I agree with Sridhar completely!
If you've ever installed your machine with high security, you can't even login
with a Windows Manager with the root user. The only time I've done it, has
been to compile kernels, and the machine was NOT on the Internet.
I do a "su -" for maybe 10 or 15 minutes a day. I do that for 6 different
machines as I check the root mailbox, and install a program, or edit a config
file. I write a lot of scripts as well. 99% of them have been across the
board scripts that could be used by any user, but you can still write a script
and possibly test it with out being the root user.
But again, Sridhar is correct, root in essence is the computing god. You
can do anything you want. If you're on line and logged into root, that tty
port can be taken over and a random user who's walked in the backdoor now has
access to "god."
Some of this may be a SysAdmin's parania, but at the same time I've been with
companies that was hacked by a rookie hacker. Had he been a veteran cracker,
the company would have literally been screwed! All the "damage" he did could
have been avoided had the SysAdmin not left several root logins on the
machine. Something he was warned about. But since I wasn't a SysAdmin at the
time, I didn't know what I was talking about.
But to say it's so easy to have root access to your machine, that's an even
better reason to login as a user, then from there su - to root to do the work
you need to do and then log out.
tdh
--
T. Holmes
-----------------
UNIXTECHS.org
[EMAIL PROTECTED]
-----------------
"Real Men Us Vi!"
Uptime:
--------------------------------------------------------------------
9:24AM up 5 days, 12:31, 3 users, load averages: 0.04, 0.05, 0.00
--------------------------------------------------------------------
| As a sysadmin, you should know the dangers of logging-in as root. Root gives
| god-like access to the machine, and accessing the Internet as root is just
| asking for trouble. When you use the Internet, you are announcing your
| presence to the world. If you are root, then anyone who manages to break into
| your system (which is much easier when you're root) will also have god-like
| access. Because of this, it is best to minimise the time you spend as root,
| and to limit your permissions to only as much as you require. This can be
| achieved with a combination of su, kdesu and sudo from an ordinary user
| account.
|
|
| On Mon, 9 Jul 2001 09:37, RahOoh wrote:
| > If its so easy to have root capabilities, why not just log on as root?
| > I work as a system administrator and I always log on as root, and so do my
| > peers. Perhaps this is because we write scripts all the time, but I have no
| > problems. Just my point of view.
| > Dan B
| >
| > Sridhar Dhanapalan wrote:
| > > Curtis,
| > >
| > > I must ask why you have the need to log on as root. There should be
| > > absolutely no need for it (it's a security risk). One of the best ways to
| > > accomplish a task that requires root privileges (e.g.
| > > installing/uninstalling software, changing configs, etc.) is to su into a
| > > root terminal. To do this, simply open a terminal and type "su". Enter
| > > your root password and from then on everything in the terminal is done as
| > > root. Everything outside the terminal will be done as your user. Remember
| > > to close (or log out of) the terminal as soon as you're done, to minimise
| > > the time you leave your system open. Also, take a look at "kdesu" (part
| > > of KDE -- look in the KDE help for details) and sudo (a separate package
| > > but on your Mandrake CDs). These make running root tasks from within a
| > > user account even easier.
| > >
| > > One thing you mentioned below is your use of the Ctrl + Alt + Backspace
| > > key combo to log out. This is supposed to be for emergencies only,
| > > similar to Ctrl + Alt + Del in Windows. If you wish to log-off, you
| > > should use the log-off function in your environment of choice (kind of
| > > like "shutting-down" X). When this is done, you can log-in again,
| > > shut-down your computer (using the menu option), or reboot (again, using
| > > the appropriate menu option). Failure to do these things may may result
| > > in ruin to your system.
------------------------------------------------------------------
Your Fortune
"They told me I was gullible ... and I believed them!"
