On a single-user machine, screwing up as root and screwing up in your unprivileged account is pretty much the same, since the most valuable you're going to loose isn't that 20 minute Ubuntu install, but your files. And the user you use, privileged or not, will have the power to wipe your files out.
Only other benefit (apart from all those programs that will complain or actually refuse to run as root) is if you run something questionable, it won't be able to install a root-kit, open a backdoor and hide the process.
This isn't exactly true. A vigilant user will run normal backups, and those backups will not be in a location that is writeable by the unprivileged user. In this way, it will not be possible for you (or an attacker) to completely wipe out your important files, only those changes from the last hour or so.
Based on an rsync-backup article that I bookmarked a long time ago (http://www.mikerubel.org/computers/rsync_snapshots/), I run backups of my important files (/home/, /etc/, /usr/local/, some directories in /var/, and so on) every hour to a /backups/ directory that is only writeable by root. Every day, I copy a backup over to another machine using the same rsync process.
The article is probably a link-baiting joke, but assuming for a moment that it is not, you can get the same benefits without the requirement to run as root.
I don't use sudo to run just any command as root. Making the ability to run a root command as easy as tacking a "sudo" on the front is barely safer that running as root. Especially considering that if someone breaks your user password and you use sudo for everything, they may as well have broken root. Instead, I simply use "su", enter the root password, and have a root terminal. When I'm done, I log back out of the root shell. I also disallow logging in as root over SSH (for whatever reason, this is not the default behavior). Thus, to break root, someone has to break both my user (knowing both the username and the password) and my root password.
This gets old, so I do have sudo installed. You can use sudo to allow a non-root user to run certain commands with root privileges (just be sure NOT to include the
%wheel ALL = (ALL) ALL
line, which is how most people use sudo). For common commands that don't pose much of a security risk, you can add a line as follows to /etc/sudoers:
username ALL = NOPASSWD: /usr/bin/emerge, /usr/sbin/hibernate, [etc.]
Then, in my ~username/.bashrc, I have:
alias emerge="sudo /usr/bin/emerge"
alias hibernate="sudo /usr/sbin/hibernate"
(Note: emerge is basically Gentoo's apt-get, but vastly different, of course.) Thus, from the point of view of a standard user, I can run my most common root commands (with root privileges) as my unprivileged user, transparently. I can be careful to only allow commands that will not compromise my entire machine in the event that someone gains access with my username or I find myself drunk at the terminal.
This is great humor - I ran as root while I was learning how to use slackware waaay back. Now I use Fedora because I'm lazy but don't worry behind the PECL and LIVNA libraries I still do a make && make install from time to time.
I think for a noob, running as root is probably wise, understanding chmod, and chown right off the bat is a tough one - and often people get so frustrated from the inability to change settings they give up.
Either way - Batman runs as root... thats good enough for me.
This is probably the best advice for linux/unix nubs; you will never learn what a computer is really for until you meet the machine face-to-face via a terminal. I don't know how many times it took me to corrupt my package-manager or butcher some config file until I realized the advantages of running a VM, but, yes, the article is spot-on because all learning, or understanding for that matter, is iterating failure.
I like your shaving metaphor, but how is a new user coming from a Windows XP ever going to respect what an admin account can really do w/o ever test-driving what root can really do, given that I'm sure most Windows users are running as an Administrator. I guess my point is, given all the times I've screwed myself w/ root, is that root is only dangerous in context of somebody else, while the only cost of seeing what something does in Linux is your time and your file-system. Otherwise, how can one ever appreciate how delicate and fragile a system really is w/o a loving system administrator to cradle her in his key-strokes. ;)
Or, they could get hit by script kiddies that keep looking for old vulnerabilities in some daemon they ran as root.
$ cat /var/log/authlog
Sep 13 16:57:31 lucien sshd: Invalid user webmaster from 184.108.40.206
Sep 13 16:57:31 lucien sshd: input_userauth_request: invalid user webmaster
Sep 13 16:57:31 lucien sshd: Failed password for invalid user webmaster from 220.127.116.11 port 56992 ssh2
Sep 13 16:57:31 lucien sshd: Received disconnect from 18.104.22.168: 11: Bye Bye
Sep 13 16:57:34 lucien sshd: User root from 22.214.171.124 not allowed because not listed in AllowUsers
Sep 13 16:57:34 lucien sshd: input_userauth_request: invalid user root
Sep 13 16:57:34 lucien sshd: Failed password for invalid user root from 126.96.36.199 port 57162 ssh2
Sep 13 16:57:34 lucien sshd: Received disconnect from 188.8.131.52: 11: Bye Bye
Sep 13 16:57:36 lucien sshd: Invalid user ftp from 184.108.40.206
Sep 13 16:57:36 lucien sshd: input_userauth_request: invalid user ftp
Sep 13 16:57:36 lucien sshd: Failed password for invalid user ftp from 220.127.116.11 port 57344 ssh2
Sep 13 16:57:37 lucien sshd: Received disconnect from 18.104.22.168: 11: Bye Bye
Sep 13 16:57:39 lucien sshd: Invalid user sales from 22.214.171.124
Sep 13 16:57:39 lucien sshd: input_userauth_request: invalid user sales
Sep 13 16:57:39 lucien sshd: Failed password for invalid user sales from 126.96.36.199 port 57514 ssh2
Sep 13 16:57:40 lucien sshd: Received disconnect from 188.8.131.52: 11: Bye Bye
(My firewall blocks these losers after two minutes and I still have endless logs like this.)
Well, yeah, but in the afterboot(8) (http://www.openbsd.org/cgi-bin/man.cgi?query=afterboot) man page, the first two points after how to use man and find installation errata are how to deny remote root ssh logins and a note essentially saying, "Make a non-root user and add it to the group 'wheel' for sudo, see below.".
Of course, having daemons run as non-root and chrooted/jailed (hello, apache) is just as important.
(And yeah, I know this article is supposed to be a joke.)
This is irresponsible. For the same reason why one drives the speed limit, and only exceeds them when one has to, like, for example, if Rosemary is about to birth the anti-Christ in the back seat of your new Jag,so to does one not run as super user unless one has to. Both practices are dangerous.