Re: Root login in graphical enviroment
On Wed, Jul 31, 2002 at 11:46:27PM -0700, Leo Spalteholz wrote:
>
>
> >Security is one aspect, but if you run as root all day every day, sooner
> >or later you'll do something accidentally that will do a lot of damage.
> >Eg, you might do rm -Rf * from the root directory (thinking you were in
> >/tmp). No big drama if you do it as a user[1]. As root, your system is
> >hosed.
> >
> Has anyone really ever done this? Seems like a pretty dumb thing to
> do.. But I guess it could happen.
>
It doesn't happen often, but better safe than sorry IMHO...
> >Alternatively, keep a root login on one of your
> >virtual consoles, and switch to it whenever you need to do admin stuff.
> >
> Ah! Now there's a good idea. Now what if.. nope, cant run another
> copy of X in a differnet virtual console. Damn. :)
>
I think you can actually run multiple "copies" of X. Probably overkill
in this case. What sort of stuff do you need to do as root in X?
> >Incidentally, it is more dangerous running as root on Unix than on
> >Windows. With the Unix root user, anything goes. There is nothing it
> >can't delete/ruin/whatever. On the more multi-user flavours of Windows,
> >even the Adminstrator user can't do certain things.
> >
> Really? I didn't know that. Now that I think of it I guess thats
> true.. I can't kill system processes in WinXP even as admin..
>
Yep, root can kill every process, every file (including device files),
etc. Thinking about that is usually enough to scare most people into
using a non root user primarily :)
> >In other words,
> >being able to run Windows as Administrator all the time without
> >consequence doesn't follow on to running as root under Unix all the
> >time.
> >
> So my problem remains... Maybe I should just change my root password
> to something a bit shorter... 12 letters takes too long to type 50
> times a day..
A well chosen password doesn't necessarily have to be long. Pick
something fairly non predictable (not dictionary word, includes
numbers/punctuation etc), and you shouldn't need 12 characters worth.
Once you've got one that you think will fly, apt-get install john and
run it against your shadow password file. I left mine running overnight
against my standard password, and it hadn't got it 24 hours later.
As mentioned before, what X apps do you need to run as root? Perhaps if
you can find console alternatives to them that can be fired off via a
quick sudo (or similar) then that might help too...
- Chris
Reply to: