Re: root login

To: debian-gtk-gnome@lists.debian.org
Subject: Re: root login
From: demonbane@the-love-shack.net
Date: Mon, 28 Apr 2003 22:24:10 -0500 (CDT)
Message-id: <34592.192.168.0.8.1051586650.squirrel@Bigbrother.the-love-shack.lan >
In-reply-to: <[🔎] b8jtq0$7um$1@main.gmane.org>
References: <[🔎] 1051280874.3ea945eac5fb1@mail.dominicanrepublic.com> <[🔎] 20030425164022.GC494@lazarus> <[🔎] 1051291323.3ea96ebb18853@mail.dominicanrepublic.com> <[🔎] 20030426043435.GF494@lazarus> <[🔎] 3EAAF3B3.1020303@ocf.berkeley.edu> <[🔎] 20030427025246.GB4889@lazarus> <[🔎] b8jtq0$7um$1@main.gmane.org>

> Jeff Waugh wrote:
>> <quote who="Michael Toomim">
>>
--snip--
>> root is god. root can damage hardware. root can destroy an entire system
>> in
>> an instant. It just does not make sense to use the GUI as root. You
>> don't
>> need to. You don't need the power. You don't *want* the power.
>
> You want the power when you need to install new software.  You want it
> when you need to set the time.  You want it when you need to add or
> remove users from your system.

Personally, I believe that letting people stay logged in as root
permanently is a very bad thing. Root should only be used when needed.
HOWEVER, this doesn't mean that it should be DIFFICULT to do something as
root while logged in as yourself. Case in point, if I'm logged into my
computer as me, and I want to install a new program, I can just drop to a
terminal and type "sudo apt-get install coolnewprogram" (or, alternately,
su -c apt-get install coolnewprogram) and be done with it, WITHOUT needing
to actually log in as root.

Even the M$ camp has been moving towards this over the last few years.
Windows 2000 and XP both have a "Run As" option for programs. So if you're
logged in as yourself and you need admin privileges to install a program,
you "Run As" Administrator and you're all done.

But having a user logged in as root 24/7 is a HUGE security risk.

First, most users let other people know what their passwords are all the
time. If that password happens to be a root password, there goes your
security.

Second, lets not forget that programs execute as the user who called them.
If I type "rm -rf /*" in a terminal, all I'm going to lose is /tmp. If I'm
logged in as root and I type that, there goes the whole system.

And finally, what if, say Mozilla, ends up having a security hole as
serious as the Office XP + IE security problem from a while ago that
allowed remote sites to execute commands on your computer. rm -rf /* seems
like a prime candidate for a malicious attack but losing /tmp doesn't
really worry me all that much.

>> Every time I see an NT desktop user logging in as Adminstrator, I
>> cringe.
>> Every time I see a Linux desktop user logging in as root, I hide under
>> the
>> table.
>
> hehe. :)

I'll have to put that in my book of one (well, in this case two) liners. :)

-- 
Alex

Reply to:

References:
- root login
  - From: Jenner Almánzar <naldiello@dominicanrepublic.com>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Jenner Almánzar <naldiello@dominicanrepublic.com>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Michael Toomim <toomim@OCF.Berkeley.EDU>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Michael Toomim <toomim@uclink4.berkeley.edu>

Prev by Date: Re: root login
Next by Date: Re: root login
Previous by thread: Re: root login
Next by thread: Re: root login
Index(es):
- Date
- Thread