Date: Mon, 17 May 1999 08:19:52 +0200 (CEST) From: Adam Szilveszter <sziszi@petra.hos.u-szeged.hu> To: juksi@iname.com Cc: "G. Adam Stanislav" <adam@whizkidtech.net>, freebsd-newbies@FreeBSD.ORG Subject: Re: Newbie tip Message-ID: <Pine.LNX.3.96.990517075245.22528A-100000@petra.hos.u-szeged.hu> In-Reply-To: <XFMail.990517082618.sjuke@saunalahti.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi!
On Mon, 17 May 1999, Jukka Simila wrote:
>
> >
> >> Another method to try and get you out of the habit of
> >> logging in as root when it is not needed:-))))))
> >
> > Hehe. I have found I need it all the time. Whenever I log on as a regular
> > user, I feel like a prisoner. So, by now, the only time I do that is when
> > I reply to email. Otherwise, everyone would think my name was Charlie!
> >
> Such a bad habit! (or at least dangerous, i think :)
> At first I thaught regular user accout was restricting, but since I've learned
> that It's not that bad thing to have some back-up if you forget you aren't
> running dos, that doesn't allow you to kill your software with a single rm
Yes, and not logging in as root has other advantages as well. E.g. you
cannot accidentally do harm to your system by running a trojan horse
program. I know it may be weird feeling for somebody who is used to have
the whole machine to play with when using DOS/Win9x. (I know well because
it used to be _my favorite argument against using Linux at the dorm
because i was not sysadmin there and the root guy was both lazy and not
catching up w/ latest developments so it seemed to take ages until
something was fixed when I asked for it. But now that I am sysadmin as
well, I can see the advantage.) Actually for a person knowledgeable about
computers it's no big problem if you have root on a machine but for normal
users who only know that they have to use *say* Word for wordprocessing or
not even this much but only that they have to push that big button in the
corner, it's definitely safer to have only user access. And even for
experienced users it's better to be safe than sorry. (No kidding, in
my university there are many people who when at last learn something about
computers they do it like this: Push that big button there. Why? You don't
know and don't care. So once that button is not there, you are stuck...)
Actually, the top reasons for help pleas from users feature (in my
experience)
- Accidental deletions (including other users files and program files)
- Getting lost after doing a lot of clicking in various config dialogs,
- Installing / Uninstalling software w/o knowing what you are doing:-)
- Suddenly discovering new config options that are hidden and
undocumented e.g. "File" menu
disappears in Office...
(Of course the above only apply to the "other side" OS-es)
Three of the four relate to user activity which should not be allowed
unless you know what you are doing.
>
> Using "su" for logging as root is a good way to do things, but I think there's
> a better way: program from ports called 'sudo'
> It allows normal users to run programs as root with their own password, like:
> 'sudo reboot' would prompt for user's password and boot the machine.
hmmmmm.... then what's the point? I would be very careful about
configuring for sudo because it's inherently dangerous to give users this
much control... I'm not being paranoid but I have even disabled
Ctrl-Alt-Del because I do not want people to be able to restart my machine
when I am not there. After all, it is not Windows that you have to
restart after doing any config work (or moving the mouse, sometimes:-)))
but must add that if I had many users here (only have myself this far on
this
machine) then I would take care to give them the latest user software in
things like Netscape and be responsive to what they ask me to do. That's a
prerequisite in maintaining tight system security and manageability. You
cannot do it yourself, user, but ask me and I will be in a minute.
>
Regards:
Szilveszter
Szeged University
Hungary
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.990517075245.22528A-100000>