Logging in as root [duplicate]

Solution 1:

Your precautions have mitigated a large percentage of the threats that feast on low hanging fruit. I commend you for that.

Two Three broad categories of threats remain:

1. You.

You are your own worst enemy. I am mine. Running everything as root means that you are always one swift keystroke away from doom and lamentation. Even if you know your apps, there are always bugs and squirrely things waiting to be found that you didn't know about. If they are found with root, then weep and howl for your miseries which are coming upon you.

2. Others.

Even if you've mitigated the large percentage of threats that exist in the wild, there are always vulnerabilities that you hadn't thought of or didn't know about. Sure your firewall, VPN and etc. and etc. are safe, but really... maybe your switches aren't or your update server or your... you get the idea. If things are nicely segregated, then you can sleep that little bit better at night knowing that even if there's something that you didn't know about (and there is) at least you've put a few more hurdles in the path to total destruction.

3. Resource Depletion

Running a process as root means it has unfettered access to your server's resources and has the potential to bring it to its knees. Whether that's through a memory leak, maxxing out inodes or a few other possibilities - it's all bad and can more easily be mitigated by running it as a non-root user.