Date: Sun, 17 Mar 2002 10:23:41 -0500 From: Brian T.Schellenberger <bts@babbleon.org> To: Peter Leftwich <Hostmaster@Video2Video.Com> Cc: questions@FreeBSD.ORG Subject: Re: An idiot, his box, and a security question [PuTTY telnet/ssh] Message-ID: <20020317152341.07FC5BB35@i8k.babbleon.org> In-Reply-To: <20020317053307.GA7491@hades.hell.gr> References: <PBEIJOCAMIIHMPBPAJAGGEGFCCAA.howard@tasfamily.net.au> <20020317001244.Y30953-100000@earl-grey.cloud9.net> <20020317053307.GA7491@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
| On 2002-03-17 00:17, Peter Leftwich wrote:
| >
| > I still don't get this whole "don't use root" issue. If I had installed
| > Win2000 at home (after having had EEEEnough of Win98SR1), then I would've
| > created a login with Administrator rights. I login as root to my FreeBSD
| > 4.5-RELEASE box all the time. The "su" command confuses me, so I stay
| > way away from it, besides, I am constantly tweaking *system-wide* and
| > installing programs, so why would I ever login from userland??
Well, when you are first setting up a machine, it makes plenty of sense to
log in as root. I do, too.
But once you have your system set up and you are running programs frequently
but intalling them only rarely, it's better to log in as a normal user and
"su" to root only for those occaisonal special tasks that only root can do.
If you do an adiministrator task frequently, I recommmend "op" as a way to
avoid having to "su" all the time for common tasks. "sudo" does the same
thing is more commonly used but I find it a lot more awkward to use.
The big advantage of not running as root all the time is that you can't
accidentally screw up your entire system if you do something boneheaded.
Also, if you run a trojan horse (these do exist for Unix systems even if they
aren't as common as on Windows), and you are not root, you are protected from
system damage. The same would be true of a virus, and though I don't
actually know of viruses _per_se_ on Unix systems, there is nothing inherit
to prevent them from being written. They wouldn't, however, tend to spread
very far since most people don't run as root all the time.
By running as root all the time, you are sort of like the person who refuses
to be immunized--you are somewhat protected by the fact that most people run
as root but you'd be safer if you did, too.
And you aren't protected at all from your own screwups.
--
Brian T. Schellenberger . . . . . . . bts@wnt.sas.com (work)
Brian, the man from Babble-On . . . . bts@babbleon.org (personal)
ME --> http://www.babbleon.org
http://www.eff.org <-- GOOD GUYS --> http://www.programming-freedom.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020317152341.07FC5BB35>