[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Tue May 24 13:51:10 2005 -->
- <!--x-from-r13: genafnz ng irelfrpheryvahk.pbz (Pbo Fbkra) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Root vs Normal User -->
- <li><em>date</em>: Tue May 24 13:51:10 2005</li>
- <li><em>from</em>: transam at verysecurelinux.com (Bob Toxen)</li>
- <li><em>in-reply-to</em>: <<a href="msg00840.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00840.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Root vs Normal User</li>
One warning though: sudo has had a LOT of security bugs reported against
it. This means that there is a risk in allowing it on the system and
that one must, at least, keep up-to-date with respect to security patches.
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
<a rel="nofollow" href="http://www.verysecurelinux.com";>http://www.verysecurelinux.com</a> [Network&Linux/Unix security consulting]
<a rel="nofollow" href="http://www.realworldlinuxsecurity.com";>http://www.realworldlinuxsecurity.com</a> [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
On Tue, May 24, 2005 at 09:12:57AM -0400, Christopher Fowler wrote:
> Running root does not kill the box. The person running as root will.
> I used to run as root. Then I fubared an AIX RS/6000 because I ran tar
> in the root directory. Being a normal user would have saved me. We
> were down for 6 hours because of my mistake. A UNIX box does not assume
> the user is an idiot like Windows. There are no confirmation dialogs
> for rm, tar, and others. A UNIX box will do exactly what you tell it to
> do. This is why you do not need to be root unless you are doing
> administration to the box. Linespire allowing root would scare me. If
> I was the support manager there I would be scared that my calls would
> actually increase. The whole idea of not running as root is not for
> protection from hackers on the outside but for the protection from the
> users on the inside.
> Why is sudo not good enough? If you need to run some program as root
> then use sudo. That is what it was designed for.
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00840" href="msg00840.html">[ale] Root vs Normal User</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00866.html">[ale] user friendly TIFF viewer?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00868.html">[ale] Please help Drew fix his browser problem</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00858.html">[ale] Root vs Normal User</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00866.html">[ale] user friendly TIFF viewer?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00867"><strong>Date</strong></a></li>
<li><a href="threads.html#00867"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>