Re: Is this why you shouldn't log in as root?

To: debuser <debian-user@lists.debian.org>
Subject: Re: Is this why you shouldn't log in as root?
From: "Mark L. Kahnt" <kahnt@hosehead.dyndns.org>
Date: 28 Apr 2003 13:32:16 -0400
Message-id: <[🔎] 1051551135.3353.15.camel@localhost>
In-reply-to: <[🔎] 3EAD5EC7.2000608@ncia.net>
References: <[🔎] 3EAD5EC7.2000608@ncia.net>

On Mon, 2003-04-28 at 13:03, alex wrote:
> Assume that you log in to Gnome as a user, call up a
> terminal and then do su or sudo.
> 
> Does this give root access to Gnome or is root's
> operation restricted to what it does in the
> terminal while user can still operate in Gnome?
> 
> My thinking is that since user doesn't have the
> permissions that root has, user can't do as much
> damage in Gnome that root could.  So, by not logging
> root in to Gnome (or KDE), root doesn't have the
> opportunity to do any damage.
> 
> This could be true only if when you do su or sudo in
> terminal, root's authority is restricted to that
> terminal while user can still use Gnome.
> 
> Is this reasoning correct?
> 

It is in the right direction, somewhat.

Anything started as a particular user, usually runs as that user in
terms of permissions (sometimes a program can change who it runs as - if
it needs root privileges for specific tasks, it might have special
permissions to run as root for those tasks, or if poorly written,
insists on running as root across the board. Other programs switch
themselves to be a specific non-human user - no root privileges, but
access to a common database within the context of the program, for
instance.) Unless directed otherwise, anything "spawned" from a program
running as one user (such as a shell, or a GUI) similarly usually runs
as that user, with the same permissions.

If you open a shell and switch user to root in it (or use a shell that
does that automagically,) anything run from that shell runs as root,
unless otherwise changed. Anything not run from that shell runs as the
user that the launching program/environment is set as.

Personally, I have a trick to make sure that I can identify anything I
run that has been spawned as root rather than as me - the Xresources,
KDE interface, and Gnome settings for root are all set to have garishly
obvious colours, so that I know that mistakes with those programs could
be toxic.
-- 
Mark L. Kahnt, FLMI/M, ALHC, HIA, AIAA, ACS, MHP
ML Kahnt New Markets Consulting
Tel: (613) 531-8684 / (613) 539-0935
Email: kahnt@hosehead.dyndns.org

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: Is this why you shouldn't log in as root?
  - From: alex <radsky@ncia.net>

References:
- Is this why you shouldn't log in as root?
  - From: alex <radsky@ncia.net>

Prev by Date: Re: Is this why you shouldn't log in as root?
Next by Date: Re: General jerkiness/pausing of system..
Previous by thread: Re: Is this why you shouldn't log in as root?
Next by thread: Re: Is this why you shouldn't log in as root?
Index(es):
- Date
- Thread