[jesprenj]

That's usually my argument when someone mocks me for logging into all my computers as root. Having a separate nonprivileged user and running tons of desktop/shell programs isn't really much better considering all those programs have access to your ~, which is on a PC usually the most inportant directory IMHO.

firejail is a program that helps mitigate this issue by restricting syscalls of programs.

[mbwgh]

According to the Arch Wiki though, firejail relies on blacklisting by default (although this seems to be subject to change).

So if it's necessary to be careful about the defaults and to audit everything carefully etc. (i.e. if it's not idiot proof), I am doubtful this is as helpful in practice as one might expect.

I still agree with the general point of your comment though.

[nl]

This is wrong. Data is important but so too is control of executable programs installed on your computer.

Running as root allows a bug in an application like a browser to be exploited and give them root access.

Then they can modify programs like firejail and suddenly things you thought were protected aren't.

[jesprenj]

Fair point, but a browser bug leading to code execution in an unprivileged user could, as mentioned, read my SSH private keys, GPG private keys, ...

This in turn would allow an attacker to login to my servers and other computers leading to a total compromise, as well as breaking trust and integrity of my email (PGP keys).

For my PC a compromise of the user I login as would mean total chaos and compromise, regardless if this user is root or not.

Installation of executable programs isn't limited to the root user, a normal unprivileged one can have them as well. I mentioned firejail because running the browser inside firejail should provide more protection against attacks (provided it's correctly cofigured, as a sibling comment points out), as the attacker couldn't escape the browser sandbox. Though in the current modern world, a browser context compromise could be enough to exploit a power user -- webmail, domain registrar web interface, stored passwords.

I doubt many power users actualy separate their workflow well enough as to change to a different VT (or SSH connection when working remotely) when performing administrative tasks on the computer that require root access. Because if users don't do that and just use a suid binary, like sudo, a malicious attacker with access to code execution in the context of an unprivileged user that elevates privileges with sudo could snoop the password entered by ptrace or simpler means, like a wrapper binary that gets installed without user's knowledge.

(I am by no means a security expert and my opinion shouldn't be treated as useful advice!)

[hsbauauvhabzb]

I’m the only user on my system, compromise of uid 1000 is as bad as root. If you really care, move into a containerised operating system.

[Kamq]

Logging in as something other than root also stops you from doing something really stupid to your system without explicit confirmation (usually by running the command with sudo).

[LarryMullins]

Logging in as root just seems like a silly thing to do, if for no other reason than because so many applications will hassle you about being run as root. Why not just use sudo when you need it?

[jesprenj]

I ended up logging in as root mostly for the sake of convenience, as now I am no longer bothered with suid wrappers like sudo for mundane tasks, like editing system configuration files and udev rules for devices -- as the sole user of the computer I no longer face EPERM errors that force me into `sudo !!`.

I uninstalled sudo and started this habit on personal servers as well when the sudoedit vulnerability was announced, allowing anyone on a macine with sudo installed (regardless of sudoers config) to escalate to root.