Kali Linux serves as the go-to operating system for the cyber-security world by providing bespoke packages like DBeaver and many other such tools that help in Penetration testing, to gather such data as employee details, open ports and domains from different resource locations.
While Offensive Security announced in 2019 about its plan to ditch the root user policy, Kali Linux 2020.1 which is the first release of 2020 launches with a non-root user model, and other major changes. The latest Kali Linux release also comes with improvements and new features including a single image installer made up of fewer images which are available for downloads, like live image and a network installer image.
It means that separate images for all desktop environment has now been discontinued, and users can only choose their desired desktop environment during the installation.
Brief History of the Default Root User
Formerly BackTrack, which in its original form was based on a Slackware live distro intended to run from a CDROM, that was far back in 2006. This model, however has no real update mechanism, with only a bunch of pen testing tools that are live in the /pentest/ directory, which anyone can use as part of assessments.
In the early days, things were not all this sophisticated, so everything just worked as it did. But a lot of these tools either required root access to run or were better ran as root. With the operating system that could be run from a CD, and never to be updated, with lots of tools that needed root access to run, it was an easy decision to have an “everything as root” security model.
But as time went by, there was a number of changes as people were installing BackTrack on bare metal so there was a need for an update mechanism. The move to base BackTrack 5 on Ubuntu instead of Slackware live (February 2011) happened after noticing that many systems were vulnerable to some certain exploit which came out a few weeks prior.
Then it later moved to be a Debian derivative brought about by a host of advantages, including been based on Debian-Testing. Debian seems to have a well earned reputation as one of the most stable Linux distros and Debian-Testing is the development branch of the next version of Debian, which realistically is more stable than several of the mainstream Linux distros.
Over the last few years, more and more users started to run Kali as their day to day operating system, even when not using it for penetration testing full time, including members of the Kali development team.
They obviously don’t run as default root user, as this usage means that default root user is no longer necessary and Kali will be better off moving to a more traditional non-root user security model.