Tyler Regas wrote:
>>it reportedly has the user run constantly as root.
>
>
> I never understood that. It must be from my years on single-user systems.
> I just can't grasp the idea that running a Linux box as a single user so
> dramatically places said user in catastrophe's way. I do it all the time.
> I never set up additional users. Not once have I done anything that I
> couldn't have done as a user and no unauthorized persons have ever
> gained access to my machine.
But that doesn't make it right. That's like saying "I've fired my weapon
thousands of times and never shot anyone else". It's a principle, not a
statement of fact. Simplicity is still the common denominator in the
fact that "if it's not installed on the system, it can't be
compromised". Use BIND as an example. If it's not installed, the
exploits used against it are worthless. It's no different for users
accounts. If the user isn't allowed to do it, it isn't another security
hole to worry about. If every user can edit /etc/passwd then what's the
point of having passwords? User A can hose User B's account, and as User
B I'd expect my account and work to be secure.
On a single user system it's not a concern, but on a multi-user system
there's a completely different scenario, which is why that principle is
so much more relevant. How many single user mainframes do you think
exist? UNIX was intended to be multi-user which is why that principle is
highly relevant. So your argument is that it "can" be done and the
community is that it "shouldn't" be done. It's been argued to death, but
nonetheless "shouldn't" won't come back to bite you in the ass.
> There's really no reason why a person should not be able to run as root
> and still receive warnings about what they might do. It all really comes
> down to user interface. Then again, if the coder doesn't want to add
> these friendly aspects and count on the user being so savvy as to
> question everything while providing little to no documentation, there's
> nothing I can do to stop that. I'll simply use another tool.
Now just "why" would I want to receive a warning message every time I
need to make a change as root? If I'm running as root, I'd damn well
better know what I'm doing, otherwise I shouldn't be doing it. That
solution reminds me of a paperclip that always tried to offer advice.
Stupid users that are unable to make a decision without being prompted
with "are you sure?" should either seek more training or a different
occupation. I sure wouldn't want a doctor or mechanic that needed to be
prompted with that. And yes, the information, financial records, credit
reports and other data can be just as important as a doctor's scalpel or
a mechanic's wrench. Can you imagine someone's investment portfolio
suddenly disappearing because everyone had root?
<snip>
Not a slam, just trying to help you "grasp the idea" from the other
point of view.
--
Andrew Mathews
------------------------------------------------------------
1:10pm up 35 days, 12:49, 9 users, load average: 1.00, 1.02, 1.04
------------------------------------------------------------
Work is of two kinds: first, altering the position of matter at or near
the earth's surface relative to other matter; second, telling other people
to do so.
-- Bertrand Russell
_______________________________________________
Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users
Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
