On 2 June 2010 10:31, Jim Cheetham <[email protected]> wrote: > If you are the owner of the computer in question and you are > "competant", there is no reason at all not to use root all the time. > Just set your uid to 0 and be done with it. I'm as serious with that > comment as I am with "writing passwords down", i.e. very serious. >
This is both horrible and dangerous advice. First, we are human and I don't care how "competent" you are, people make mistakes. Running as a normal user the impact of mistakes are much less. Running as root, a mistake could mean re-install from backups. Second, even if you are on top of what you do, a run away process becomes much more dangerous to the system. The reserve free space (usually 5%) that is there in case of a too full disk doesn't work. Many applications are buggy and depend on user level access to protect the system. (wireshark/and the like) Do you really trust flash/firefox not to do bad things as root? Running as root also has direct access to memory and can kill/modify memory of other processes. > However, if you are *not* the owner (i.e. in any business context) > then sudo provides a very valuable audit log experience. You have 5 > admins -- which one was it that logged on as root and broke your > production system? With sudo, it is much easier to track back on > problems. You can use sudo to get a root shell, rather than restrict > it to individual commands, if you want the flexibility. > > -jim Sure, sudo helps with logs if the admins use it. I use a configuration management systems to ensure things are kept in check. Typically I find that my admins would use it when doing simple things. (vim/restarting services) But if they need to do a lot of work, "sudo su -" is used. With a remote "root" user login it could be any one of the admins. With sudo, the admin user logs in with their account and then runs sudo. So you get some ideas. =) Sudo also allows you to give fine-grained acess controls intead of full root. Allowing junor admins to do x,y,z only is a good thing. (tm) sV
