>>>>> "James" == James <[EMAIL PROTECTED]> writes:
James> I hope this isn't too much of a newbie question, but I
James> thought I'd get it out of the way. All the manuals I read
James> suggest to NOT administer Linux as root, but nowhere have I
James> found the reason "why." What is the major problem with
James> being on your system as root all the time? Everyone
James> suggests logging in as a normal user. Why? Thanks.
Last week, I was resetting ownerships and permissions on some
directories on a machine I adminster. I was working as `root', using
`dired' in XEmacs. In dired, you can run a shell command on a file
or directory the cursor is on by pushing the `!' key, then typing the
command in the minibuffer.
In that command, `*' expands to the file you had the cursor on, or to
the list of marked files, if you've marked a set. `.' expands to
$(pwd).
I put the cursor on a directory, intending to `chown -R' it to a
user's name and group, typed `!', followed by (as if I was working in
an xterm or from the console and had done a `cd' into that directory)
`chown -R user.group .', when it should have been `chown -R
user.group *' or just plain leave off the star...
The command was taking a lot longer than I expected... and the
directory I ran it on was anchored off `/'. It took the rest of the
day (6 hours?) to reset the ownerships and permissions on the
filesystem, because it effectively ran `chown -R user.group /', and
almost finished before I stopped it. There's about 12Gb of files on
this box. (It's very fast SCSI.)
Well, I HAD to be root to do that kind of admin work. But as a user,
had I been working in my own directories and typed a command like
that or worse, it could NOT escape and affect other people's or the
system's files, because of *nix file protections.
It's a very good thing that one of the default Debian cron.daily jobs
makes a listing of the setuid and setgid binaries on the system. (It
does this then generates a diff against yesterday, so you can see if
things are being changed on you.) I was able to write a simple `awk'
command that dumped a command script to fix them all.
I've heard that `rpm' keeps a database of the ownership and
permission settings of every registered file. It would be nice if
`dpkg' would incorporate that functionality someday.
