Getting people to say nice things about Microsoft (Linspire repo)

Andy Green andy at warmcat.com
Fri Jan 26 09:24:22 UTC 2007


Les wrote:

> 	In this case Craig is right.  I do not run as superuser.  I run as a
> liddle ole' normla user (sic).  I have found that my stumbling fingers
> stumble into some nasties all by them selves as root that I then have to
> try to figure out what I did and why it had those precise consequences.

I think everyone is right, use the method that is going to work best for 
your usage pattern on a particular box.  If you do stuff like making rpm 
packages, doing it as root significantly increases the chance of 
damaging your system, so have a user on that box so any unintended 
writes to / just bounce off as disallowed.  If you admin a box for 
someone nontechnical to use, make sure they are running as a mortal user 
so they can't meddle with network settings and so on.  If you run 
network services, really this can include using a web browser, better if 
it runs under non-root credentials so any exploit has potentially more 
trouble disappearing into your woodwork -- and the other network 
services running under their own unprivileged UID/GID is useful for the 
same reason, but this is the default anyway.

On the other hand if you all ever do on a box is root-level admin, for 
example a remote server, then by all means log in as root and don't 
bother with a user, since a mortal user can't do anything you need to do 
anyway.  Les Mikesell's point that all your valuable docs are under your 
UID and you can trash them as your mortal user is a very strong one 
since in most cases the OS can be regenerated/reinstalled pretty easily, 
eg with the rescue CD or an explicit reinstall, but your work product 
can't be, so merely running as a mortal does not protect you from that 
kind of disaster.  If you prefer to use sudo to just allow some things 
to be done as root from a mortal login, hey that's fine too.  The only 
way that is definitively wrong is if your particular method does not 
match what you needed on a particular box, like building rpms as root.

-Andy




More information about the fedora-list mailing list