This session is running as a privileged user box?

Andrew Farris lordmorgul at gmail.com
Mon Jun 30 17:53:54 UTC 2008 

Doug Ledford wrote:
> On Mon, 2008-06-30 at 00:29 -0400, Tom "spot" Callaway wrote:
>> On Sun, 2008-06-29 at 21:58 -0600, Jerry Williams wrote:
>>> I am the only user most of the time on the box and I know that you
>>> should login as a normal user most of the time.
>> No, really, what you should do is login as a normal user _all_ of the
>> time, and use sudo or su to take root access only when you really need
>> it.
> 
> There are valid reasons to log in as root.  Sometimes even always log in
> as root (think test machine you wipe out over and over again and root is
> the only account that ever exists on the machine

If this was an install-test machine you really don't need to setup 
configurations like 'do not show me this again' anyway.  If its meant to test 
anything more significant than installation a normal user should be created 
because you are not testing normal use scenarios if you're logged in as root.

> or times when NIS is
> down and all the user accounts don't exist temporarily, or times when
> NIS is up, but NFS is down and user home directories don't exist).
> Regardless, the ability to turn off a nag over something you know well
> and understand and accept the risks of doesn't seem to out of the
> question to me (although I could also see hiding the knob to turn it off
> in some deep foo so that a person can't turn it off without really
> knowing what they are doing, which implies maybe they know what they are
> doing logging in as they are).

I question whether anyone knows what they are doing when logging in graphically 
as root...  if they know what they are doing they'll be fixing any of those 
above problems from a virtual terminal, or remotely from a normal user 
elsewhere.  It is never necessary to login to an X session as root, and probably 
shouldn't even be allowed.

>> What you're doing is analogous to using a loaded shotgun as a golf club,
>> and what you're suggesting is that we take the safety off, because it
>> interferes with your golf game.
> 
> Hehehe, if that's how a person wants to play golf.... ;-)

Better not to be the one to caddy for this 'club' user though.

-- 
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
  gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB  5BD5 5F89 8E1B 8300 BF29

More information about the fedora-devel-list mailing list