On Nov 7, 2005, at 11:52, Bruce Johnson wrote:
On Nov 7, 2005, at 9:39 AM, Daniel wrote:
Interesting. I personally log onto my Tiger (10.4.2) iMac as root,
in order to perform system backups.
I just use RsyncX for backups, or Pseudo if I need to run a GUI
process as root.
Feel free to describe your backup system. I personally use a script I
wrote that uses find & tar to back up to a Firewire hard disk. I
usually run it out of cron, but since my wife doesn't always shut down
her applications overnight, I'm not convinced the Mail backups, for
example, are valid, so I sometimes log in as root to make those
backups. I suppose I could log everyone out of the console, then ssh
in and sudo to root to do the backup, but that seems a bit silly, and
probably unnecessary.
The problems with running things as root in the GUI is that a heck of
a lot of files that shouldn't be owned by root can be made so. You end
up making a lot of "suid" type holes in your system. (you also do
things like disable programs, printing and other stuff.)
Interesting. I haven't heard any of this before. Would you mind
pointing me to some documentation detailing these types of problems on
a Panther/Tiger system?
Also, root exists as a log-innable account, which is just one more
security issue.
Root being able to log into the console is not the same as root being
able to log in via ssh, but you know this. Console access for root is
no more a security issue than is physical access to the machine.
Remote root access, yes, would be a huge problem.
OS X ain't a fancy Xwindows kit on top of Unix, and treating it like
Linux or Solaris isn't necessarily a good thing.
Feel free to point me to documentation about the problems of running as
root on an OS X box.
Thanks.
Daniel
--
G-List is sponsored by <http://lowendmac.com/> and...
Small Dog Electronics http://www.smalldog.com | Refurbished Drives |
-- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! |
Support Low End Mac <http://lowendmac.com/lists/support.html>
G-List list info: <http://lowendmac.com/lists/g-list.shtml>
--> AOL users, remove "mailto:";
Send list messages to: <mailto:[email protected]>
To unsubscribe, email: <mailto:[EMAIL PROTECTED]>
For digest mode, email: <mailto:[EMAIL PROTECTED]>
Subscription questions: <mailto:[EMAIL PROTECTED]>
Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/>
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com
