Why is there no option to login as root?

security root

Why does Ubuntu not allow the GUI users to login as root at the time of system start up like administrator in Windows?

Why they are restricting us to login only through the terminal?


Solution 1:

Because it is not recommended doing so unless you know exactly what you are doing. Root is a superuser, meaning it can do anything and everything - it is only meant for administrative tasks. Day-for-day tasks can bear a security risk that WILL be exploited if EVERYONE (or a large proportion of users) used root. Think Windows - 99% of malware and virus problems are from people using admin accounts for everyday tasks.

Let's look at an example:

What if someone breaks into your system and tells it to erase your disks? If you are running as a normal user, the only files you would (should) be able to remove are those that belong to you, and not anyone else. If, say, you had other people using the computer, their files will not be touched at all, no matter how hard you try. That means you will not be able to change any system files, and therefore your system will remain rock-solid and unaffected/uninfected.

If you run as root, however, you can wipe the hard drive entirely, probably do some damage to the hardware itself, and generally render the system unusable. Correction: anyone who can get to run a single command as root on your computer (some malicious website or an email attachment) can do that.

Take a look this nice article that might explain it better than I did.

Here's another one.

You can always use sudo command or gksu command to run the command as the superuser, both of those work with graphical and command-line utilities. sudo is usually used for CLI, though, and gksu is the graphical password promt that does the same thing.

To an extent, they let you become root temporarily - much, much better than running as root constantly and risking instability.

Solution 2:

In standard Ubuntu, root logins are not allowed, neither from the GDM (graphical) login manager, nor from the text console (i.e., the one you get if press Ctrl+Alt+F1).

In order to perform root (i.e., administrator) operations you have to use the sudo command in a terminal, or any GUI equivalent of it: these will ask you for your password and then perform the requested privileged operation (and only that one).

The reason for this behavior is, as others have pointed out, that performing root operations is inherently risky and the number of operations really requiring root privileges is comparatively small: by using this sudo approach you are running most of the time with a unprivileged account (i.e., harmless to the system and other users) and just get the root powers when it's really needed.

An example might help clarify. Assume you want to install a new service (daemon) on your machine; this is relatively new and you need to read about it and how to configure it to your needs. You will end up browsing the web a lot to find information, example configs, etc., maybe have some IRC chat to ask for more info -- none of this requires root powers! In the end, you only need privileged access for two operations:

  1. install the new program (i.e., sudo apt-get install ...), and
  2. edit the default configuration

A commonly accepted principle in computer security is always use the least possible privilege level to perform an operation. -- this reduces the risk that something bad happens because of bugs in the software or errors from the operator.

The Ubuntu default setup goes in this direction; if you were using a root login, instead, you would have ended up surfing the internet, doing IRC (and possibly all the other stuff that one does concurrently) from the root account, thus needlessly exposing the system to a threat.

Update: For your compiler example, I would proceed this way:

  1. Login to the node via SSH as your regular user, and from another Ubuntu or GNU/Linux node where you have a graphical X11 display running. Be sure to enabled X11 forwarding over SSH:

    ssh -X [email protected]

  2. At the shell/SSH prompt, issue the command:

    sudo /path/to/the/compiler/install/program

    This will run the compiler installer with root privileges, and access (through SSH forwarding) the graphical display in front of you.

Solution 3:

The reasoning behind the use of sudo in Ubuntu can be found here. If you ever need a quick way to "go root" I use sudo -s or sudo -i.

Solution 4:

Aside from the mountains of warnings with using root, you can enable root login by logging in and performing the following from terminal:

sudo passwd

This will first prompt you for your password then will ask you to change UNIX password. The password you enter will be for the root account.

The Ubuntu Wiki has a great article on the depths of root and sudo within Ubuntu - caveats and pitfalls.

Solution 5:

There are two questions here. One is, why is root login disabled by default in Ubuntu? That's been addressed by several of the posts here.

The second question is, why are graphical root logins particularly disparaged?

All the disadvantages of nongraphical root logins apply to graphical root logins too. But when you log in graphically, you run far more programs, operating in a far more complex way, than when you log in nongraphically. The entire graphical user interface and all the graphical programs needed to use a GUI effectively, would be running as root. A tiny security vulnerability in any of them would enable someone to take complete control over your system.

Logging in as root at all is not recommended in Ubuntu, but there is no consensus in the security community that it is universally a bad practice. Graphical root logins, however, are simply a bad practice, and almost all operating systems have phased them out or strongly recommend against them.

To a lesser degree, having a non-root user (especially one with the ability to perform operations as root with sudo or PolicyKit) in a graphical login presents risks. But they are far more controlled than when everything in the graphical environment must actually be running as root with unlimited capabilities. Still, for situations where security is paramount, it is usually advisable to do away with graphical interfaces altogether, which is why Ubuntu Server doesn't ship with a GUI by default and officially recommends against installing one (though it is supported to do so).

In the Windows world, you can now install Windows Server in a way that essentially eliminates the graphical user interface (technically, some elements remain, but it is very stripped down and you cannot run arbitrary graphical programs). This is based on the same reasoning.

Even if you do decide to enable root logins, please don't log in graphically as root. Enabling root logins may put you at slightly higher security risk; running an entire graphical environment as root puts you at enormously higher risk.

Additionally, with the exception of graphical administration tools that are designed to be run as root with gksu/gksudo/kdesudo, most graphical programs are not intended to be run as root. Because they are not extensively tested in this mode, they may fail or behave erratically (which would be particularly bad, since they're running as root).

Finally, even some graphical administration tools, like users-admin, will fail if run as root, since they expect to be run by normal users and to perform actions as root (without ever actually running as root) using PolicyKit.

Related

Is a clean install better than upgrading?
How do I create an Ubuntu live USB using a Mac?
How to install Ubuntu 14.04/16.04 64-bit with a dual-boot RAID 1 partition on an UEFI/GPT system?
"Require Installation Of Untrusted Packages" while upgrading with the update manager
How to fix apt: Signature by key uses weak digest algorithm (SHA1)?
Package system is broken. How to fix it?
How can I control HDD spin down time?
Can't install Ubuntu 18.10 on XPS 15 - EFI\BOOT\mmx64.efi not found
How can I update youtube-dl?
Changing Network Interfaces name Ubuntu 16.04
Is it possible to have a different background for each workspace?
/usr/bin/sudo must be owned by uid 0 and have the setuid bit set [duplicate]