[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
There is no need. Place the user in the appropriate groups if they need
access to something. If you want to have the user be able to play
audio, then place them in the audio group. If you want them to have
access to the CD/DVD/whatever, then let them ('man 5 fstab' is a good
read, the 'users' keyword is what you're looking for).
>
>>This is just asking for trouble.
>
>
> HOW SO? Everyone says this, nobody every follows through with
> specifics.
>
Viruses and other exploits have very little power on a system if the
user isn't set up to run everything as root. However, if you run across
a remote exploit once as root, it can potentially wipe out everything -
without flinching. As a user, it can try, but to no avail. And if you
properly configure 'sudo', the you have to enter a password when you use
it, anyway. That way something that you get exploited on as a user
doesn't go "sudo rm -Rf /" or "sudo
/home/myuser/.some_horrible_planted_script" and win becuase no password
is required.
>
> No need to audit software that you trust. The fine tooth comb is needed
> to set EVERYTHING up for a normal user to have access to gratuitous
> system resources needed by everyday apps (iPODs, dvd burners, video
> games, advanced sound card features (midi, etc).
>
Create a group and have the device owned by that group. Only add users
with a need-to-use to it. That's proactive security.
>
>>there's no rationale for running as root.
>
>
> Sure there is. You may not see it however.
>
Only when in single-user mode (e.g., "emergency" on the command line) or
when fsck fails or part of the boot process is very broken.
I've only needed to run like this once, and that was on someone else's
system and they freaked out and didn't know what to do. The problem?
The removed something -- running as root.
>
>>Become root - or sudo - when you need to; the rest of
>>the time, don't. Otherwise, running as root without problems is just a
>>matter of luck. How you have things configured really doesn't make too
>>much difference when a sleep-deprived session leads you to inadvertently
>
>
> What's the difference between "sudo mkfs /dev/hda8" and runing
> "mkfs /dev/hda8" as root?
>
If you're working with doing things that require you to work with the
partitions and creating filesystems and so forth, then why not just go
ahead and use 'sudo su -' to get a root shell for the length of time
that you need it? If you're constantly doing stuff like this, you
didn't do your system planning right, IMHO.
--
Michael B. Trausch <fd0man at gmail.com>
Website: <a rel="nofollow" href="http://fd0man.chadeux.net/";>http://fd0man.chadeux.net/</a> Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934 FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG? Key at pgp.mit.edu, Please Encrypt E-Mail!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00475" href="msg00475.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00313" href="msg00313.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> meson3902 at gmail.com (Mark Schill)</li></ul></li>
<li><strong><a name="00346" href="msg00346.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> james.sumners at gmail.com (James Sumners)</li></ul></li>
<li><strong><a name="00348" href="msg00348.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jsheets at yahoo.com (Jerald Sheets)</li></ul></li>
<li><strong><a name="00350" href="msg00350.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> groups at ChangingLINKS.com (ChangingLINKS.com)</li></ul></li>
<li><strong><a name="00351" href="msg00351.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> Robert.L.Harris at rdlg.net (Robert L. Harris)</li></ul></li>
<li><strong><a name="00359" href="msg00359.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00361" href="msg00361.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> kafka at antichri.st (George Carless)</li></ul></li>
<li><strong><a name="00368" href="msg00368.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00465.html">[ale] Linux Distributions</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00467.html">[ale] Linux Distributions</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00507.html">[ale] Linux Distributions</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00475.html">[ale] Linux Distributions</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00466"><strong>Date</strong></a></li>
<li><a href="threads.html#00466"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>