On Fri, Jul 21, 2000 at 06:16:53PM -0400, Fireman71 wrote:
> Hmmm, i run root all the time and will continue to do so. couple of reasons.
> I got tired of typing su and sudo about every 3rd command. I got tired of not
> being able to cd into some of my directories.
A reasonable complaint. May I suggest a more secure way to handle it?
If you run X, run multiple desktops. I run eight, and often use them
all. From the desktop, lauch a shell, then su - to each user you need open
(except for the user under which you launched X). I have a desktop for
root which usually has a couple of xterms and a copy of emacs running. I
have several desktops for my personal login, ccurley, and two for ssh
logins to other systems on my network, as needed.
This way, root is a rodent click away. This is less secure than insisting
on using su - or sudo all the time, but much easier.
To secure the root window when I am not around, I have secured my desktop
with a password enforced screen saver. This, even though I work in my home
office and have excellent physical security for my facility.
If you work without X, you can get the same effect with multiple open
consoles.
>
> When i make a mistake as root and wipe out half my file system, so what, its no
> big deal to me. I am not NASA or the pentagon. I am a, in my opinion, typical
> homeuser. There is nothing installed on my system that would cause the world to
> end if it gets erased or deleted. It would only be me spending my time
> reinstalling everything. Big deal. Now yes i can see this when you get into
> systems that have several users, or at places such as banks, universities,
> governments, etc. But for the typical home user i dont see that it is that big a
> deal to run root so long as they arent going to go crying and whining that they
> erased half their files. If they are willing to accept that chance on their own
> machines i say get off their back and let them.
On the face of it, this appears to be a reasonable argument, except: I
guarantee that you will acquire bad habits.
Let me give you an analogy: the first rule of firearm safety is that all
guns are assumed to be loaded at all times, unless you know for a fact
from your own inspection that 1) a gun is unloaded, and 2) it has not left
your sight. Get in the habit of acting on that assumption, and you will be
much safer around firearms.
Some folks tell me they think that is overly paranoid. Fine. I'd rather
clear a gun unnecessarily than have an accidental discharge (AD).
OK, an AD can do far more damage than you wiping out your hard
drive. Still, restoring your system, even assuming you have backups (you
do have backups, don't you?), is a bloody nuisance. I'd rather switch to
root from time to time than do a restore.
It comes down to your habits. I'd rather have safe habits and running as
root is an unsafe habit. If you have unsafe habits like that, remind me
not to hire you for anything at all. I'd have to wonder what other unsafe
habits you have.
--
-- C^2
No windows were crashed in the making of this email.
Looking for fine software and/or web pages?
http://w3.trib.com/~ccurley
PGP signature
