You should not be as root all the time becouse root can do anything, and any little mistake could be desastrous, like running rm when you actually meant mv, or stuff like that.
It is safe (as far as someone sniffing your root password, or any other user's) to use ssh, but don't stay connected as root for the same reason above and also if someone else can phisically access your machine. Running any service as root can be dangerous since the service has the same permissions as root. If the service has security flaws, someoune could gain the priviledges of the service and do whatever they want in your system. You ofcourse need that the service has those flaws and that people know how to explode them for this to happen. No reason to risk here. On Tuesday 17 December 2002 13:53, Denise Mangano wrote: > I know this is a na�ve question, and slightly irrelevant to the > newsgroup... > > I keep getting told left and right not to work as root. I heeded this > advice a while back and created a user. Here is the thing. My RH 7.3 box, > running Apache 1.3.27 & Tomcat 3.1.17 (no I haven't gotten them connected > with mod_jk yet:) ) is logged in as root. But I work on my files through a > secure shell from my workstation, where I log in as the user I created. Is > it not safe to leave my box logged in as root? > > My concern is when people access my website can they somehow get into my > box and wreak havoc? For example with my current setup people are > accessing a website hosted on a machine that is logged in with root > access.... Is it better that I sign in on the actual box as this created > user only changing login to root as needed or does the logon of the actual > box not matter as long as I am not messing around as root...? If I should > sign onto the box as this user, how can I make sure this user has rights to > Apache and Tomcat? (as of right now this user has rights to execute java > commands, but I am not sure if there is anything special I need to do for > apache and tomcat). On a side note is there anyway to create a user that > has "almost" root access but can't do the damage root can do? > > Again na�ve, but thought I would throw it out here anyway :) Thanks!! > > Denise Mangano > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> For additional > commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
