Many people have heard and seem not to argue with the word that “you shouldn’t login as root”. Many just fall in line and behave. But some have questions about this Linux world starndard. These questions, I realised, will help a newbie internalise the whole concept – before they have to internalise it through experience. Here is a list of questions and their reponses on the subject matter:
Q) Why should I not login as root?
A) There are three main reasons why. First, it protects your system from serious damage in case you run a wrong command as root. If you run a command such as rm -rf /, shortly after you’ll be installing the OS a new and all your data will vanish. Second, if an application you are running has a bug or is an ‘evil’ script somehow placed into your system, you will suffer more if you run it as root compared to if you run it as a sudoer. Finally, using an alternative username makes brute force attacks much harder against your system as attacker will have to figure out both the username and password for login.
Q) If I use sudo, I can still make mistakes and damage the system. Sudo doesn’t prevent me from making mistakes does it? Why go through the hassle of sudoing commands every now and then?
A) Using sudo to elevate privileges when necessary is a security model that has been adopted as it works. Administrative tasks can be run with elevated privileges on an as-needed basis without as much worry about vulnerabilities as discussed in reason 2 above. It can also be a bit of a safety net for moments of carelessness.
Q) What if I prevent the root user from logging in using a password, and instead, I use SSH keys, doesn’t that protect me from brute force attacks?
A)For the SSH key login, you are much safer against brute force attack. But still, this won’t protect your computer from yourself or form evil scripts.
Q) I use Fail2Ban to protect myself from brute force attacks. Why can’t I go ahead and use root to login?
A) Again, like the third question above, this helps secure your computer against brute force, but won’t protect it from yourself or the malicious scripts.
Q) I backup my system every half a day. If I make a misake, I’ll restore backup. Why not enjoy the power of root?
Of course backups are critical for any system. But exposing your system to vulnerabilities because you can restore backups means your priority for uptime is not that high. In that case, you choose to compromise uptime in favour of root access.