Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 17 Mar 2002 10:23:41 -0500
From:      Brian T.Schellenberger <bts@babbleon.org>
To:        Peter Leftwich <Hostmaster@Video2Video.Com>
Cc:        questions@FreeBSD.ORG
Subject:   Re: An idiot, his box, and a security question [PuTTY telnet/ssh]
Message-ID:  <20020317152341.07FC5BB35@i8k.babbleon.org>
In-Reply-To: <20020317053307.GA7491@hades.hell.gr>
References:  <PBEIJOCAMIIHMPBPAJAGGEGFCCAA.howard@tasfamily.net.au> <20020317001244.Y30953-100000@earl-grey.cloud9.net> <20020317053307.GA7491@hades.hell.gr>

next in thread | previous in thread | raw e-mail | index | archive | help
| On 2002-03-17 00:17, Peter Leftwich wrote:
| >
| > I still don't get this whole "don't use root" issue.  If I had installed
| > Win2000 at home (after having had EEEEnough of Win98SR1), then I would've
| > created a login with Administrator rights.  I login as root to my FreeBSD
| > 4.5-RELEASE box all the time.  The "su" command confuses me, so I stay
| > way away from it, besides, I am constantly tweaking *system-wide* and
| > installing programs, so why would I ever login from userland??


Well, when you are first setting up a machine, it makes plenty of sense to 
log in as root.  I do, too.

But once you have your system set up and you are running programs frequently 
but intalling them only rarely, it's better to log in as a normal user and 
"su" to root only for those occaisonal special tasks that only root can do.

If you do an adiministrator task frequently, I recommmend "op" as a way to 
avoid having to "su" all the time for common tasks.  "sudo" does the same 
thing is more commonly used but I find it a lot more awkward to use.

The big advantage of not running as root all the time is that you can't 
accidentally screw up your entire system if you do something boneheaded.  
Also, if you run a trojan horse (these do exist for Unix systems even if they 
aren't as common as on Windows), and you are not root, you are protected from 
system damage.  The same would be true of a virus, and  though I don't 
actually know of viruses _per_se_ on Unix systems, there is nothing inherit 
to prevent them from being written.  They wouldn't, however, tend to spread 
very far since most people don't run as root all the time.

By running as root all the time, you are sort of like the person who refuses 
to be immunized--you are somewhat protected by the fact that most people run 
as root but you'd be safer if you did, too.

And you aren't protected at all from your own screwups.

-- 
Brian T. Schellenberger . . . . . . .   bts@wnt.sas.com (work)
Brian, the man from Babble-On . . . .   bts@babbleon.org (personal)
                                ME -->  http://www.babbleon.org
http://www.eff.org   <-- GOOD GUYS -->  http://www.programming-freedom.org 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020317152341.07FC5BB35>