From owner-freebsd-chat Tue Oct 17 9:12:29 2000 Delivered-To: freebsd-chat@freebsd.org Received: from drizzle.com (twinpeaks.drizzle.com [216.162.192.3]) by hub.freebsd.org (Postfix) with ESMTP id E55B737B4F9 for ; Tue, 17 Oct 2000 09:12:25 -0700 (PDT) Received: from localhost (mook@localhost) by drizzle.com (8.11.1/8.11.1) with ESMTP id e9HGCIx05186 for ; Tue, 17 Oct 2000 09:12:19 -0700 Date: Tue, 17 Oct 2000 09:12:18 -0700 (PDT) From: Mike Cummings To: freebsd-chat@FreeBSD.ORG Subject: Re: Traditional UN*X conventions (Or: Why not to login as root?) In-Reply-To: <3.0.3.32.20001016234845.007cd100@dmg.parse.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 16 Oct 2000, David Goddard wrote: > My own nightmare happened a while back was when I was logged onto a Solaris > box. I wanted to change some file group ownerships, so happily typed > something like: > > $ cd /path/directory > $ su > Password: > $ chgrp -R lusergroup * > > Of course, on *this* box, as soon as I su'd, it changed my directory to /, > with obvious hilarious consequences (not). There's nothing like spending > ages fixing your damage to educate you that it's generally a much better > idea to do > $ somepotentiallybadcommand -R directory > rather than > $ somepotentiallybadcommand -R * I think we've all done stuff like that. It's so *easy* to do. I'm lucky in that the time I nuked my system with a careless command, it was just my own box and not a shared system. My strategy for preventing these gaffes, in addition to using su and rarely, if ever, actually logging in as root, are a holdover from playing in chess tournaments. In competitive chess, once you touch a piece, you have to move it. This means you need to be *certain* of the move you want to make before you touch anything. You also need to do some routine checking to assure you aren't doing something stupid. I started doing the same thing when running as root: * Before doing anything, do a pwd to make sure you're where you think you are. Do this before any command that changes anything. * Type the command, but don't hit return. * Literally sit on your hands and stare at the command line. Make sure there are no typos. * Look at it again. * (optional) Ask yourself, "Is this my final answer?" * Then, and only then, hit return. It's slow and inefficient. It makes you feel silly sometimes. But it's so much better than cleaning up a trashed filesystem. So is chewing aspirin, horseradish, and tinfoil at the same time. And while it's tempting to skip all this rigamarole most of the time because "I'm just doing something simple," you need to be anal about it and make it a habit. Even so, it's been my experience that most new sysadmins (or workstation admin, anyone with the dizzying power of root) poo-poo this advice. The ones that follow it are the ones who've been burned before. ,-----------------------------------------------------------------------------. > Mike Cummings | "If you're not part of the solution, < > mook@drizzle.com | you're part of the precipitate." < > ICQ #34152632 | --Steven Wright < `-----------------------------------------------------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message