Closed akarki123 closed 1 year ago
Hey @akarki123, let me see if I can provide some insight.
So, running wsl with root access is not necessarily bad. Mostly, it poses a security risk. As I understand it, running in root simply bypasses any security checks wsl might have and basically assumes that you know what you are doing. It gives you access to modify system files and, by extension, gives root access to any applications you run in root. As I've said, if you know what you are doing and have looked into everything you are working with, everything should be fine.
The difficult comes when you are dealing with anything that isn't made by or vetted by you. For instance, consider an example of running the command npm
on a set of dependencies. By running this with root, you are allowing npm to bypass security and modify system files, and by extension the dependencies themselves. If you happen to install a bit of code in sudo that is malicious, or has vulnerabilities, or fatal bugs, then things can really go badly.
In response to your question there are probably a few ways. By default, the first user created in wsl is made with root access. Off the top, I would recommend making a new user login without root access, using adduser
. Any new users do not have root access by default, and if you need to execute something with root access you can login to the other user. You can look up the documentation on that if you'd like to solve it this way. Otherwise, I encourage you to look around for some other advice, as I am sure there are many ways to work and execute code in a non-sudo environment. Hope this helped!
When I run wsl it runs with root access with #. Is this normal or is there a way to downgrade the access so I don't accidentally mess something up?