On Mon, 2 Jul 2001 02:05, C.Heaven wrote:
> On June 30, 2001 02:43 pm, you wrote:
>
> <SNIP>
>
> > After getting mightily annoyed at having to run "su" in a console or run
> > Super User file managers or give my root password time after time in
> > order to run Mandrake Control Center or other root-only utilities, I now
> > log in all the time as root. Before the geekoids on the list warn me of
> > my impending eternal damnation,<g> let me explain my reasoning:
> >
> > I am the sole user. I am thus both root and judy (the only user). If I
> > want to do something that will affect the all-important system files,
> > I'm going to do it whether I'm logged in as user or root. So working as
> > user does nothing but make me jump through more hoops to do what I'm
> > going to do anyway. Why not avoid the hassle and work as root all the
> > time? One password per session and no consoles for "su"-ing, I can
> > unmount my Zip disks at will, I can deal with all files in all file
> > managers, I can edit what I need to, I can install programs without
> > problems.
> >
> > See, these "security features" can't stay the way they are if Linux is
> > to attract even the Mac's share of the desktop market. Home business and
> > consumer users will react the way I did
> > and just get fed up and abandon Linux if they have to go through these
> > endless permissions, logins, and passwords to manage their systems. In a
> > home system, you're constantly installing or upgrading software or
> > making changes to your display or your hardware. Any consumer GUI has to
> > accommodate such usage, which is nothing at all like what a larger
> > network requires.
>
> <begin sarcastic comment>
>
> Perhaps you should forward your comments to Microsoft in order to save
> their impending doom on the desktop due to implementing the very same super
> user concept in their NT based operating systems.
>
> <end sarcastic comment>
>
> Restricted super user authority is a hallmark of *NIX, and is one of the
> primary reasons it is so stable. Microsoft recognized this when they went
> to work on NT, and carried on w/ the practice thorugh Win2k. Regardless of
> the crap coming w/ XP one major advancement is the same
> multi-user/permission based concept. The bottom line is that the majority
> of PC users who claim to be proficient know jack, and need to be protected
> from themselves more than anything else. This is one of the primary
> reasons our company deploys Win2k on the desktop - to stop users from
> trashing their systems, and then requiring us to fix their mistakes. We
> promote the very same practice to home users in order to prevent kids, or
> other family members from installing some piece of hellware that guts
> Windows.
>
> Don't hold your breath waiting for Linux distributors to remove su, and
> permission based file structures. Not only would such a distro be non
> POSIX compliant, no self respecting *NIX vendor would abuse such a time
> proven and effective model.
>
> If this concept had of been implemented in the 9x line of products (even
> though the underlying technology is absolute junk) I can hardly imagine how
> astronomical the world wide productivity gains would have been over the
> past seven years - compared to what has actually transpired.
>
> Considering you just started using *NIX I guess it isn't fair to expect you
> to fully understand, and respect the benefits of POSIX. However, I will
> bet a dime to a dollar that if you continue using *NIX, and don't respect
> it's structure you will end up w/ an unstable operating system just like
> Win 9x.
>
> <SNIP>
>
>
> Regards,
>
> SpeedMan
Having a separate root user also enhances network (including Internet)
security. If a cracker manages to enter your system as a normal user, (s)he
will have to also gain rot access in order to actually do any damage. Before
you give the common response "why would anyone hack into my computer?", let
me inform you that most crackers do mot crack into machines to steal your
information. Most crackers will use your computer as a staging ground to
issue denial of service attacks against other computers, using automated
trojan horses like the WinDOS SubSeven trojan. These crackers crack into
literally hundreds of home computers and leave their small barely detectable
trojan. They can then command all these computers to attack a specific target
-- all at once. The sheer volume of data sent from these computers to this
one site can be enough to bring it down. This is the main reason why Internet
security is everyone's responsibility.
If you find that typing a simple password is so annoying, take a look at
kdesu and sudo. The former is integrated via KDE and can be configured via
the KDE Control Centre. It can be set so that once the root password is given
to run a specific application within a specific user's account, it will not
have to be typed again for a predetermined amount of time. It can be called
via desktop and menu icons (e.g. "kdesu kpackage"). Sudo can give temporary
limited root privileges to a user. The amount of power given is fully
configurable.
Also, if you wish to (un)install RPMs as a normal user, use userdrake to add
yourself to the urpmi group. Then you can install packages with "urpmi
packagename.rpm" and uninstall them with "urpme packagename.rpm" -- all
without typing the root pasword.
--
Sridhar Dhanapalan.
"There are two major products that come from Berkeley:
LSD and UNIX. We don't believe this to be a coincidence."
-- Jeremy S. Anderson
