[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root login in graphical enviroment



On Wed, Jul 31, 2002 at 11:46:27PM -0700, Leo Spalteholz wrote:
> 
> 
> >Security is one aspect, but if you run as root all day every day, sooner
> >or later you'll do something accidentally that will do a lot of damage.
> >Eg, you might do rm -Rf * from the root directory (thinking you were in
> >/tmp).  No big drama if you do it as a user[1].  As root, your system is
> >hosed.
> >
> Has anyone really ever done this?  Seems like a pretty dumb thing to 
> do..  But I guess it could happen.
>

It doesn't happen often, but better safe than sorry IMHO...
 
> >Alternatively, keep a root login on one of your
> >virtual consoles, and switch to it whenever you need to do admin stuff.
> >
> Ah!  Now there's a good idea.  Now what if..    nope, cant run another 
> copy of X in a differnet virtual console.  Damn. :)
> 

I think you can actually run multiple "copies" of X.  Probably overkill
in this case.  What sort of stuff do you need to do as root in X?

> >Incidentally, it is more dangerous running as root on Unix than on
> >Windows.  With the Unix root user, anything goes.  There is nothing it
> >can't delete/ruin/whatever.  On the more multi-user flavours of Windows,
> >even the Adminstrator user can't do certain things.  
> >
> Really?  I didn't know that.  Now that I think of it I guess thats 
> true..  I can't kill system processes in WinXP even as admin..
>

Yep, root can kill every process, every file (including device files),
etc.  Thinking about that is usually enough to scare most people into
using a non root user primarily :)
 
> >In other words,
> >being able to run Windows as Administrator all the time without 
> >consequence doesn't follow on to running as root under Unix all the
> >time.
> >
> So my problem remains...   Maybe I should just change my root password 
> to something a bit shorter...  12 letters takes too long to type 50 
> times a day..

A well chosen password doesn't necessarily have to be long.  Pick
something fairly non predictable (not dictionary word, includes
numbers/punctuation etc), and you shouldn't need 12 characters worth.
Once you've got one that you think will fly, apt-get install john and
run it against your shadow password file.  I left mine running overnight
against my standard password, and it hadn't got it 24 hours later.

As mentioned before, what X apps do you need to run as root?  Perhaps if
you can find console alternatives to them that can be fired off via a
quick sudo (or similar) then that might help too...

- Chris



Reply to: