On Sat, Oct 16, 1999 at 04:56:47PM -0300, luciano wrote:
> Everywhere i read about not using the root account all the time, but i
> don't see where's the problem in doing it.
> I use linux on 1 machine not conected to a lan, only with a dial
> up connection to internet. My question is, it's really necesary for me
> to have another account besides root (i'm the only one who uses linux
> in this pc)?
Yes...
There are a lot of complicated and convoluted reasons why, but
I'll give you a couple of simple ones with real examples.
1) If you are running as root, some applications (like gnome amongst
others) will modify the system wide defaults instead of the per user
preferences. While you may come back and say "why should I care, I'm the
only one using the system" this is important on single user systems. If
you $#@$#@ a configuration when running as root, you are toast. If you
do it as a simple user, you can simple dump your screwed up preferences
and fall back to the system defaults and start again. In other words,
root has no fall back, safety, or backup if you screw a configuration.
My son actually slammed into this while he was in Bosnia (Army).
He screwed his gnome configuration so bad that he couldn't log in as any
user. I ended up copying a new set of system wide defaults to him in
Bosnia via scp and then installing the new defaults. After that, he operated
as a normal user for normal work.
2) Running routinely as root exposes all of your system files to any
kinds of virii (yes they do exist for Linux) or trojan horses that may
come along. Bliss was debatably either a virus, a worm, or a trojan, but
it depended on chump sucker victims to be running as root in order to do
any damage. If you never read E-Mail as root and never browse the web
as root and never run games as root you pretty much limit the ability of
a cyber-toxin to infect your system.
Bliss failed to become a serious threat because most users who
were exposed were not running as root. It's ratio of propagation (number
of systems to which it infects for each system it has infected) was less
than unity so it died out. If you want to run as root, you may as well
be running DOS, you have just about that much security and protection.
3) Mistakes and typos are manifestly worse when running as root.
Simple mistakes which might be agravating to a normal user can be
incredibly destructive as root.
Typing "rm -rf * .o" in the wrong directory and you may get
"permission denied" while running as a simple user. You may end up
very intimate with your install disks if you were running as root.
4) Identification as a chump... If you send out E-Mail as
"[EMAIL PROTECTED]" you can be sure that you have just been identified as
a newbie chump waiting for the picking. You will then get a lot of
unwanted attention from people with very strange sounding names. :-)
If you fail the see the security implications of running routinely
as root, you can be sure than a lot of the crackers and intruders who
haunt the chat rooms and mailing lists will see the implications of your
ignorance. They'll come knocking just to see what else you missed. After
all, they can use another system to stage their attacks from. An then
you're not the only user using your system. :-)
I have lots of other reasons, but these will do for now.
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
