I think it's no secret that I'm against primarily running as root. I outlined this in my recent post, "Toying with Linspire". Jon left a
comment on that. Most of all, he agreed with me, but disagreed about running as root. I started writing a reply, but it got long and I decided that it really deserved it's own post, so here it goes.
Before I start here, let me fully
quote Michael Robertson (former CEO of Linspire) from the same question I did before (I cut off the beginning last time).
Jo: On the security front, I noticed during the presentation that you were running everything as root. Is that really a wise idea, to train users to run everything as the one user who can mess everything up whenever they feel like it? Should you not try to teach them one basic UNIX security idea, that you really don't want to run things as root?
Michael: I think, like everything, it's a question of balance. Ease of use, versus security. I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
Michael: Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit. I DO see it's an added pain in the ass when grandma tries to change her wallpaper, and it tells her "you don't have root privileges". What are you talking about, man? I'm just trying to use my computer, or change the clock, or any one of a hundred other things. So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out where a machine that's run with the root user could be compromised. It couldn't be.
Michael: I know the hardcore geeks feel differently, that's fine. When somebody installs Linspire, we say "do you want to set up users, yes or no", we give them the choice, right there when they start up for the first time. If they want to set up multiple users, they're welcome to do that, but we don't force them to. That's the difference we have.
I can think of a few good scenarios where it is a good idea to not run as root.
Take the typical Linspire scenario - you want a cheap computer. Unless you want to buy more than one or already have a computer, chances are this will be a family computer. Having separate user accounts just makes sense, because you will almost always have different needs than Billy, who spends most of his computer time playing TuxPaint and various games. You don't want him getting in and messing with work documents or anything else you may have in your account.
I definitely see Michael's point, but he's missing one critical factor: frustration. If you're running as root and a virus comes by and deletes everything on your hard drive, there's enough frustration that you've just lost all of your data. On top of that, you now have to go back and install the whole operating system over again. Then, you have to install all your programs again. This is a problem that can be completely avoided simply by running as a regular user. If you were running as a regular user, your files would still be gone, but it would only take a couple minutes before you'd be using it again. On top of that, all your programs and libraries are still there. If you're a good user and create backups regularly, it would only be another few minutes before you would be editing your documents and surfing with your bookmarks.
And there's another factor he's missing too: other people's frustration. It is very typical for more than one user to share a PC. If everyone uses the same root account, all of their data would be gone too from the same scenario described above. If everyone who used the computer had separate accounts, the virus would be isolated to the user that ran it. It would not affect anyone else.
Michael does make a good point, though: running as root does make certain tasks easier. Setting the clock, for instance, is one common thing that requires root permission. But he is overlooking a great tool which I, being an Ubuntu user, have come to love: sudo. Sudo can be used with multiple users so that it doesn't require a different password to do root tasks. It also will not ask you for a password more than once within a certain amount of time. On top of that, it can also be configured to run without a password. This isn't as secure, but at least it's controlled this way (and it's probably possible to disallow executions of certain commands, like 'rm -rf /').
I really hope Linspire does something about this. Teaching users that they should run as root is unacceptable. At least, during installation (not the initial setup) they should ask you if you want to create normal user accounts and explain that it is more secure to run as a normal user.
And then they should work on improving their boot speed. That's just pathetic.
I just got invited to try the private beta of Newsvine, and so far I like it. I think of it as digg and del.icio.us meets blogger. There's a lot to it, but it consists of a few different parts: news from traditional sources like the AP, CNN, etc, viewer submitted stories (called seeds), and user contributed stories (called a colums, but really are blogs). They use tags to organize things, and have direct links to the main tags.
