DJA wrote: > James G. Sack (jim) wrote: >> >> The Ubuntu policy seems designed to discourage the practice of logging >> in as root, which is generally considered to be bad because it abandons >> valuable protections against a) doing unintentional bad things, and b) >> cracked or malicious programs gaining full privileges. > > Which is generally considered bad: logging on as root or using Sudo for > all rooty things?
Logging in as root. Sorry for the ambiguous 'which'. I am thinking that it's the naïve users that need the protections most, so it's worthwhile making the default operations look out for him/her. So I agree with Ubuntu policy. > > What is the effective difference in terms of security? I do think there is a definite security benefit from running as non-root except when performing those privileged operations. Do you doubt this? I have only seen one case of a rootkit invasion, and it was on a server (running an outdated apache), but I still believe it's worth worrying about on a home computer, even behind a firewall. Color me (at least somewhat) paranoid. ;-) So reducing the programs that run as root makes real sense to me. Admittedly, the bottom line difference _may_ be small, but I consider it a good value, and do not object the cost. In some sense the inconvenience of becoming root is actually another benefit because it makes me think twice about the commands executed as root. I admit to changing group ownership and group perms on things I like to have read-access to, though. > > How important (practically speaking) are any such differences to a home > computer user? > Especially important for the less experienced. And even for advanced users, I think the protection against inadvertent mistakes is worth avoiding root logins. I worry about this enough that I use a special terminal profile with a special background color when I create a root shell. Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
