The concept of the "root" user on Unix systems is this: even people who have full ownership of the computer usually only occasionally need administrative privileges, so they have accounts that don't actually have permission to do those things. Instead, they can temporarily assume the powers of the "root" (administrator) user using the su (switch user or super user, an alternate name for root) command (or the more sophisticated sudo (superuser do), which might not be preinstalled). This is equivalent to the "ALLoW tHiS PrOGrAm To MaKE ChANgEs To YoUr CoMpUtER?!?" popup you get on Windows (I always hated that because everything you do on a computer is making changes to it), except that you usually have to enter your password to confirm, and that if you run a program without root privileges it'll fail instead of asking for your password (because it's su that actually asks for your password).

There are two main argued benefits on single-user systems:

  1. Running untrusted software. If you ever need to run a program you don't trust, running it under an account that has full access to the system is kind of asking for trouble. If you run it as a normal user account, it won't be able to do anything that could harm the system without you entering your password.

  2. The prevention of damaging mistakes - most commands that could royally mess up your system won't ask for confirmation if you're root, they'll just go right on ahead. Making you manually switch to root before doing this stops you from accidentally using administrator commands.

But honestly, I don't think this is worth it. Having every command you type that requires root privileges fail until you remember you have to become root first is such a hassle (at least given the amount of tinkering I do) and the mistake protection it offers isn't very significant, since it can only protect you in cases where you didn't mean to do anything that required root. That is, it doesn't stop you from deleting all of your work (which would be owned by your normal account) in a single command or from any situation where you knew you were doing something administrative and just didn't realize it wasn't what you thought (since then you'd already be doing it as root). So I actually log in as root regularly and use it as my main account. I can't remember ever needing to run untrusted software on Unix, but if I ever do it's trivial to switch to an unprivileged account.

Annoyingly, some programs don't allow running them as root. They fail with a message telling you you don't need to run it as root and so you aren't allowed to. Usually they accept a flag or something to make them accept it but sometimes not. It's really annoying that software developers think I need to be forcefully prevented from using my system how I want, like I'm too stupid to understand what I'm doing. And no I've never once made a disastrous mistake as a result of being root in all my years of Unix.



Comments

You don't need an account or anything to post. Accounts are only for email notifications on replies. Markdown formatting is supported.