Should root have his/her hands tied?

[LukeK]

I voted to this poll in a general manner. I couldn't care less about running the programs that were mentioned as root. Generally though I think root should be given the power to do whatever it wants, regardless of how dangerous it could be. Stupidity earns its own reward.

[FX]

Free Beer!!!!

[bvc]

where

:unsure:

 

oh....

there...

thx for the heads_up

[Sherpa]

I understand the obvious security issues with running as root, rm -rf / , namely.... but you can still damage your system seriously as a regular user su to root.... i dont see how it is any diff. if you su, then you are root.... i remember my only major flaw that i made as an su user.... i was trying to remove a file from my home dir, so i did rm -rf /home but then neglected to finish it and accedently hit enter.... oh the deep sinking feeling that occured after i lost all of my data, but none the less i was just an su 'ed user....

[Gowator]

I understand the obvious security issues with running as root, rm -rf / , namely.... but you can still damage your system seriously as a regular user su to root.... i dont see how it is any diff. if you su, then you are root.... i remember my only major flaw that i made as an su user.... i was trying to remove a file from my home dir, so i did rm -rf /home but then neglected to finish it and accedently hit enter.... oh the deep sinking feeling that occured after i lost all of my data, but none the less i was just an su 'ed user....

<{POST_SNAPBACK}>

 

 

1) GUI drag and drop .... its easier to delete a tree accidentally in a GUI

2) The real/main reason... I have all my photo's read-only access to users .. I can edit and save as but all my originals (>10k) are write protected. As user I can rm -rf and it will not delete them ... as root it will...

3) Same goes for your actual system... little outside your home directory can be damaged as a user. I have even gone futher than this and my 'real home' is now on a seperate disk with different permissions than my ~/.hidden files.

4) Not to mention that you can't fdisk, mkfs etc. as a user either. you must first su and the extra step prevents that rm -rf being by accident.

[Sherpa]

ah, well then, i understand, all the more reason though the root should be able to do whatever they want....

[Gowator]

ah, well then, i understand, all the more reason though the root should be able to do whatever they want....

<{POST_SNAPBACK}>

Actually it can !

You could suid the gdesklets if you really wanted... change root to another name etc. etc. its just convention that keeps root=root=UID=1

 

Its the same convention says root is not a user but an admin account...

when you use multiuser machines all day this becomes obvious :D but because its *nix it should be the same at home as work as anywhere... (standards)

 

You can give another user the same power as root if you like, its just 'not done' but nothing stops you, indeed I used to work on a machine with 2 root accounts ... I can't remember why except it did something with X400 mail!

[bvc]

please....who has time to screw with permissions 5 times a day, everyday?

 

who says that "its *nix it should be the same at home as work as anywhere... (standards)" ????

there's a new one...

never heard that standard before. Got any links?

Didn't think so...that's just a personal opinion.

[jlc]

ah, well then, i understand, all the more reason though the root should be able to do whatever they want....

<{POST_SNAPBACK}>

Actually it can !

You could suid the gdesklets if you really wanted... change root to another name etc. etc. its just convention that keeps root=root=UID=1

 

Its the same convention says root is not a user but an admin account...

when you use multiuser machines all day this becomes obvious :D but because its *nix it should be the same at home as work as anywhere... (standards)

 

You can give another user the same power as root if you like, its just 'not done' but nothing stops you, indeed I used to work on a machine with 2 root accounts ... I can't remember why except it did something with X400 mail!

<{POST_SNAPBACK}>

 

Gowator, why bother some just aren't going to get it I guess ;-)

 

Lets just create a Linux that mirrors Windows exactly and has huge holes all over the place, oh wait there is Linspire...........

 

 

If people don't want to understand permissions or how Linux works, why use it? If you want it to be the exact same crap that m$ has why not just use m$?

 

chmod -G root justin
chown -R justin:justin /
/etc/init.d/iptables stop

 

Good to go now.........

[Guest anon]

Lets just create a Linux that mirrors Windows exactly and has huge holes all over the place, oh wait th :D ere is Linspire...........

If people don't want to understand permissions or how Linux works, why use it?  If you want it to be the exact same crap that m$ has why not just use m$?

chmod -G root justin
chown -R justin:justin /
/etc/init.d/iptables stop

    Good to go now.........

<{POST_SNAPBACK}>

:D

[bvc]

ha

you wish it was that easy. only people that do not understand how the linux fs/apps/ permission/security works would say the above. If it were so easy, SELinux would be as well and everyone that cares about security would be using it.

 

if you really push/hack your sys on a daily bases you'd find that there is no quick fix/switch to REALLY, TRULY make a user=root. You still end up su'ing everyday.

 

Easy to believe I've tried. Hard to believe the above have, since they are so against the concept. There's a leak in your cup

[jlc]

ha

you wish it was that easy. only people that do not understand how the linux fs/apps/ permission/security works would say the above. If it were so easy, SELinux would be as well and everyone that cares about security would be using it.

 

if you really push/hack your sys on a daily bases you'd find that there is no quick fix/switch to REALLY, TRULY make a user=root. You still end up su'ing everyday.

 

Easy to believe I've tried. Hard to believe the above have, since they are so against the concept. There's a leak in your cup

<{POST_SNAPBACK}>

 

Ok, you called my bluff, the command above wouldn't exactly work, I just thought since you use your root account all the time, you knew nothing about security :P

 

[justin@neo ~]$ ssh insecure@192.168.1.109
Password:
Linux ubuntu 2.6.8.1-2-386 #1 Tue Sep 14 10:30:08 BST 2004 i686 GNU/Linux

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

Last login: Wed Feb 16 22:39:27 2005 from 192.168.1.107
Could not chdir to home directory /home/insecure: No such file or directory
insecure@ubuntu:/$ /etc/init.d/mdadm restart
* Stopping RAID monitoring services...                                  [ ok ]
* Starting RAID monitoring services...                                  [ ok ]
insecure@ubuntu:/$ /etc/init.d/postfix restart
* Stopping Postfix Mail Transport Agent...                              [ ok ]
* Starting Postfix Mail Transport Agent...                              [ ok ]
insecure@ubuntu:/$ /etc/init.d/hotplug restart
* Restarting hotplug subsystem...
* Running input.rc...                                                   [ ok ]
* Running isapnp.rc...                                                  [ ok ]
* Running net.rc...                                                     [ ok ]
* Running pci.rc...                                                     [ ok ]
* Running usb.rc...                                                     [ ok ]

 

Hell my boy insecure isn't even in the sudoers file

 

insecure@ubuntu:/$ more /etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults

Defaults        !lecture,tty_tickets

# User privilege specification
root    ALL=(ALL) ALL

# Added by Ubuntu installer
justin  ALL=(ALL) ALL

 

In my world, using root all the time is not a good idea, can you make a user root very easy, you sure can.

 

Easy to believe you tried? That took me under a minute, create account and relable, I even installed ubuntu as you can see on this test box. To use "your" distro of choice. I guess in the end you could say i really push/hack my box on a daily basis. :o

 

insecure@ubuntu:/$ more /etc/passwd  | grep insecure
insecure:x:1001:1001::/home/insecure:

 

Anyway,

Edited February 17, 2005 by cybrjackle

[bvc]

and what did any of this prove?

[jlc]

and what did any of this prove?

<{POST_SNAPBACK}>

you said not easy

I said yes and proved it.

 

btw, your completely wrong about SELinux too, it's not anywere as easy as that was.

[bvc]

you said not easy

I said yes and proved it.

 

btw, your completely wrong about SELinux too, it's not anywere as easy as that was.

<{POST_SNAPBACK}>

you proved nothing other than you executed a few commands...

...use it for a week and running through the ringer....then tell me how many things you had to su to root for ;)

 

SELinux :unsure: wrong? How? You just said what I did.