work fully as root within a terminal without all the endless sudo commands and password requests.
Making a mistake with sudo is the same as making a mistake with root.
I dispense with the extra time and effort of the endless sudo commands, they give no protection whatsoever.
So, why are we all encouraged to only use the user account and not root?
Very simple, we all need to be good beta testers.
As a case in point, on Ubuntu 8.10, I always used root and never noticed any problems with Firefox not completely displaying pages. One day I let someone use my computer and gave them a user account. Hey! Something is wrong with my computer, Firefox won't load pages, what's wrong? Gee, it works ok when I log in as root...... well, of course root works because I have full access and full permissions.
The bug was something to do with Firefox not working with the restrictive permissions of the user account and that is a bug only a user would pick up on and report. I am a bad beta tester and I don't care.
Red Hat and the others need beta testers to report bugs and usability issues that their corporate and government clients will face. The distributions want the beta testers to use the systems as much like their customers as possible.
If we all used root (like I do) they would not get the bug reports they need.
Incompetent and disorganized:
The real problems for the desktop user.Although you can mangle your system with sudo, you can also mangle a system with a lightning strike (I have had a few), a power surge or just a hard drive that decides to die.
Computers can fail for reasons beyond your control.
The panic the scaremongers feed on is the thought of having to reinstall or rebuild a system.
This is because most people have no backup strategy and they are completely disorganized when they setup the system in the first place.
I won't claim to be perfect in organization or backups, but a few simple things keep me way ahead of the majority and I can have a system back up and running in about 45 minutes after being completely destroyed............
Over a short time, I would waste a hell of a lot more time typing sudo endlessly than it would take me to completely rebuild a system...
Competence and organization, it is not difficult:
Example of organizing a Ubuntu Desktop installation.
First, you should have some level of competence and be able to open a terminal and write a basic script.
These are rudimentary computer skills and there are many sources of this information.
Next, after a system is installed (it goes quickly), there are probably a number of applications that you will want to add. For example, Ubuntu does not come with Amarok the media player as a default application. However, it is available in the repositories.
Of course you can use the GUI to select packages for installation, but that leaves you no written record of what they are. Over time, you will probably add many packages and having a list of them is real handy for re-installation. (I add nearly 30 applications that use a total of 350 packages with all the dependencies)
With a script, that lists all these applications as,
apt-get install amarok
apt-get install
after you install a system, just let the script run and it will automatically install all those packages you want.
As you add other packages in the future, just keep your script up to date.
There are also numerous system settings that can be set with the GUI or the command line.
Using the command line for one off settings is cumbersome and too cryptic to remember.
I would hate to have to remember such commands as:
gconftool-2 -t bool --set /apps/nautilus/desktop/computer_icon_visible true
gconftool-2 -t bool --set /desktop/gnome/interface/menus_have_icons true
However, putting these into your script makes sense.
I don't want to remember all these little tweaks and the cryptic commands to make them happen, but they exist nicely in my setup script. A post install script with a list of my applications and settings reduces to minutes what would otherwise be hours of agony resetting.
Know you application settings:
Although you can backup your entire home directory and all the hidden files, only some of them are important.
As an example, I have a large number of gpg keys.
I could export them via the command line or GUI one at a time, but that is slow. It is equally slow to import them all into a new system one at a time.
However, having a copy of the hidden directory ~/.gnupg and the 3 files in it, I can just copy that to the new system and all my keys are installed. I do this with my fonts, FTP passwords, Open Office templates, custom dictionary and even Firefox and Thunderbird.
When I copy my settings files to a new system for these applications, everything, including web page passwords is all just the way I want it.
But you have to know what hidden folders contain the information you need to restore, and that requires a little competence on the users part.
I have a script that backs up all the important hidden folders every 15 minutes on my system. Do you have such things?
Summary
Incompetence, not root or sudo can harm your system.I can install or restore a system in 45 minutes to an hour. I just installed a new system on a laptop and it took about 45 minutes for the install and all my settings (because I have my scripts).
Should my computer die for any reason, or if I make some incompetent mistake with root or sudo (I haven't yet in 30 years), I am ready to restore a system in less than an hour.
If you can't do the same, you will have just as much grief when your computer dies as if you make an error with sudo.
Finally, to be a good beta tester for Linux, you should use the user account.
I am a bad beta tester, I have no user account at all "Long Live Root!"
