Working as Root

Review Chapter 1, The Basics of System Administration, the section titled “Working on the System as Root,” pp. 14 ff., in Linux System Administration

The Implications of Working As Root

It’s fun to work as root on a Unix system. You have access to everything, including every command, directory, and function, as well as every users documents.

It’s also a disaster to work as root, as you’ll discover the first time you nuke a production server with a mistyped command. For example, if you issue this command as a regular user:

dmesg > /etc/passwd

You’ll get slapped on the wrist. If you issue it as root, it’s time to start rebuilding your system. (Don’t try this, even as an experiment.)

Among the things you should consider as a system administrator are, Who can su to root? Who can use sudo? From what terminals can root log in? And can root log in remotely?

Remote Root

In every Linux and Unix system I’ve ever seen, the default settings deny root remote access. This is exactly as it should be. If you change this setting, you have been warned. That’s it.

Further, if you try to log in remotely to a system as root, your action will be logged, your IP address will be logged, and someone scary is likely to show up at your door. (Don’t ask me how I know this.)

Which Terminals

Even if your system boots to a GUI (runlevel 5), you are always logged in to a terminal. By default, you have 12 tty terminals available. This doesn’t mean only 12 users can log in; in fact it means every user has many terminals available. Use

CTRL > ALT > F[1-12]

to switch terminals, ranging from tty0 through tty6 on some systems, or tty11 on others. (There are also multiple vc terminals available.)

The file /etc/securetty contains the list of terminals from which root can log in. By default, root can log in to any of these – but not remotely.

If you want to live dangerously, add an entry for pts/[0-11] (or ttyp[0-11] on older systems), and root can log in remotely. Don’t do this.