I'm not sure how clear this is yet, so I hope this clarifies:
First, the reason that you aren't supposed to run as root is because
root has all the priviliges necessary to completely destroy your
system. Even if you could grant another user those same privileges
(and you can't; that's fundamental to the Unix security model), there
would be no purpose to it: if the user "bob" had all the power of root,
it would be just as wrong to run as "bob" as it currently is to run as
root.
If you want to give bob the ability to run certain services, then you
must do two things:
1. Add bob to the root group; and
2. Ensure that the service in question has group access.
For example,
chmod g+r /var/log/messages
chmod g+rx /sbin/linuxconf
In order to actually do linuxconf sort of "stuff", though, you'll have
to make all of those services available to bob as well, or you'll have
to actually
chmod u+s /sbin/linuxconf
The latter isn't so bad as long as /sbin/linuxconf denies "o" (world)
rx privileges.
If the above was greek you might want to consider studying up a bit.
(And perhaps it's the newbie list that you want.)
On the other hand, "su" is the usual way to deal with this. I always
personally just keep up a shell that is su'ed to root and when I need
to do something priviliged to change into my "root" workspace and have
at it.
- B U T -
Please keep in mind that it is, as you've heard, a very, very bad,
dangerous idea to always run as root under Linux,
BUT
It's no *worse* than runing Windows 3.1/95/98. As anybody.
The only thing that root has is the privilege to change any file or
modify any service. Under the Microsoft consumer-oriented operating
systems (and under Macintosh for that matter), you *always* have the
ability to change any file or modify any service.
If you are happy with having abolute power and you don't want to learn
to live in a more constrained environment; if you don't really care
that much about the risk of viruses and trojan horses; if security
isn't a priority for you . . .
Then just keep on running as root and don't sweat it.
Increased security always implies decreased covenience, and as long as
you aren't on a dedicated line (cable modem or DSL), and you aren't
running any network servers, you are basically only risking your own
system. And even so it's still safer than running Windows, just becuase
most Linux users are being more secure than this, and this "community
health" effect protects you even if you don't follow such secure
practices, by discouraging virus writers from even trying, and by
making them spread much less efficiently.
(Sort of like how if everybody else gets innoculated it helps you.)
On Tue, 29 Feb 2000, you wrote:
| Thanx for everybody for the answers regarding the hosts.allow and hosts.deny
| files... I got them rectified...
|
| However, I have one more simple (?) question in regards to users privledges.
| As per the instructions during installation I create a different or new user
| other than root. However, I've been using root all this time for my
| configuration and learning of this system. I've been told time and time
| again that I shouldn't be using the root, so I went into linuxconf to change
| the permissions of the one user I did create. I wanted to give that user
| SuperUser access, the ability to run linuxconf, and view the system logs.
| However, after setting these options, and loggin in as that user, I'm still
| restricted. I cannot run linuxconf, nor can I peruse the /var/log
| directory. I've gone back into linuxconf as root and the changes I made for
| that user still exist as I set them, but none of them are in effect.
|
| I even made the user of the root group to no avail... could somebody help
| me out either by telling me what I'm missing, or at least direct me in the
| correct direction for solving this little mystery?
|
| thanx
|
| Joseph E. Sheble
| a.k.a. Wizaerd
| Wizaerd's Realm
| http://www.wizaerd.com
| Featuring 3D, Canvas, and ColdFusion
| ============================================
| CF Developer for iTOOL.com
| http://www.itool.com
| Build Your WebSite Today!
| ============================================
--
I am "Brian, the man from babble-on" (Brian T. Schellenberger).
I can be reached at [EMAIL PROTECTED] .
I support http://www.eff.org & http://www.programming-freedom.org .
I boycott amazon.com. See http://www.gnu.org/philosophy/amazon.html .
