EDIT: My mistake, it turns out Sarah Palin's emails are also in the top ten right now.
Only other benefit (apart from all those programs that will complain or actually refuse to run as root) is if you run something questionable, it won't be able to install a root-kit, open a backdoor and hide the process.
Based on an rsync-backup article that I bookmarked a long time ago (http://www.mikerubel.org/computers/rsync_snapshots/), I run backups of my important files (/home/, /etc/, /usr/local/, some directories in /var/, and so on) every hour to a /backups/ directory that is only writeable by root. Every day, I copy a backup over to another machine using the same rsync process.
I don't use sudo to run just any command as root. Making the ability to run a root command as easy as tacking a "sudo" on the front is barely safer that running as root. Especially considering that if someone breaks your user password and you use sudo for everything, they may as well have broken root. Instead, I simply use "su", enter the root password, and have a root terminal. When I'm done, I log back out of the root shell. I also disallow logging in as root over SSH (for whatever reason, this is not the default behavior). Thus, to break root, someone has to break both my user (knowing both the username and the password) and my root password.
This gets old, so I do have sudo installed. You can use sudo to allow a non-root user to run certain commands with root privileges (just be sure NOT to include the
%wheel ALL = (ALL) ALL
username ALL = NOPASSWD: /usr/bin/emerge, /usr/sbin/hibernate, [etc.]
alias emerge="sudo /usr/bin/emerge"
alias hibernate="sudo /usr/sbin/hibernate"
I think for a noob, running as root is probably wise, understanding chmod, and chown right off the bat is a tough one - and often people get so frustrated from the inability to change settings they give up.
Either way - Batman runs as root... thats good enough for me.
I assume they didn't test it against Firefox 3 with popular extensions, because it's otherwise the worst thought-out advertising service I've seen online.
Emacs has been replaced by a shell script which 1) Generates a syslog
message at level LOG_EMERG; 2) reduces the user's disk quota by 100K;
and 3) RUNS ED!!!!!!
It encourages shaving.
How are they supposed to attain competence if they can't even grow out a guru beard?
Or, they could get hit by script kiddies that keep looking for old vulnerabilities in some daemon they ran as root.
$ cat /var/log/authlog
Sep 13 16:57:31 lucien sshd: Invalid user webmaster from 18.104.22.168
Sep 13 16:57:31 lucien sshd: input_userauth_request: invalid user webmaster
Sep 13 16:57:31 lucien sshd: Failed password for invalid user webmaster from 22.214.171.124 port 56992 ssh2
Sep 13 16:57:31 lucien sshd: Received disconnect from 126.96.36.199: 11: Bye Bye
Sep 13 16:57:34 lucien sshd: User root from 188.8.131.52 not allowed because not listed in AllowUsers
Sep 13 16:57:34 lucien sshd: input_userauth_request: invalid user root
Sep 13 16:57:34 lucien sshd: Failed password for invalid user root from 184.108.40.206 port 57162 ssh2
Sep 13 16:57:34 lucien sshd: Received disconnect from 220.127.116.11: 11: Bye Bye
Sep 13 16:57:36 lucien sshd: Invalid user ftp from 18.104.22.168
Sep 13 16:57:36 lucien sshd: input_userauth_request: invalid user ftp
Sep 13 16:57:36 lucien sshd: Failed password for invalid user ftp from 22.214.171.124 port 57344 ssh2
Sep 13 16:57:37 lucien sshd: Received disconnect from 126.96.36.199: 11: Bye Bye
Sep 13 16:57:39 lucien sshd: Invalid user sales from 188.8.131.52
Sep 13 16:57:39 lucien sshd: input_userauth_request: invalid user sales
Sep 13 16:57:39 lucien sshd: Failed password for invalid user sales from 184.108.40.206 port 57514 ssh2
Sep 13 16:57:40 lucien sshd: Received disconnect from 220.127.116.11: 11: Bye Bye
Learning the first way sucks less.
The first-ever boot you can only log in as root
This 'reckless (read: diff from linux distro)' installation practice made OpenBSD got 1 point deducted from a linux review article
Despite the root thingy, OpenBSD is "Only two remote holes in the default install, in more than 10 years!"
Of course, having daemons run as non-root and chrooted/jailed (hello, apache) is just as important.
(And yeah, I know this article is supposed to be a joke.)
i also changed default ssh port to non-22 to prevent most brute force attacks
i can't stand GNU/linux folks bashing OpenBSD over trivialities like the root only first-ever boot