Re: [PLUG] No good to be Root?

To: plug@northwest.com
Cc: debian-user@lists.debian.org
Subject: Re: [PLUG] No good to be Root?
From: karlheg@cathcart.sysc.pdx.edu (Karl M. Hegbloom)
Date: 21 Jul 1999 11:07:25 -0700
Message-id: <[🔎] 87r9m198rm.fsf@bittersweet.sysc.pdx.edu>
In-reply-to: James's message of "Tue, 20 Jul 1999 15:53:08 +0100"
References: <m116fO6-000yD9C@soggy.deldotd.com> <3794D2A4.2AB33140@sequeltech.com> <m116grN-000yD9C@soggy.deldotd.com> <3.0.6.32.19990720155308.00a0c9a0@mailhost.efn.org>

>>>>> "James" == James  <jamesf@efn.org> writes:

    James> I hope this isn't too much of a newbie question, but I
    James> thought I'd get it out of the way.  All the manuals I read
    James> suggest to NOT administer Linux as root, but nowhere have I
    James> found the reason "why."  What is the major problem with
    James> being on your system as root all the time?  Everyone
    James> suggests logging in as a normal user.  Why?  Thanks.

 Last week, I was resetting ownerships and permissions on some
 directories on a machine I adminster.  I was working as `root', using 
 `dired' in XEmacs.  In dired, you can run a shell command on a file
 or directory the cursor is on by pushing the `!' key, then typing the 
 command in the minibuffer.

 In that command, `*' expands to the file you had the cursor on, or to
 the list of marked files, if you've marked a set.  `.' expands to
 $(pwd).

 I put the cursor on a directory, intending to `chown -R' it to a
 user's name and group, typed `!', followed by (as if I was working in
 an xterm or from the console and had done a `cd' into that directory) 
 `chown -R user.group .', when it should have been `chown -R
 user.group *' or just plain leave off the star...

 The command was taking a lot longer than I expected... and the
 directory I ran it on was anchored off `/'.  It took the rest of the
 day (6 hours?) to reset the ownerships and permissions on the
 filesystem, because it effectively ran `chown -R user.group /', and
 almost finished before I stopped it.  There's about 12Gb of files on
 this box.  (It's very fast SCSI.)

 Well, I HAD to be root to do that kind of admin work.  But as a user, 
 had I been working in my own directories and typed a command like
 that or worse, it could NOT escape and affect other people's or the
 system's files, because of *nix file protections.

 It's a very good thing that one of the default Debian cron.daily jobs 
 makes a listing of the setuid and setgid binaries on the system.  (It 
 does this then generates a diff against yesterday, so you can see if
 things are being changed on you.)  I was able to write a simple `awk' 
 command that dumped a command script to fix them all.

 I've heard that `rpm' keeps a database of the ownership and
 permission settings of every registered file.  It would be nice if
 `dpkg' would incorporate that functionality someday.

Reply to:

Prev by Date: Re: PCMCIA and interrupts?
Next by Date: Re: SupraExpress Modem problems
Previous by thread: Re: "S" file permissions
Next by thread: Good HTML editor for debian Linux?
Index(es):
- Date
- Thread