LukeK Posted February 11, 2005 Report Share Posted February 11, 2005 I voted to this poll in a general manner. I couldn't care less about running the programs that were mentioned as root. Generally though I think root should be given the power to do whatever it wants, regardless of how dangerous it could be. Stupidity earns its own reward. Quote Link to comment Share on other sites More sharing options...
FX Posted February 11, 2005 Report Share Posted February 11, 2005 Free Beer!!!! Quote Link to comment Share on other sites More sharing options...
bvc Posted February 11, 2005 Author Report Share Posted February 11, 2005 where :unsure: oh.... there... thx for the heads_up Quote Link to comment Share on other sites More sharing options...
Sherpa Posted February 16, 2005 Report Share Posted February 16, 2005 I understand the obvious security issues with running as root, rm -rf / , namely.... but you can still damage your system seriously as a regular user su to root.... i dont see how it is any diff. if you su, then you are root.... i remember my only major flaw that i made as an su user.... i was trying to remove a file from my home dir, so i did rm -rf /home but then neglected to finish it and accedently hit enter.... oh the deep sinking feeling that occured after i lost all of my data, but none the less i was just an su 'ed user.... Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 16, 2005 Report Share Posted February 16, 2005 I understand the obvious security issues with running as root, rm -rf / , namely.... but you can still damage your system seriously as a regular user su to root.... i dont see how it is any diff. if you su, then you are root.... i remember my only major flaw that i made as an su user.... i was trying to remove a file from my home dir, so i did rm -rf /home but then neglected to finish it and accedently hit enter.... oh the deep sinking feeling that occured after i lost all of my data, but none the less i was just an su 'ed user.... <{POST_SNAPBACK}> 1) GUI drag and drop .... its easier to delete a tree accidentally in a GUI 2) The real/main reason... I have all my photo's read-only access to users .. I can edit and save as but all my originals (>10k) are write protected. As user I can rm -rf and it will not delete them ... as root it will... 3) Same goes for your actual system... little outside your home directory can be damaged as a user. I have even gone futher than this and my 'real home' is now on a seperate disk with different permissions than my ~/.hidden files. 4) Not to mention that you can't fdisk, mkfs etc. as a user either. you must first su and the extra step prevents that rm -rf being by accident. Quote Link to comment Share on other sites More sharing options...
Sherpa Posted February 16, 2005 Report Share Posted February 16, 2005 ah, well then, i understand, all the more reason though the root should be able to do whatever they want.... Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 16, 2005 Report Share Posted February 16, 2005 ah, well then, i understand, all the more reason though the root should be able to do whatever they want.... <{POST_SNAPBACK}> Actually it can ! You could suid the gdesklets if you really wanted... change root to another name etc. etc. its just convention that keeps root=root=UID=1 Its the same convention says root is not a user but an admin account... when you use multiuser machines all day this becomes obvious :D but because its *nix it should be the same at home as work as anywhere... (standards) You can give another user the same power as root if you like, its just 'not done' but nothing stops you, indeed I used to work on a machine with 2 root accounts ... I can't remember why except it did something with X400 mail! Quote Link to comment Share on other sites More sharing options...
bvc Posted February 16, 2005 Author Report Share Posted February 16, 2005 please....who has time to screw with permissions 5 times a day, everyday? who says that "its *nix it should be the same at home as work as anywhere... (standards)" ???? there's a new one... never heard that standard before. Got any links? Didn't think so...that's just a personal opinion. Quote Link to comment Share on other sites More sharing options...
jlc Posted February 16, 2005 Report Share Posted February 16, 2005 ah, well then, i understand, all the more reason though the root should be able to do whatever they want.... <{POST_SNAPBACK}> Actually it can ! You could suid the gdesklets if you really wanted... change root to another name etc. etc. its just convention that keeps root=root=UID=1 Its the same convention says root is not a user but an admin account... when you use multiuser machines all day this becomes obvious :D but because its *nix it should be the same at home as work as anywhere... (standards) You can give another user the same power as root if you like, its just 'not done' but nothing stops you, indeed I used to work on a machine with 2 root accounts ... I can't remember why except it did something with X400 mail! <{POST_SNAPBACK}> Gowator, why bother some just aren't going to get it I guess ;-) Lets just create a Linux that mirrors Windows exactly and has huge holes all over the place, oh wait there is Linspire........... If people don't want to understand permissions or how Linux works, why use it? If you want it to be the exact same crap that m$ has why not just use m$? chmod -G root justin chown -R justin:justin / /etc/init.d/iptables stop Good to go now......... Quote Link to comment Share on other sites More sharing options...
Guest anon Posted February 16, 2005 Report Share Posted February 16, 2005 Lets just create a Linux that mirrors Windows exactly and has huge holes all over the place, oh wait th :D ere is Linspire...........If people don't want to understand permissions or how Linux works, why use it? If you want it to be the exact same crap that m$ has why not just use m$? chmod -G root justin chown -R justin:justin / /etc/init.d/iptables stop Good to go now......... <{POST_SNAPBACK}> :D Quote Link to comment Share on other sites More sharing options...
bvc Posted February 16, 2005 Author Report Share Posted February 16, 2005 ha you wish it was that easy. only people that do not understand how the linux fs/apps/ permission/security works would say the above. If it were so easy, SELinux would be as well and everyone that cares about security would be using it. if you really push/hack your sys on a daily bases you'd find that there is no quick fix/switch to REALLY, TRULY make a user=root. You still end up su'ing everyday. Easy to believe I've tried. Hard to believe the above have, since they are so against the concept. There's a leak in your cup Quote Link to comment Share on other sites More sharing options...
jlc Posted February 17, 2005 Report Share Posted February 17, 2005 (edited) hayou wish it was that easy. only people that do not understand how the linux fs/apps/ permission/security works would say the above. If it were so easy, SELinux would be as well and everyone that cares about security would be using it. if you really push/hack your sys on a daily bases you'd find that there is no quick fix/switch to REALLY, TRULY make a user=root. You still end up su'ing everyday. Easy to believe I've tried. Hard to believe the above have, since they are so against the concept. There's a leak in your cup <{POST_SNAPBACK}> Ok, you called my bluff, the command above wouldn't exactly work, I just thought since you use your root account all the time, you knew nothing about security :P [justin@neo ~]$ ssh insecure@192.168.1.109 Password: Linux ubuntu 2.6.8.1-2-386 #1 Tue Sep 14 10:30:08 BST 2004 i686 GNU/Linux The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Wed Feb 16 22:39:27 2005 from 192.168.1.107 Could not chdir to home directory /home/insecure: No such file or directory insecure@ubuntu:/$ /etc/init.d/mdadm restart * Stopping RAID monitoring services... [ ok ] * Starting RAID monitoring services... [ ok ] insecure@ubuntu:/$ /etc/init.d/postfix restart * Stopping Postfix Mail Transport Agent... [ ok ] * Starting Postfix Mail Transport Agent... [ ok ] insecure@ubuntu:/$ /etc/init.d/hotplug restart * Restarting hotplug subsystem... * Running input.rc... [ ok ] * Running isapnp.rc... [ ok ] * Running net.rc... [ ok ] * Running pci.rc... [ ok ] * Running usb.rc... [ ok ] Hell my boy insecure isn't even in the sudoers file insecure@ubuntu:/$ more /etc/sudoers # sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # See the man page for details on how to write a sudoers file. # # Host alias specification # User alias specification # Cmnd alias specification # Defaults Defaults !lecture,tty_tickets # User privilege specification root ALL=(ALL) ALL # Added by Ubuntu installer justin ALL=(ALL) ALL In my world, using root all the time is not a good idea, can you make a user root very easy, you sure can. Easy to believe you tried? That took me under a minute, create account and relable, I even installed ubuntu as you can see on this test box. To use "your" distro of choice. I guess in the end you could say i really push/hack my box on a daily basis. :o insecure@ubuntu:/$ more /etc/passwd | grep insecure insecure:x:1001:1001::/home/insecure: Anyway, Edited February 17, 2005 by cybrjackle Quote Link to comment Share on other sites More sharing options...
bvc Posted February 17, 2005 Author Report Share Posted February 17, 2005 and what did any of this prove? Quote Link to comment Share on other sites More sharing options...
jlc Posted February 17, 2005 Report Share Posted February 17, 2005 and what did any of this prove? <{POST_SNAPBACK}> you said not easy I said yes and proved it. btw, your completely wrong about SELinux too, it's not anywere as easy as that was. Quote Link to comment Share on other sites More sharing options...
bvc Posted February 17, 2005 Author Report Share Posted February 17, 2005 you said not easyI said yes and proved it. btw, your completely wrong about SELinux too, it's not anywere as easy as that was. <{POST_SNAPBACK}> you proved nothing other than you executed a few commands... ...use it for a week and running through the ringer....then tell me how many things you had to su to root for ;) SELinux :unsure: wrong? How? You just said what I did. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.