>>>>> "James" == James <[EMAIL PROTECTED]> writes:
James> I hope this isn't too much of a newbie question, but I James> thought I'd get it out of the way. All the manuals I read James> suggest to NOT administer Linux as root, but nowhere have I James> found the reason "why." What is the major problem with James> being on your system as root all the time? Everyone James> suggests logging in as a normal user. Why? Thanks. Last week, I was resetting ownerships and permissions on some directories on a machine I adminster. I was working as `root', using `dired' in XEmacs. In dired, you can run a shell command on a file or directory the cursor is on by pushing the `!' key, then typing the command in the minibuffer. In that command, `*' expands to the file you had the cursor on, or to the list of marked files, if you've marked a set. `.' expands to $(pwd). I put the cursor on a directory, intending to `chown -R' it to a user's name and group, typed `!', followed by (as if I was working in an xterm or from the console and had done a `cd' into that directory) `chown -R user.group .', when it should have been `chown -R user.group *' or just plain leave off the star... The command was taking a lot longer than I expected... and the directory I ran it on was anchored off `/'. It took the rest of the day (6 hours?) to reset the ownerships and permissions on the filesystem, because it effectively ran `chown -R user.group /', and almost finished before I stopped it. There's about 12Gb of files on this box. (It's very fast SCSI.) Well, I HAD to be root to do that kind of admin work. But as a user, had I been working in my own directories and typed a command like that or worse, it could NOT escape and affect other people's or the system's files, because of *nix file protections. It's a very good thing that one of the default Debian cron.daily jobs makes a listing of the setuid and setgid binaries on the system. (It does this then generates a diff against yesterday, so you can see if things are being changed on you.) I was able to write a simple `awk' command that dumped a command script to fix them all. I've heard that `rpm' keeps a database of the ownership and permission settings of every registered file. It would be nice if `dpkg' would incorporate that functionality someday.