From owner-freebsd-chat Mon Oct 16 13:30:24 2000 Delivered-To: freebsd-chat@freebsd.org Received: from mail.enteract.com (mail.enteract.com [207.229.143.33]) by hub.freebsd.org (Postfix) with ESMTP id 2951937B502 for ; Mon, 16 Oct 2000 13:30:22 -0700 (PDT) Received: from shell-2.enteract.com (dscheidt@shell-2.enteract.com [207.229.143.41]) by mail.enteract.com (8.9.3/8.9.3) with SMTP id PAA00574; Mon, 16 Oct 2000 15:30:18 -0500 (CDT) (envelope-from dscheidt@enteract.com) Date: Mon, 16 Oct 2000 15:30:16 -0500 (CDT) From: David Scheidt To: Kris Kirby Cc: freebsd-chat@freebsd.org Subject: Re: Traditional UN*X conventions (Or: Why not to login as root?) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 15 Oct 2000, Kris Kirby wrote: : :Lately I find myself pondering why or why not one is supposed to leave the :root account alone altogether, instead su(do)ing as necessary to :perform various tasks. Is there a series of texts out there that states :this and other traditional measures taken (perhaps with a historical or :logically documented process in regards to tracking break-ins)? : It's much harder to shoot yourself in the foot if you aren't waving a loaded gun at it all the time. % cd % rm -rf * .bak done as dms will annoy me and send me scurrying for the backup tapes or disks. Done as root, I'll be much more than annoyed. I'll have users after me! And a wasted evening while I rebuild the system. I don't do anything as root, with the exception of user administration, and installing or removing software. David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message