From owner-freebsd-questions Sun Mar 17 7:23:57 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail4.nc.rr.com (fe4.southeast.rr.com [24.93.67.51]) by hub.freebsd.org (Postfix) with ESMTP id 8365837B419 for ; Sun, 17 Mar 2002 07:23:52 -0800 (PST) Received: from i8k.babbleon.org ([66.57.85.154]) by mail4.nc.rr.com with Microsoft SMTPSVC(5.5.1877.687.68); Sun, 17 Mar 2002 10:24:21 -0500 Received: by i8k.babbleon.org (Postfix, from userid 111) id 07FC5BB35; Sun, 17 Mar 2002 10:23:41 -0500 (EST) Content-Type: text/plain; charset="iso-8859-1" From: Brian T.Schellenberger To: Peter Leftwich Subject: Re: An idiot, his box, and a security question [PuTTY telnet/ssh] Date: Sun, 17 Mar 2002 10:23:41 -0500 X-Mailer: KMail [version 1.3] Cc: questions@FreeBSD.ORG References: <20020317001244.Y30953-100000@earl-grey.cloud9.net> <20020317053307.GA7491@hades.hell.gr> In-Reply-To: <20020317053307.GA7491@hades.hell.gr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020317152341.07FC5BB35@i8k.babbleon.org> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG | On 2002-03-17 00:17, Peter Leftwich wrote: | > | > I still don't get this whole "don't use root" issue. If I had installed | > Win2000 at home (after having had EEEEnough of Win98SR1), then I would've | > created a login with Administrator rights. I login as root to my FreeBSD | > 4.5-RELEASE box all the time. The "su" command confuses me, so I stay | > way away from it, besides, I am constantly tweaking *system-wide* and | > installing programs, so why would I ever login from userland?? Well, when you are first setting up a machine, it makes plenty of sense to log in as root. I do, too. But once you have your system set up and you are running programs frequently but intalling them only rarely, it's better to log in as a normal user and "su" to root only for those occaisonal special tasks that only root can do. If you do an adiministrator task frequently, I recommmend "op" as a way to avoid having to "su" all the time for common tasks. "sudo" does the same thing is more commonly used but I find it a lot more awkward to use. The big advantage of not running as root all the time is that you can't accidentally screw up your entire system if you do something boneheaded. Also, if you run a trojan horse (these do exist for Unix systems even if they aren't as common as on Windows), and you are not root, you are protected from system damage. The same would be true of a virus, and though I don't actually know of viruses _per_se_ on Unix systems, there is nothing inherit to prevent them from being written. They wouldn't, however, tend to spread very far since most people don't run as root all the time. By running as root all the time, you are sort of like the person who refuses to be immunized--you are somewhat protected by the fact that most people run as root but you'd be safer if you did, too. And you aren't protected at all from your own screwups. -- Brian T. Schellenberger . . . . . . . bts@wnt.sas.com (work) Brian, the man from Babble-On . . . . bts@babbleon.org (personal) ME --> http://www.babbleon.org http://www.eff.org <-- GOOD GUYS --> http://www.programming-freedom.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message