• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Is There Any Real Benefit To Running As Root?

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
lxskllr said:
I don't understand this. Whether my user account(with full rights)/password gets broken, or my root account/password gets broken, isn't the whole system pwned?
Click to expand...

Another advantage of not having a root login is that most of the bots that attempt to brute force nix boxes try to use the the root username. Since root cannot log in those threats are thwarted. Attackers would need to get the username before attempting to brute force. On the other hand, the distros I have tried employ your accounts' pam password to elevate with sudo instead of having a different password for sudo than your login. Detractors of the sudo method claim that it is more difficult to crack the root account than a sudo enabled user.
 
MrColin said:
Another advantage of not having a root login is that most of the bots that attempt to brute force nix boxes try to use the the root username. Since root cannot log in those threats are thwarted. Attackers would need to get the username before attempting to brute force. On the other hand, the distros I have tried employ your accounts' pam password to elevate with sudo instead of having a different password for sudo than your login. Detractors of the sudo method claim that it is more difficult to crack the root account than a sudo enabled user.
Click to expand...

But root logins via ssh are disabled by default so you have to take 2 steps in order to make yourself vulnerable to a remote root login brute force. Sudo is more about giving users the ability to run a limited set of commands as root, and to log those commands, without giving them the root password than protecting you from outside threats.
 
MrColin said:
Another advantage of not having a root login is that most of the bots that attempt to brute force nix boxes try to use the the root username. Since root cannot log in those threats are thwarted. Attackers would need to get the username before attempting to brute force. On the other hand, the distros I have tried employ your accounts' pam password to elevate with sudo instead of having a different password for sudo than your login. Detractors of the sudo method claim that it is more difficult to crack the root account than a sudo enabled user.
Click to expand...

You can make it so that root cannot log in via the console or ssh, then enable the wheel group so that only certain users can su to root. Quick tip though, make sure that you add yourself to the wheel group BEFORE you enable the wheel group, haha.
 
What it comes down to is this...when you view the file system and look at who 'owns' the files, root will own most of the system-level files.

What sudo does is allow you to run select programs as root, but doesn't require you to login with root credentials. It allows an administrative user to give a regular user elevated privilages. Typically it's a script by script or application by application basis. If the user doesn't OWN the files, they can't do anything but execute a script or start an application. Without using sudo, all the user needs is rwx rights to the right files and they can do anything they want to the system within their bubble. This is why it's important to scan your file system because many admins will get lazy and throw "chmod 777 filename" out there rather than 755 or something safer.

Being logged in as root is only risky if you do something stupid like type "rm -rf /" at the console or whatever else to hose the system. From a security standpoint, most files on the system have to be modified by root...which does make the system secure. You just have to lock down services that root would normally have access to by default. For example, go to your ssh configuration and turn the PermitRootLogins to "No"....so people trying to login as root to ssh will be denied.

Use iptables to secure the system and only permit port 22 to the specific clients that need to login. Block all unused ports and log everything else.
 
Scarpozzi said:
Use iptables to secure the system and only permit port 22 to the specific clients that need to login. Block all unused ports and log everything else.
Click to expand...

Yeah, you're pretty much right about what you said. Logging in as root and using your system as root is not risky if you take the right precautions and do not execute bad commands or questionable scripts. Merely logging in as root doesn't make you more "hackable" either...but to your statement above, just move SSH to a random port altogether....you have 65K ports to choose from. 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top