Right I got a customer who is only running one account, namely root
and 1 app. I suspect this person is opening himself to trouble.

yes/no?

Right I got a customer who is only running one account, namely root
and 1 app. I suspect this person is opening himself to trouble.

yes/no?

Right I got a customer who is only running one account, namely root
and 1 app. I suspect this person is opening himself to trouble.

yes/no?

On Fri, 6 Nov 2009, The Doctor wrote:

Right I got a customer who is only running one account, namely root
and 1 app. I suspect this person is opening himself to trouble.

yes/no?

When this has come up before, it's often become clear after a bit that
the person running as root often can't see an alternative. They hit
something that requires being root, so they think it's better to be root
than configure things properly. A classic example is not being able to
access the CDROM drive, because their user account isn't in the group that
allows access to the CDROM. It's simple to fix, just put their user
account in the group that has access to the CDROM, but too often the
beginner doesn't realize that.

Then of course at least once, and maybe more, someone has whined about how
they can't run something as root, so they want details on how to "fix" it.
They can't switch their mind out of being root, so they think the program
is "faulty", rather than realize it's a clue that they shouldn't be
running as root.

In a single user system, one can actually be pretty lenient, not fussing
quite as much as with a multiple user system. You might as well make the
CDROM and other removeable drives open to all since "all" is only one
user. But far better to take that time to configure things than run as
root.

Michael

On Fri, 06 Nov 2009 12:38:02 +0000, The Natural Philosopher wrote:

Maxwell Lol wrote:
The Natural Philosopher <tnp at (no spam) invalid.invalid> writes:

The Doctor wrote:
Right I got a customer who is only running one account, namely root
and 1 app. I suspect this person is opening himself to trouble.

yes/no?
well its a risk yu dont need to take.

Youy can configure IIRC a no password user login, and put that user in
the root group so privileges needed for admin are granted
automatically, and still run as an unprivileged user..

Sounds like a very bad idea to me to perenantly grant IIRC privileges
this way.. a Setgid mechanism, which drops these privilegdes once the
network channels are established would be better.

well its not secure from the keyboard, but it is secure from perversion
of user processes.

I.e. here I run as me, but I don't have to enter any passwords to e.g.
run the package manager.

And if I want a root shell, I can get it instantly, but its very much
obviously a root shell.

For me, that's great., No irritating second password barrier to becoming
an admin, but its clear when I am admin.

And it means that my normal user stuff..editors, mail and browsers, cant
stamp on the whole filesystem including config files, by mistake. Or by
externally induced abuse.

For me, thats teh best compromise.

YMMV. there is no perfect security, there is always a tradeoff between
security and hassle in unlocking the doors.

What I was trying to convey, is that to achieve a good level of security
against net attacks, whilst making admin relatively painless, is no
extra effort than running all the time as root.

That is, the only advantage to running as root, is instant access to
admin. But you can essentially have that anyway, with less risk of
accidental trashing. So there is no real reason to run as root that I
can see.

I use sudo instead. This doesn't introduce a console vulnerability. sudo's
configuration file includes options to give access with or without a
password, and to specific commands or all commands. With the most non-
restrictive options you can get to root very quickly:

$ sudo -i
root at (no spam) somebox:~#

Be careful as root, then exit out of the shell when operations that
require elevated privilege are complete.

--
Douglas Mayne

You have to take a view on risk.

My desktop is run as a user, but I routinely make it very very easy to
slip into 'root' mode to reconfigure it. It DOES have a name/password to
get in - doesn't autoboot into my account, but once in, it's wide open
FROM THE KEYBOARD. Not from the net though. That is foolish, although
its pretty much hidden behind a NAT firewall.

Essentially, unless its stolen, it's no big risk. The bigger risk is me
accidentally trashing it. Yup. been there, done that...

And if stolen by any reasonable linux guru, all he has to do is slip in
a boot DVD and reset all the user passwords anyway..or just mount the
disk..not that that would get my real data, cos that's all on a file
server,

Having root separate means at least I am aware that I am doing Bad Stuff
when I am root, a clear distinction between using the box, and
configuring it.

IF it was in a place where people might fiddle and gaze at my private
data, then of course I would be more secure with it, but its at home.

I do think people get too antsy about security. By far and away the
greater risks are not from root kits, but from things like phishing and
so on. There are ten unguarded windows boxes for every one reasonbly
well guarded linux box. They are a much softer target. Id say that
running as root is an unnecessary risk, with almost no benefits, but its
not the worst thing you can do.

I agree, with qualifications. If you're going to take a risk, you first

The Doctor <doctor at (no spam) doctor.nl2k.ab.ca> wrote:
Right I got a customer who is only running one account, namely root
and 1 app. I suspect this person is opening himself to trouble.

yes/no?

Just like with Windows or any other OS, running routinely with root
privileges is just asking for trouble. Anything you do deliberately or
accidentally can mess up your system, not to mention install malware of
all kinds.

Just like in Windows or any other OS, there's very little reason
to run as root except when doing admin.

Stan

The Doctor wrote:

In article <R0OIm.3739$gg6.1377 at (no spam) newsfe25.iad>,
Wanna-Be Sys Admin <sysadmin at (no spam) example.com> wrote:
The Doctor wrote:

Right I got a customer who is only running one account, namely root
and 1 app. I suspect this person is opening himself to trouble.

yes/no?

Depends, might be perfectly fine (and probably is). What's the
application running? Anyway, most of security issues revolve around
things other than root 99% of the time (but those 99% of things
usually end up being things done as root once exploited).
--
Not really a wanna-be, but I don't know everything.

And E-newsletter app.

So, is that news letter app running as root? If so, should it be if you
can help it? If he can, he should run a non priv user account just for
that app.
--
Not really a wanna-be, but I don't know everything.

I use sudo instead. This doesn't introduce a console vulnerability. sudo's
configuration file includes options to give access with or without a
password, and to specific commands or all commands. With the most non-
restrictive options you can get to root very quickly:

$ sudo -i
root at (no spam) somebox:~#

Be careful as root, then exit out of the shell when operations that
require elevated privilege are complete.

Unruh <unruh-spam at (no spam) physics.ubc.ca> writes:

IF that system never ever ever is connected to the net in any way,
via modem or ethernet, or anything else, then this may well be
fine.

It is still dangerous, since that account CAN run anything, on
purpose or by accident. It can also do immense damage (rm -r /)
which a special account could not.

Good point. For instance, someone may walk up to a terminal, and do
something at the terminal that allows them to gain access to the root
account.

Some programs like vim and more (less) allow shell access.

It took Microsoft decades to realize the mistake of running the
system under an adminitrator account. There is a reason for this.

On Fri, 06 Nov 2009 12:38:02 +0000, The Natural Philosopher wrote:

Maxwell Lol wrote:
The Natural Philosopher <tnp at (no spam) invalid.invalid> writes:

The Doctor wrote:
Right I got a customer who is only running one account, namely root
and 1 app. I suspect this person is opening himself to trouble.

yes/no?
well its a risk yu dont need to take.

Youy can configure IIRC a no password user login, and put that user in
the root group so privileges needed for admin are granted
automatically, and still run as an unprivileged user..
Sounds like a very bad idea to me to perenantly grant IIRC privileges
this way.. a Setgid mechanism, which drops these privilegdes once the
network channels are established would be better.
well its not secure from the keyboard, but it is secure from perversion
of user processes.

I.e. here I run as me, but I don't have to enter any passwords to e.g.
run the package manager.

And if I want a root shell, I can get it instantly, but its very much
obviously a root shell.

For me, that's great., No irritating second password barrier to becoming
an admin, but its clear when I am admin.

And it means that my normal user stuff..editors, mail and browsers, cant
stamp on the whole filesystem including config files, by mistake. Or by
externally induced abuse.

For me, thats teh best compromise.

YMMV. there is no perfect security, there is always a tradeoff between
security and hassle in unlocking the doors.

What I was trying to convey, is that to achieve a good level of security
against net attacks, whilst making admin relatively painless, is no
extra effort than running all the time as root.

That is, the only advantage to running as root, is instant access to
admin. But you can essentially have that anyway, with less risk of
accidental trashing. So there is no real reason to run as root that I
can see.

I use sudo instead. This doesn't introduce a console vulnerability. sudo's
configuration file includes options to give access with or without a
password, and to specific commands or all commands. With the most non-
restrictive options you can get to root very quickly:

$ sudo -i
root at (no spam) somebox:~#

Be careful as root, then exit out of the shell when operations that
require elevated privilege are complete.

essentially that's what my root console does. There is just no password

On Fri, 6 Nov 2009 15:39:02 +0000 (UTC), Douglas Mayne <invalid at (no spam) invalid.com> wrote:

I use sudo instead. This doesn't introduce a console vulnerability. sudo's
configuration file includes options to give access with or without a
password, and to specific commands or all commands. With the most non-
restrictive options you can get to root very quickly:

$ sudo -i
root at (no spam) somebox:~#

I enabled sudo a while back and did find it useful, for example compile
install a wotsit from source: ./configure && make && sudo make install

Turns out to be quite easy. If I'm doing a lot of stuff as root I'll
open a root console as well as user console. Generally I ssh into box
so there's an agent running to supply passphrase.
Be careful as root, then exit out of the shell when operations that
require elevated privilege are complete.

Many ways I rarely boost user account to root, except on GUI where
opening a terminal already logged in as user, needs the boost to root.

Grant.

But at the same time there are some Linux users who know so much that
they are fearful of doing anything at all risky. That's not good,
either. Most "gurus" will tell you that you should never, ever, ever run
a GUI file manager like Dolphin or Konqueror as root, because of the
potential of clicking on the wrong thing and trashing the whole system.
It's true that that can certainly happen, but in my own incompetent
case, I'm MUCH more likely to trash something while using the command
line as root, because of some simple typo, than I am when using a GUI
interface. It's happened, more than once.

Right I got a customer who is only running one account, namely root
and 1 app. I suspect this person is opening himself to trouble.

yes/no?