[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: What I HATE about F11



Michael Fleming <mfleming thatfleminggent com> writes:

> With the likes of sudo / ConsoleKit / console-helper et. al you should
> never, ever need to run an extended session as root. Your day-to-day
> work can be done perfectly well as a standard non-privileged user, the
> applications that *need* root, especially in X, are hooked into
> consolehelper/ConsoleKit anyway and will prompt you for the root
> password in any case (when run as a regular user)

That doesn't mean it's more secure that directly logging as root using
e.g. ssh, tty or xterm. I won't argue about X "desktop".

A non-privileged account ceases to be non-privileged when you use it to
become root. It may save you from incidental rm -rf /, but it creates
a false feeling that the "non-privileged" account doesn't need the same
level of protection as the root account needs. From a security
standpoint, it's thus usually less secure that using root directly.

Obviously one shouldn't use root account for non-admin tasks, sure. But
it has nothing to do with security.
If one has to perform many root tasks, there is nothing wrong in doing
it in "an extended root session". Having to type root password many
times may only create an additional opportunity for a compromise.

> As a systems administrator I applaud this idea, as it stops people from
> shooting themselves in the foot

That may be true. The same can probably be said about alias rm='rm -i'
and so on. This is not security, however.
-- 
Krzysztof Halasa


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]