[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: root login

On Wed, 2003-04-30 at 12:09, Xavier Bestel wrote:
> > Take the other point of view. What if you use root like your normal user
> > account? The hacker gets access to this by the same means he gets access
> > to your user account before (probably idiocy in this case?) and not only
> > can he turn your HDD into a brick, destroy your data, he can also access
> > the user accounts of all the people on your system, and tap all their
> > passwords and keypresses for any other systems they use. Now which is
> > less secure?
> 
> True, but nowadays PC are just that: Personal Computers, and if a
> hacker/trojan/virus breaks in, the only important thing on the disk is
> the (only) user's data. He won't care about the system 'cause he can
> reinstall it from scratch if need be. And no, 99% of them won't have
> fresh backups handy.
> To these users, root/user separation is just a bandaid to not hose the
> system by accident, nothing more.
> 
> 	Xav

That's a bit of a narrow slant on things:  you're ignoring universities,
businesses and managed systems all over the place.  The ability of users
to change most settings/install random software/infect the machine with
viruses is the bane of university systems-administrators everywhere. 
The fact that a system needs to be rebuilt from scratch whenever a user
does something stupid causes more work for IT departments everywhere
than is healthy.

>From a "personal user" point of view, I keep a number of Linux boxes
running for friends and family, none of whom have root access, and as
such I know that the worst-case scenario is that they hose their own
data.

Basically, what I'm trying to get at is that there are two, completely
seperate discussions going on here:  the first (original) one is whether
"root" is outdated/just-a-bandaid, and the second is which information
on a computer is important.

They are completely unrelated because _whether or not the user has root_
losing his/her personal data is a catastrophe, and totally tangential to
that is the question of whether or not those users lose not only their
personal data, but also have to reinstall the machine from scratch when
they make a mistake.

Root may be a "bandaid", but it eliminates 99% of the impact of those
stupid mistakes _on the system as a whole_.  Moreover, I can't think of
a better solution to stopping the user hosing the entire system.

To get back to the original intent of the discussion, the question is
not really whether root-level-access is a good thing but rather whether
enabling it _by default_ in gdm is the right approach.  If nothing else,
forcing the user to use su/gtksu etc at least lets them know that they
_could_ break things.

Ciao,
Brad.
Reply to: