Why You Shouldn’t Log Into Your Linux System As Root

why-you-shouldn-and-8217;t-log-into-your-linux-system-as-root photo 1

On Linux, the Root user is equivalent to the Administrator user on Windows. However, while Windows has long had a culture of average users logging in as Administrator, you shouldn’t log in as root on Linux.

Microsoft tried to improve Windows security practices with UAC – you shouldn’t log in as root on Linux for the same reason you shouldn’t disable UAC on Windows.

Why Ubuntu Uses Sudo

Discouraging users from running as root is one of the reason why Ubuntu uses sudo instead of su. By default, the root password is locked on Ubuntu, so average users can’t log in as root without going out of their way to re-enable the root account.

On other Linux distributions, it’s historically been possible to log in as root from the graphical login screen and get a root desktop, although many applications may complain (and even refuse to run as root, as VLC does). Users coming from Windows sometimes decided to log in as root, just as they used the Administrator account on Windows XP.

why-you-shouldn-and-8217;t-log-into-your-linux-system-as-root photo 2

With sudo, you run a specific command (prefixed by sudo) that gains root privileges. With su, you’d use the su command to gain a root shell, where you’d run the command you want to use before (hopefully) exiting the root shell. Sudo helps enforce best practices, running only commands that need to be run as root (such as software installation commands) without leaving you at a root shell where you may stay logged in or run other applications as root.

why-you-shouldn-and-8217;t-log-into-your-linux-system-as-root photo 3

Limiting The Damage

When you log in as your own user account, programs you run are restricted from writing to the rest of the system – they can only write to your home folder. You can’t modify system files without gaining root permissions. This helps keep your computer secure. For example, if the Firefox browser had a security hole and you were running it as root, a malicious web page would be able to write to all files on your system, read files in other user account’s home folders, and replace system commands with compromised ones. In contrast, if you’re logged in as a limited user account, the malicious web page wouldn’t be able to do any of those things – it would only be able to inflict damage in your home folder. While this could still cause problems, it’s much better than having your entire system compromised.

This also helps protect you against malicious or just plain buggy applications. For example, if you run an application that decides to delete all files it has access to (perhaps it contains a nasty bug), the application will wipe our your home folder. This is bad, but if you have backups (which you should!), it’s fairly easy to restore the files in your home folder. However, if the application had root access, it could delete every single file on your hard drive, necessitating a full reinstall.

why-you-shouldn-and-8217;t-log-into-your-linux-system-as-root photo 4

Fine-Grained Permissions

While older Linux distributions ran entire system administration programs as root, modern Linux desktops use PolicyKit for even more fine-grained control of the permissions an application receives.

For example, a software-management application could be granted only permission to install software on your system through PolicyKit. The program’s interface would run with the limited user account’s permissions, only the part of the program that installed software would receive elevated permissions – and that part of the program would only be able to install software.

why-you-shouldn-and-8217;t-log-into-your-linux-system-as-root photo 5

The program wouldn’t have full root access to your entire system, which could protect you if a security hole is found in the application. PolicyKit also allows limited user accounts to make some system administration changes without obtaining full root access, making it easier to run as a limited user account with less hassle.


Linux will let you log into a graphical desktop as root — just as it will allow you to delete every single file on your hard drive while your system is running or write random noise directly to your hard drive, obliterating your file system – but it isn’t a good idea. Even if you know what you’re doing, the system isn’t designed to be run as root – you’re bypassing much of the security architecture that makes Linux so secure.

More stories

How the SmartScreen Filter Works in Windows 8 and 10

Windows 8 includes a SmartScreen filter that prevents unknown and malicious programs from running. SmartScreen is part of Internet Explorer 8 and 9 – with Windows 8, it’s now integrated into the operating system.

1st Issue of GIMP Magazine now Available [Free Download]

Are you ready for an awesome (and free) magazine that is all about GIMP? Then GIMP Magazine is the publication that you have been looking for! This free quarterly magazine focuses on photography, digital arts, tips and tricks...

What You Said: How You Deal with Bacn

Earlier this week we asked you how you deal with Bacn—email you want, but not right now—and you responded. Read on to see the three principle ways HTG readers deal with Bacn.

Convert Your Car’s Ashtray to a Smartphone Dock

Envious of modern cars that have built-in iPhone chargers and the like? Be jealous no more; this simple DIY tutorial guides you through converting the ashtray in your older ride into a smartphone dock.

Friday Fun: Dynamite Train

This week’s game involves an ‘explosive’ combination of trains, bridges, and dynamite! Your mission is to stop these trains from crossing the various bridges using ingenuity and a limited supply of explosives. Can you destroy all the bridge designs and building materials you encounter or will your

How to Enable Firefox’s Built-in PDF Reader

Firefox 15 includes an all new PDF reader built into the browser–for those of you wondering, that means you can finally disable the Adobe PDF Plugin and uninstall it once and for all.