On Wed, 18 Jun 2014 00:06:35 -0500 Barry Schwartz <chemoelect...@chemoelectric.org> wrote:
> Frank Peters <frank.pet...@comcast.net> skribis: > It's amazing how people become nearly apoplectic whenever they encounter > a case of a user running entirely as root. > > It’s no worse than running MSDOS, and it’s > typical practice when running from, for instance, a rescue disk. The > main risk is accidentally deleting or overwriting things, not > break-ins. > You can completely eliminate accidental deletions or overwrites as root by using the extended file attributes. For example, on an ext2/3/4 file system, the command "chattr +i files..." will prevent all modifications, links, deletions, or overwrites to the selected files. The "i" attribute is the "immutable" attribute and is very nice to have. To delete such files just clear the "i" bit. (I have set up a script in Midnight Commander where I can render files immutable or mutable with a quick keystroke.) Frank Peters
