Apple - Is it 'OK' to use the root user as a normal user?

Using your computer logged in as root all the time is like always carrying around all your keys, your passport, $5,000 in cash, that piece of paper with all your passwords written on it and the only photo you have of Flopsy, the adorable rabbit whose death broke your seven-year-old heart. Oh, and a chainsaw.

Which is to say, it's mighty convenient from time to time, because it means you can do whatever you want, whenever you want, without needing to go back home to get stuff or talk to your bank manager. But it also puts you at great risk of losing stuff, having it stolen (don't think that chainsaw will help you: you'll be streets away before you notice your wallet's gone), doing things you really regret later (impulse-buying plane tickets to Vegas while drunk), taking dangerous shortcuts (chainsawing through the lion enclosure fence because that's the fastest way to the pandas) and over-reacting (chainsawing your neighbour's car because his dog barks too much). And, when you think about it, mostly, you're just going to the office, going grocery shopping, hanging out with your friends. You don't need all that stuff with you all the time just for the convenience of needing it, what?, once a month? Once a week?

So, no, it's not OK to use the root account all the time. It gives you a tiny amount of convenience but puts you in a lot of danger. There's the danger of stupid mistakes having catastrophic results ("Hey, why is rm -rf * taking so long to run? **** I'm in /!"). There's the danger of acclimating yourself to the idea that all files are equal and you can just mess about with whatever you want, anywhere in the directory tree. There's the danger that any hack to your account is immediately a hack to the whole system, so now every single piece of software on your machine is security-critical. And even if you think you don't care about your machine getting hacked (after all, that photo of Flopsy is a real piece of glossy paper, not some ephemeral JPEG), I care about your machine getting hacked because then it's on the botnet that's mounting the DDOS attack against whatever internet service I can't access today.

Root is your spiderman costume. It gives you great power but requires great responsibility. It's there in the closet whenever you need it, so you don't have to wear it all the time.


You can, but it's a major security and stability risk. Doing so allows any application full access to your computer. You can't know what they're doing with that access. It's unnecessary, and just really unsafe.

For a lot more background information on this, see

  • Why is it bad to login as root
  • Why not run always logged in as root
  • Why it is not recommend to use root login in linux

Honestly, I agree that there are a lot of risks associated with using the root user as default. But let me just run through them and criticize some of the arguments a bit

  • Defending against applications: Practically the permission system of *nix is not strong enough (by far) to allow running arbitrary programs. A malicious program on *nix is able to do enough evil stuff (like stealing your bank credentials) without root permissions. It will be somewhat harder for a non-root application than for a root application (e.g. instead of directly installing a root-certificate and intercepting the connection to the bank you will need to mess around with the browser instead, but hey, that's actually quite doable and you likely had to do that anyways to make sure the user doesn't notice anything)
  • Defending against user mistakes (like running a wrong command and deleting all system files): Absolutely true, but even though a non-root user will save the system, all the important files will normally be lost already (as the user owned files are far more likely to be unique).
  • Defending against exploitable bugs in applications you run: Now this is more like it. E.g. when you run a web server where a lot of applications are open to the outside and thus any exploitable bugs will be easily reached. The same still applies of course even if you are sitting behind a router and firewall, though the extent of the danger is far less significant. Once again however the question becomes how much the permission system will realistically defend on a private system. Without root permissions all private files can still be accessed and intercepting network data is also possible... the two most important things you can wish for as an attacker of a private system.
    • (Now, on top of the standard *nix file permission system Apple has also introduced an application sandboxing system. As far as I know that one is still fully functional even when logged in as root. If however it weren't then that would be a total deal breaker.)

Either way, all considered I do not think it's as terrible an idea as some others claim. Mind you, I am not saying it's a good idea either, but I think that people overestimate the usefulness of the *nix file system permission model in protecting you. Yes, it's incredibly useful for certain things (e.g. multi user systems, complex multi-application servers, keeping the system running no matter what happens (running, but not necessary usable), locking important files away (though you're better off encrypting those...), etc.), but it's not some magical protection that prevents bad stuff from happening.

In the comments I came up with an analogy which seems quite adequate in describing the situation. In Dutch we have a word for the little closet where you can find all the meters and the toggle for the main water supply, etc. Running as the root user account is like taking the lock off that little closet. Ironic fact: Most people don't have locks on it in the first place. Now, just like with the root user that's not to say that it's not useful to lock it away in certain cases, for example in offices or other semi-public buildings it's often locked away, but in normal houses it's far more important to have a strong lock on the front door (not installing random things, firewall, etc.) and putting all your important stuff in a safe (making backups, encrypting stuff, etc.). Will an extra lock on that closet hurt? Nope, so it might be a good idea to have it in place just in case, but in all likelihood it's going to be quite useless.

Running as the root user is nothing like taking all the locks of your house and carrying all the stuff in the safe with you all the time as is claimed by David Richerby. Your passport (identity) is in no way protected by the *nix file system, your money (bank account) is in no way protected by the *nix file system, your important passwords are likely not protected by the *nix file system (if you're using Safari however they might actually protected partially by the *nix file system permission model, but without root you can still add an invisible extension to Safari and next just intercept the password the next time you use it), your photos are definitely not protected by the *nix file system and if you're using the terminal you're already carrying a chainsaw around with you (per point 2 above).

Tags:

Macos

Root

User Account

Related

Apple - Is there a way or a tweak to make Siri execute shell commands Apple - How do I delete photos just from my iPhone not my iCloud Photo Library Apple - How To Make files in `/usr/local` Writable For Homebrew? Apple - How can I setup my mac (OS X Yosemite) as an internet gateway Apple - Why does preview change the ctime of a pdf, and how can I disable it? Apple - Is it possible to change opacity of an application window? Apple - How to find the currently connected network service from the command line? Apple - Can not copy and paste within Chrome from time to time Apple - Safari keeps deleting items from my reading list Apple - Is there a free VMWare Player for Mac? Apple - Why iOS settings and iTunes report the storage usage differently? Apple - Standard (ISO 8601) week number in Calendar.app?

Recent Posts