Jump to content
bvc

Should root have his/her hands tied?

Poll: should root have his/her hand tied?  

30 members have voted

  1. 1. Poll: should root have his/her hand tied?

    • yes, serious security risk should be kept from root
      5
    • no, root should be able to do anything, else root is not root
      25


Recommended Posts

iphitus has got it -choice

anyone talking about running as root is missing the point -choice

 

I'm not asking if people should run as root. That is an ooOOOOOld arguement.

 

contact devel? I exchanged emails all day yesterday with devel of gdesklets, one of which in the loop was pycage. Their answer? "edit the source" so no Gowator, a n00b can't just urpmi gdesklets and use it as root ;) ...like iphitus said, you have to learn to edit source and compile.

 

2 major areas linux lacks.....eyecandy and ease of use. Both killed by this crime. A new win convert can't have the eycandy, ease of use and freedom from the "you can't" M$ mentality.

Edited by bvc

Share this post


Link to post
Share on other sites

MS doesn't haev a "you can't" mentality. By default (atleast in XP, last time I installed it) all users have administrator (or "superuser" i think it was) rights. That's also the reason so many virii and other malware spread easily inside the Windows family. That doesn't sound like a "you can't" mentality. In fact, the "I should be able to run as root and do everything and anything I want with it" is the MS Windows mentality.

 

*nix is about having a multiuser environment. It's always been that way. In a multi-user environment, nothing should be run as root unless absolutely necessary. You're forgetting the origins of *nix when you complain that you can't do something as root. You -shouldn't- be able to, because -that's- how *nix was meant to be.

Edited by tymark

Share this post


Link to post
Share on other sites

While I disagree with your choice to run as root for many of the reasons stated, I respect your right to do what you want with your box. However, I am also curious about this phenomena of not being able to run certain apps as root. Could you post the "ls -l" for the affected executables. My thought is if the owner is not root, you might be able to run the app suid as root. That is change the permissions on the executable:

 

# chmod 4755 <path to executable>

 

That should cause the executable to run with the permission set of the owner of the executable.

Share this post


Link to post
Share on other sites

tyme, ummm, yes it does, but I wouldn't expect someone with limited win experience to know

 

I have forgot nothing

If I shouldn't be able to run things as root and that is how nix was meant to be, why did it take 20+ years to get that way for 2 small apps? ;) :screwy::lol2:

 

 

pmpatrick, well, I'd have to install it when I get home to find out. Maybe someone else can do the ls -l. I uninstalled gdesklets when I discovered it was no longer the free software app it hypocritically claims to be. What you say sounds right but I don't have, nor do I intend to get, the source to find the root check in the daemon.

 

pycage is gdesklets creator

Of course gDesklets can be run as root, so if you really want to run it as root, just disable the user check in the daemon. It's only one line to change in gdesklets-daemon.

http://gnomesupport.org/forums/viewtopic.p...8644&highlight=

again, I exchanged about 8+ emails yesterday with chrisime

same .....to sum it up....we won't change our mind regardless of what anyone says, and you can edit the source if you want to run as root.

Edited by bvc

Share this post


Link to post
Share on other sites
tyme, ummm, yes it does, but I wouldn't expect someone with limited win experience to know

I've run everything from Win 3.11 for workgroups until Windows XP. I use windows at my job. I fix virii, spyware, and general network problems every day. Don't try to tell me I'm ignorant in your usual veiled manner. You know very little of me or my life experiences. You should stop making these discussions personal.

 

If I shouldn't be able to run things as root and that is how nix was meant to be, why did it take 20+ years to get that way for 2 small apps? ;)  :screwy::lol2:

Because, until recently, *nix users were well aware of how things were meant to be. Now we have windows users coming over and expecting certain things that are not to be done in *nix, and screwing up their systems because of it.

 

The mentality of being the owner of the entire system is one created in a single-user environment. We no longer are in a single-user environment. Rarely does one computer have a single user, and hence the need for the multi-user environment. Windows wasn't prepared for this and is trying to catch up. *nix systems were built for this environment and have the security in place necessary for it. Lack of seperation of user from OS is one of the largest security issues that exists in Windows, sitting right beside the security holes it has (many of which are exploitable because of the former issue). Seperation of user and OS is what *nix as done and will continue to do. Some people have just decided to explicitly place it in their programs - that's their choice. If you don't like it, use another program, or rewrite it, or go back to Windows 98 where there was absolutely nothing -but- "root".

Edited by tymark

Share this post


Link to post
Share on other sites

i don't even run gdesklets

anyone that sees my screenies knows that

I started to and made a starterbar image that was included in one of my themes

this was my intent

then I updated my install and got the next version that included the root check

so unless I run as a user I can't make gdesklet images so that people can have uniforn, goodlooking desktop. gdesklets are butt ugly for the most part. ppl post these wacked out screenies with no color coordination. I just thought I'd help out. But not at the hassle of another user login/preferences etc... you've seen the linux screenies w/ gdesklets but these concepts are more of what most ppl prefer when concerning eyecandy

http://www.wincustomize.com/Preview.aspx?S...nshots/8150.jpg

http://www.wincustomize.com/Preview.aspx?S...nshots/8149.jpg

Share this post


Link to post
Share on other sites

uh...that's funny, I run as root on my multiuser installs just as I do on my single user installs. what exactly is the difference here? Oh, and yes, I know ppl that have run win from the getgo as well and still have limited knowlege. You do have more that I was aware of and I apologize for my comment about yours. So it really baffles me why you'd think the opposite..but, that's not unusual with us is it ;)

Edited by bvc

Share this post


Link to post
Share on other sites

At some point, there comes a requirement for a mode where the user can do anything to the machine. Whatever it's called, it's effectively "root" as we know it now.

 

The obvious case where this happens is after a catastrophic failure. You need unfettered access in order to undo whatever nastiness has been wrought by the failure.

 

Now, you can argue that there should be an intermediate level ("power user"?) below that, where several dangerous things are allowed, but not unlimited access. As far as I can see, this can be largely achieved by using sudo.

 

And as for actually running as root? I wouldn't do it, and I wouldn't advise others to do it either. But if you want to do it, who am I to disagree, and how could I stop you anyway?

Share this post


Link to post
Share on other sites

well they *are* freesoftware applications, so if you want to run them as root that desparately you can edit the source yourself... _THAT_ is the point of free software, not some bizarre desire to run as root.

Share this post


Link to post
Share on other sites

bvc: if we were speaking on what abilities MS windows gives, period, I would be inclined to agree that they have a "you can't" mentality - i.e., you can't change your theme without buying another program, you can't know the secret things we're doing behind the scenes, etc. But as far as user permissions goes, MS Windows has a "you can modify any file, run any program, and delete any thing you want - whether it belongs to you or the OS" mentality. We are, after all, discussing the permissions of users as for as files and the operating system go.

 

I don't have experience with SP2, I don't know if things have changed since then. I tell most people not to get SP2, but to get zonealarm, a good virus scanner, and firefox instead.

 

Surprisingly, I voted that root should be able to do anything. That is the nature of root, but I'm simply trying to explain the reasoning behind all of this, why these people have decided to hard code it. It's always been in the *nix philosophy...it's just no one has ever felt the need to explicitly implement it. These guys apparently feel that need, and it is their right to do so. (I realize I'm contradicting myself here. But understand there's a difference between my personal opinion and the philosophy - I understand both, I think).

Edited by tymark

Share this post


Link to post
Share on other sites

fissy? did you say something? :unsure: Did it take a lot of thought for you to say what I said has been said to me for the past 2 days? Try being a little more original next time.

 

tyme, yes, that's basically the idea. The 'you can't because we know what is best for you' has never exsited in linux til now, and has always existed in win.

 

*nix philosophy or not makes no diff to the past until now. Like I said in the first post, where does it end if this trend continues? Are browsers and email clients next? Those of us that do want to run as root as we always have will be forced to not. That's not linux. Forced, is M$. That is what I mean. It is the principle of choice.

 

Personally, I think a lot of this has to do with an attempt to get away from the branded hippy/rebel image linux has in an attempt to be more mainstream and what the world expects. That is not what made linux what it is.

Edited by bvc

Share this post


Link to post
Share on other sites
tyme, yes, that's basically the idea. The 'you can't because we know what is best for you' has never exsited in linux til now, and has always eexisted in win.

Then we were disagreeing when we were actually agreeing it seems. Maybe we should be more specific as to what we mean in the future? :)

 

It is the principle of choice.

Yes, it is, but we must allow the programmers this same principle of choice. They have the right to choose to make their program non-root only, just as you can choose to run as root. Unless some decree comes down from Linus & Co. that nothing but specific tasks should be run as root (and is thereby limited in the kernel), it's still an issue of choice.

Edited by tymark

Share this post


Link to post
Share on other sites

sure they have a choice

one would think that they'd do what is best in truth about security

sure in their eyes it is best

 

i have yet to hear a reasonable arguement on single desktops or home networks against running as root or running an app as root. I've heard many opinions but never a fact. Never. Yet the majority, as usual, fall for these lies of, security! security!

Interestingly enough, it is those that walk on eggshells that pollute the world with their virus's, worms and spyware. Those that know and are willing to accept the truth and have just a little common sense, remain clean. Funny really.

 

but again, this is not about whether one should run as root

Edited by bvc

Share this post


Link to post
Share on other sites
Guest anon
i have yet to hear a reasonable arguement on single desktops or home networks against running as root or running an app as root.

Thats because there isn't one. If your running a single desktop with no internet access you have nothing to worry about other than making your own mistakes.

And if running a home network or intranet where you feel you can truly trust everyone, great !! no problem.

But your not doing that are you? your running a computer as root which is connected to the net 24/7 .

And ( with respect ) no matter how much of a security or networking guru you are or wish to be, you are taking needless risks my friend.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...