gabriel rosenkoetter on Fri, 1 Jun 2001 16:03:51 -0400


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] User Accounts


On Fri, Jun 01, 2001 at 12:18:39PM -0400, Joseph B. Welsh wrote:
> I have been running as root for 2 years and never have I typed a command 
> like that.  I gather from what everyone is saying that as non root user, 
> If I do become careless, I have less chance of deleting something I want 
> to keep.  But is that the only advantage to being non root on the system 
> I described?

How about another example: consider the Outlook email viruses that
are the plague of NT systems.

Note that the ones that damage the system work because the average
user actually *does* have permission to modify the registry.

I can similarly trick you into running a program as root, and I can
similarly use that to damage or take over your system. I can do
nothing but get your user account if you do it as a user, which is a
lesser (though important) risk.

I could easily come up with ten or so more examples.

Do nothing as root you aren't absolutely sure you need to. Period.

       ~ g r @ eclipsed.net


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug