Tyler Regas wrote: >>it reportedly has the user run constantly as root. > > > I never understood that. It must be from my years on single-user systems. > I just can't grasp the idea that running a Linux box as a single user so > dramatically places said user in catastrophe's way. I do it all the time. > I never set up additional users. Not once have I done anything that I > couldn't have done as a user and no unauthorized persons have ever > gained access to my machine.
But that doesn't make it right. That's like saying "I've fired my weapon thousands of times and never shot anyone else". It's a principle, not a statement of fact. Simplicity is still the common denominator in the fact that "if it's not installed on the system, it can't be compromised". Use BIND as an example. If it's not installed, the exploits used against it are worthless. It's no different for users accounts. If the user isn't allowed to do it, it isn't another security hole to worry about. If every user can edit /etc/passwd then what's the point of having passwords? User A can hose User B's account, and as User B I'd expect my account and work to be secure. On a single user system it's not a concern, but on a multi-user system there's a completely different scenario, which is why that principle is so much more relevant. How many single user mainframes do you think exist? UNIX was intended to be multi-user which is why that principle is highly relevant. So your argument is that it "can" be done and the community is that it "shouldn't" be done. It's been argued to death, but nonetheless "shouldn't" won't come back to bite you in the ass. > There's really no reason why a person should not be able to run as root > and still receive warnings about what they might do. It all really comes > down to user interface. Then again, if the coder doesn't want to add > these friendly aspects and count on the user being so savvy as to > question everything while providing little to no documentation, there's > nothing I can do to stop that. I'll simply use another tool. Now just "why" would I want to receive a warning message every time I need to make a change as root? If I'm running as root, I'd damn well better know what I'm doing, otherwise I shouldn't be doing it. That solution reminds me of a paperclip that always tried to offer advice. Stupid users that are unable to make a decision without being prompted with "are you sure?" should either seek more training or a different occupation. I sure wouldn't want a doctor or mechanic that needed to be prompted with that. And yes, the information, financial records, credit reports and other data can be just as important as a doctor's scalpel or a mechanic's wrench. Can you imagine someone's investment portfolio suddenly disappearing because everyone had root? <snip> Not a slam, just trying to help you "grasp the idea" from the other point of view. -- Andrew Mathews ------------------------------------------------------------ 1:10pm up 35 days, 12:49, 9 users, load average: 1.00, 1.02, 1.04 ------------------------------------------------------------ Work is of two kinds: first, altering the position of matter at or near the earth's surface relative to other matter; second, telling other people to do so. -- Bertrand Russell _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.