On March 1, 2007, Brian wrote: > Please could someone spell out the reason for building software as an > unprivileged user? This is recommended in the BLFS book and elsewhere > (though not in LFS), but I can't find a full explanation. > > If running 'make' as root could (accidentally? maliciously?) trash my > system, doesn't the same apply when I have to run 'make install' as > root? Is there any qualitative difference in security risk? > > (The reason I'm asking, in case you're interested, is that I'm > automating the build using a simple bash script for each package, and > it would be simpler to run everything as root rather than having to > add 'sudo' to my system, which is the only other way I can see of > doing it.) > > Thanks, > > Brian
Oh there as so many reasons. Lets say one day you are merrily building a package as root and something went wrong. You say to yourself, "I will just delete this package and do it again." rm -r /lib/* instead of rm -r /package/lib/* It is easy to do. I did it once. Also, there is a degree of protection if one day you happen to download a malicious package from the net and try to build it. At least the damage would be limited to the user. One of the largest differences between windows and linux is how the basic security is setup. In linux all your daily chores are performed as the unprivileged user. In windows, well, the super user does everything (maybe that changed with vista???). It is best to take the time to learn how the basic security works and run with it. It is really quite simple. Never use root except for sys admin tasks. Shawn -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
