Because it is not recommended doing so unless you know exactly what you are doing. Root is a superuser, meaning it can do anything and everything - it is only meant for administrative tasks. Day-for-day tasks can bear a security risk that WILL be exploited if EVERYONE (or a large proportion of users) used root. Think Windows - 99% of malware and virus problems are from people using admin accounts for everyday tasks.
Let's look at an example:
What if someone breaks into your system and tells it to erase your disks? If you are running as a normal user, the only files you would (should) be able to remove are those that belong to you, and not anyone else. If, say, you had other people using the computer, their files will not be touched at all, no matter how hard you try. That means you will not be able to change any system files, and therefore your system will remain rock-solid and unaffected/uninfected.
If you run as root, however, you can wipe the hard drive entirely, probably do some damage to the hardware itself, and generally render the system unusable. Correction: anyone who can get to run a single command as root on your computer (some malicious website or an email attachment) can do that.
Take a look this nice article that might explain it better than I did.
You can always use sudo command or gksu command to run the command as the superuser, both of those work with graphical and command-line utilities. sudo is usually used for CLI, though, and gksu is the graphical password promt that does the same thing.
To an extent, they let you become root temporarily - much, much better than running as root constantly and risking instability.
In standard Ubuntu, root logins are not allowed, neither from the GDM (graphical) login manager, nor from the text console (i.e., the one you get if press Ctrl+Alt+F1).
In order to perform root (i.e., administrator) operations you have to use the sudo command in a terminal, or any GUI equivalent of it: these will ask you for your password and then perform the requested privileged operation (and only that one).
The reason for this behavior is, as others have pointed out, that performing root operations is inherently risky and the number of operations really requiring root privileges is comparatively small: by using this sudo approach you are running most of the time with a unprivileged account (i.e., harmless to the system and other users) and just get the root powers when it's really needed.
An example might help clarify. Assume you want to install a new service (daemon) on your machine; this is relatively new and you need to read about it and how to configure it to your needs. You will end up browsing the web a lot to find information, example configs, etc., maybe have some IRC chat to ask for more info -- none of this requires root powers! In the end, you only need privileged access for two operations:
install the new program (i.e., sudo apt-get install ...), and
edit the default configuration
A commonly accepted principle in computer security is always use the least possible privilege level to perform an operation. -- this reduces the risk that something bad happens because of bugs in the software or errors from the operator.
The Ubuntu default setup goes in this direction; if you were using a root login, instead, you would have ended up surfing the internet, doing IRC (and possibly all the other stuff that one does concurrently) from the root account, thus needlessly exposing the system to a threat.
Update: For your compiler example, I would proceed this way:
Login to the node via SSH as your regular user, and from another
Ubuntu or GNU/Linux node where you have a graphical X11 display
running. Be sure to enabled X11 forwarding over SSH:
There are two questions here. One is, why is root login disabled by default in Ubuntu? That's been addressed by several of the posts here.
The second question is, why are graphical root logins particularly disparaged?
All the disadvantages of nongraphical root logins apply to graphical root logins too. But when you log in graphically, you run far more programs, operating in a far more complex way, than when you log in nongraphically. The entire graphical user interface and all the graphical programs needed to use a GUI effectively, would be running as root. A tiny security vulnerability in any of them would enable someone to take complete control over your system.
Logging in as root at all is not recommended in Ubuntu, but there is no consensus in the security community that it is universally a bad practice. Graphical root logins, however, are simply a bad practice, and almost all operating systems have phased them out or strongly recommend against them.
To a lesser degree, having a non-root user (especially one with the ability to perform operations as root with sudo or PolicyKit) in a graphical login presents risks. But they are far more controlled than when everything in the graphical environment must actually be running as root with unlimited capabilities. Still, for situations where security is paramount, it is usually advisable to do away with graphical interfaces altogether, which is why Ubuntu Server doesn't ship with a GUI by default and officially recommends against installing one (though it is supported to do so).
In the Windows world, you can now install Windows Server in a way that essentially eliminates the graphical user interface (technically, some elements remain, but it is very stripped down and you cannot run arbitrary graphical programs). This is based on the same reasoning.
Even if you do decide to enable root logins, please don't log in graphically as root. Enabling root logins may put you at slightly higher security risk; running an entire graphical environment as root puts you at enormously higher risk.
Additionally, with the exception of graphical administration tools that are designed to be run as root with gksu/gksudo/kdesudo, most graphical programs are not intended to be run as root. Because they are not extensively tested in this mode, they may fail or behave erratically (which would be particularly bad, since they're running as root).
Finally, even some graphical administration tools, like users-admin, will fail if run as root, since they expect to be run by normal users and to perform actions as root (without ever actually running as root) using PolicyKit.
Open Terminal (Ctrl+Alt+T or Dash home > More Apps > Installed (Expand) > Terminal).
TO ACTIVATE THE ROOT ACCOUNT
In a terminal type or paste sudo passwd root.
Enter your normal login password (if you are asked for it), then you will be asked to enter the new root password and confirm it.
TO ADD A NEW LOGIN PROMPT THAT ALLOWS YOU TO ENTER ROOT AND ITS PASSWORD
In a terminal type or paste. gksudo gedit /etc/lightdm/lightdm.conf. This opens a graphical text editor window where you can edit the configuration file for the login screen.
Add the line greeter-show-manual-login=true to the bottom of the file.
Reboot Ubuntu 12.04 and you will see a new “Login” window (replaces the previous "Other" window) which allows for Username and Password input . Enter root for the username and then enter the password you assigned to the root account.
I hope this helps others that need/want root access.
Then you are asked to type both the username and password to login graphically. I'm assume you have already set the password for root:)
I know there are countless reason that you shouldn't login directly as root, however, there does exit some rare cases (for example in a test box running in vmware) when you really appreciated the convience of being root.
Because the root user and Administrator (in Windows) are the equivalent of a God to a computer. That user can adjust anything from file permissions to even erasing the entire file system. It is quite common for the average home user to run as the Administrator (either under that name or another name set up at first boot). Because any program executed as that user is system wide, it becomes dangerous.
The lack of control over Administrative privileges allows for virus/malware or even self-destructive issues. It is because of this that many distros, including Ubuntu, limited the transition to the high power by an extra step (a somewhat cognitive step that helps to insist that "any changes I make here are changes that are grander in scope").
Although you can't login directly as root (for the reasons that others have already explained well), you can run GUI applications as root. For example, System → Administration → Synaptic Package Manager is a graphical application that runs as root.
To run an application as root (either a text application or a GUI application), just use one of this commands:
Root really isn't advised for normal usage but sometimes you have a long list of terminal commands that need root privileges and it's just more convenient to login as root.
I use sudo xterm or gksu xterm to open a root terminal
I think its a little easier to distinguish which term window has root privileges wheen you have the handy "root@" term prompt
Because it is not recommended doing so unless you know exactly what you are doing. Root is a superuser, meaning it can do anything and everything - it is only meant for administrative tasks. Day-for-day tasks can bear a security risk that WILL be exploited if EVERYONE (or a large proportion of users) used root. Think Windows - 99% of malware and virus problems are from people using admin accounts for everyday tasks.
Let's look at an example:
What if someone breaks into your system and tells it to erase your disks? If you are running as a normal user, the only files you would (should) be able to remove are those that belong to you, and not anyone else. If, say, you had other people using the computer, their files will not be touched at all, no matter how hard you try. That means you will not be able to change any system files, and therefore your system will remain rock-solid and unaffected/uninfected.
If you run as root, however, you can wipe the hard drive entirely, probably do some damage to the hardware itself, and generally render the system unusable. Correction: anyone who can get to run a single command as root on your computer (some malicious website or an email attachment) can do that.
Take a look this nice article that might explain it better than I did.
Here's another one.
You can always use
sudo commandorgksu commandto run thecommandas the superuser, both of those work with graphical and command-line utilities.sudois usually used for CLI, though, andgksuis the graphical password promt that does the same thing.To an extent, they let you become
roottemporarily - much, much better than running as root constantly and risking instability.In standard Ubuntu,
rootlogins are not allowed, neither from the GDM (graphical) login manager, nor from the text console (i.e., the one you get if press Ctrl+Alt+F1).In order to perform
root(i.e., administrator) operations you have to use thesudocommand in a terminal, or any GUI equivalent of it: these will ask you for your password and then perform the requested privileged operation (and only that one).The reason for this behavior is, as others have pointed out, that performing
rootoperations is inherently risky and the number of operations really requiringrootprivileges is comparatively small: by using thissudoapproach you are running most of the time with a unprivileged account (i.e., harmless to the system and other users) and just get therootpowers when it's really needed.An example might help clarify. Assume you want to install a new service (daemon) on your machine; this is relatively new and you need to read about it and how to configure it to your needs. You will end up browsing the web a lot to find information, example configs, etc., maybe have some IRC chat to ask for more info -- none of this requires
rootpowers! In the end, you only need privileged access for two operations:sudo apt-get install ...), andA commonly accepted principle in computer security is always use the least possible privilege level to perform an operation. -- this reduces the risk that something bad happens because of bugs in the software or errors from the operator.
The Ubuntu default setup goes in this direction; if you were using a
rootlogin, instead, you would have ended up surfing the internet, doing IRC (and possibly all the other stuff that one does concurrently) from therootaccount, thus needlessly exposing the system to a threat.Update: For your compiler example, I would proceed this way:
Login to the node via SSH as your regular user, and from another Ubuntu or GNU/Linux node where you have a graphical X11 display running. Be sure to enabled X11 forwarding over SSH:
At the shell/SSH prompt, issue the command:
This will run the compiler installer with
rootprivileges, and access (through SSH forwarding) the graphical display in front of you.The reasoning behind the use of sudo in Ubuntu can be found here. If you ever need a quick way to "go root" I use
sudo -sorsudo -i.Aside from the mountains of warnings with using root, you can enable root login by logging in and performing the following from terminal:
This will first prompt you for your password then will ask you to change UNIX password. The password you enter will be for the
rootaccount.The Ubuntu Wiki has a great article on the depths of root and sudo within Ubuntu - caveats and pitfalls.
There are two questions here. One is, why is root login disabled by default in Ubuntu? That's been addressed by several of the posts here.
The second question is, why are graphical root logins particularly disparaged?
All the disadvantages of nongraphical root logins apply to graphical root logins too. But when you log in graphically, you run far more programs, operating in a far more complex way, than when you log in nongraphically. The entire graphical user interface and all the graphical programs needed to use a GUI effectively, would be running as root. A tiny security vulnerability in any of them would enable someone to take complete control over your system.
Logging in as root at all is not recommended in Ubuntu, but there is no consensus in the security community that it is universally a bad practice. Graphical root logins, however, are simply a bad practice, and almost all operating systems have phased them out or strongly recommend against them.
To a lesser degree, having a non-root user (especially one with the ability to perform operations as root with sudo or PolicyKit) in a graphical login presents risks. But they are far more controlled than when everything in the graphical environment must actually be running as root with unlimited capabilities. Still, for situations where security is paramount, it is usually advisable to do away with graphical interfaces altogether, which is why Ubuntu Server doesn't ship with a GUI by default and officially recommends against installing one (though it is supported to do so).
In the Windows world, you can now install Windows Server in a way that essentially eliminates the graphical user interface (technically, some elements remain, but it is very stripped down and you cannot run arbitrary graphical programs). This is based on the same reasoning.
Even if you do decide to enable root logins, please don't log in graphically as root. Enabling root logins may put you at slightly higher security risk; running an entire graphical environment as root puts you at enormously higher risk.
Additionally, with the exception of graphical administration tools that are designed to be run as root with gksu/gksudo/kdesudo, most graphical programs are not intended to be run as root. Because they are not extensively tested in this mode, they may fail or behave erratically (which would be particularly bad, since they're running as root).
Finally, even some graphical administration tools, like
users-admin, will fail if run as root, since they expect to be run by normal users and to perform actions as root (without ever actually running as root) using PolicyKit.Open Terminal (Ctrl+Alt+T or Dash home > More Apps > Installed (Expand) > Terminal).
TO ACTIVATE THE ROOT ACCOUNT
In a terminal type or paste
sudo passwd root. Enter your normal login password (if you are asked for it), then you will be asked to enter the newrootpassword and confirm it.TO ADD A NEW LOGIN PROMPT THAT ALLOWS YOU TO ENTER ROOT AND ITS PASSWORD
In a terminal type or paste.
gksudo gedit /etc/lightdm/lightdm.conf. This opens a graphical text editor window where you can edit the configuration file for the login screen.Add the line
greeter-show-manual-login=trueto the bottom of the file.The file should now read as follows:
Save the
lightdm.conffile and exit from gedit.Reboot Ubuntu 12.04 and you will see a new “Login” window (replaces the previous "Other" window) which allows for Username and Password input . Enter
rootfor the username and then enter the password you assigned to the root account.I hope this helps others that need/want
rootaccess.as for ubuntu 12.04 LTS you can do this using root privilege:
Then you are asked to type both the username and password to login graphically. I'm assume you have already set the password for root:)
I know there are countless reason that you shouldn't login directly as root, however, there does exit some rare cases (for example in a test box running in vmware) when you really appreciated the convience of being root.
Because the root user and Administrator (in Windows) are the equivalent of a God to a computer. That user can adjust anything from file permissions to even erasing the entire file system. It is quite common for the average home user to run as the Administrator (either under that name or another name set up at first boot). Because any program executed as that user is system wide, it becomes dangerous.
The lack of control over Administrative privileges allows for virus/malware or even self-destructive issues. It is because of this that many distros, including Ubuntu, limited the transition to the high power by an extra step (a somewhat cognitive step that helps to insist that "any changes I make here are changes that are grander in scope").
Although you can't login directly as root (for the reasons that others have already explained well), you can run GUI applications as root. For example, System → Administration → Synaptic Package Manager is a graphical application that runs as root.
To run an application as root (either a text application or a GUI application), just use one of this commands:
They're almost identical. The main difference is that the first asks for your password on the terminal, the second uses a graphical dialog window.
Root really isn't advised for normal usage but sometimes you have a long list of terminal commands that need root privileges and it's just more convenient to login as root. I use
sudo xtermorgksu xtermto open a root terminal I think its a little easier to distinguish which term window has root privileges wheen you have the handy "root@" term prompt