Getting people to say nice things about Microsoft (Linspire repo)
Andy Green
andy at warmcat.com
Fri Jan 26 09:24:22 UTC 2007
Les wrote:
> In this case Craig is right. I do not run as superuser. I run as a
> liddle ole' normla user (sic). I have found that my stumbling fingers
> stumble into some nasties all by them selves as root that I then have to
> try to figure out what I did and why it had those precise consequences.
I think everyone is right, use the method that is going to work best for
your usage pattern on a particular box. If you do stuff like making rpm
packages, doing it as root significantly increases the chance of
damaging your system, so have a user on that box so any unintended
writes to / just bounce off as disallowed. If you admin a box for
someone nontechnical to use, make sure they are running as a mortal user
so they can't meddle with network settings and so on. If you run
network services, really this can include using a web browser, better if
it runs under non-root credentials so any exploit has potentially more
trouble disappearing into your woodwork -- and the other network
services running under their own unprivileged UID/GID is useful for the
same reason, but this is the default anyway.
On the other hand if you all ever do on a box is root-level admin, for
example a remote server, then by all means log in as root and don't
bother with a user, since a mortal user can't do anything you need to do
anyway. Les Mikesell's point that all your valuable docs are under your
UID and you can trash them as your mortal user is a very strong one
since in most cases the OS can be regenerated/reinstalled pretty easily,
eg with the rescue CD or an explicit reinstall, but your work product
can't be, so merely running as a mortal does not protect you from that
kind of disaster. If you prefer to use sudo to just allow some things
to be done as root from a mortal login, hey that's fine too. The only
way that is definitively wrong is if your particular method does not
match what you needed on a particular box, like building rpms as root.
-Andy
More information about the fedora-list
mailing list