On Nov 7, 2005, at 12:26, Bruce Johnson wrote:
On Nov 7, 2005, at 10:06 AM, Daniel wrote:
On Nov 7, 2005, at 11:52, Bruce Johnson wrote:
On Nov 7, 2005, at 9:39 AM, Daniel wrote:
I personally use a script I wrote that uses find & tar to back up to
a Firewire hard disk. I usually run it out of cron, but since my
wife doesn't always shut down her applications overnight, I'm not
convinced the Mail backups, for example, are valid, so I sometimes
log in as root to make those backups. I suppose I could log everyone
out of the console, then ssh in and sudo to root to do the backup,
but that seems a bit silly, and probably unnecessary.
rsync will copy open files, I believe, which avoids that problem. It
also sychronizes backups, making the nightlies a lot less time
consuming.
Well, my backups might not be problematic - I'm not sure, as I've never
tested that particular part. It's just safer to make backups when no
files are open.
The problems with running things as root in the GUI is that a heck
of a lot of files that shouldn't be owned by root can be made so.
You end up making a lot of "suid" type holes in your system. (you
also do things like disable programs, printing and other stuff.)
Interesting. I haven't heard any of this before. Would you mind
pointing me to some documentation detailing these types of problems
on a Panther/Tiger system?
None but anecdotal...someone on the list kept having all sorts of
printing and permissions problems; they went away after he stopped
logging in as root and ran repair permissions from disk utility. Other
people on campus have tried to approach OS X as if it were Linux and
run into issues: stuff stops working, stuff doesn't work like they
expected it to, etc.
Are those anecdotes with Panther/Tiger, or are they with earlier
versions of OS X? It seems to me that earlier versions were much more
prone to permissions problems than are Panther and Tiger.
Also, root exists as a log-innable account, which is just one more
security issue.
Root being able to log into the console is not the same as root being
able to log in via ssh, but you know this. Console access for root
is no more a security issue than is physical access to the machine.
Remote root access, yes, would be a huge problem.
Actually, no. OS X isn't designed for root to have a home folder. I
suspect that can cause issues with security.
Every user on a Unix system must have a home folder. On both Panther
and Tiger, ~root is /var/root.
OS X ain't a fancy Xwindows kit on top of Unix, and treating it like
Linux or Solaris isn't necessarily a good thing.
Feel free to point me to documentation about the problems of running
as root on an OS X box.
As I said, I've only got anecdotal evidence to say it's a bad thing. I
know the system is designed to not have root log in, and since a
terminal shell is easy enough to convert into a root-owned shell
session, I personally see no reason to enable root.
For most things on OS X, that's certainly the case. There are a few
situations where it is, I think, warranted, but your statement is
certainly generally true.
I've seen enough times where Apple says "don't do this", people do,
and later come to grief to understand that Apple's engineers know what
they're doing with the OS better than I do.
Well, sure, but remember who Apple is talking to there. It's probably
not wise to suggest that a Unix neophyte log in as root ("sudo
commandname" is a much better option for them), but for those of us who
actually do know and understand Unix, logging in as root is probably a
safe thing to do. Again, if Apple recommends against this with
Panther/Tiger, free free to point me to that documentation.
Daniel
--
G-List is sponsored by <http://lowendmac.com/> and...
Small Dog Electronics http://www.smalldog.com | Refurbished Drives |
-- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! |
Support Low End Mac <http://lowendmac.com/lists/support.html>
G-List list info: <http://lowendmac.com/lists/g-list.shtml>
--> AOL users, remove "mailto:";
Send list messages to: <mailto:[email protected]>
To unsubscribe, email: <mailto:[EMAIL PROTECTED]>
For digest mode, email: <mailto:[EMAIL PROTECTED]>
Subscription questions: <mailto:[EMAIL PROTECTED]>
Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/>
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com
