christophe barbé on Mon, 1 Jul 2002 15:50:11 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] log as root or not ?


On Mon, Jul 01, 2002 at 09:05:15AM -0400, Jesse P Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> christophe barbé wrote:
> 
> 
> | My question is : Is there a good reason to avoid log in as root
> | directly when using a secured channel ?
> 
> 
> Yes.
> Occassionally, we all get stupid.  Whe you are root, stupid can really
> screw up the system.  If you always log in as a normal user, then su to
> root, it helps you to not forget roots power.

You should reread the thread from the beginning and I should have be
more precise when reformulating my question by adding :

   "when doing root stuff."

Is it a myth that it is bad to log as root and instead better to log as
a normal user and then su to root, when using a secured channel (ssh)
when doing root stuff ?

It seems to me that the answer is yes. and gabriel give me some good
arguments and so far I have read no good argument for the oposite.

Christophe

> Also, if you are interacting with the internet as root, via a browser or
> ~ email client, then a malicious site or email which you read or visit
> can  do damage as root.  The biggist advantage of Linux/unix when using
> the internet is the ability to safely do this as not root.
> 
> Even if you only have one system which you use as a work station, when
> you transition to root, you put on your admin hat, you are not just a
> user, you are the great and terrible admin and must have respect for
> your own power.
> 
> This, of course, applys to both local and remote.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7-nullify-r3 (Windows 98)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQE9IFOJK3KGHMBjApYRAlguAJ4uZZye2JzL8Edw3L9EyxU32BGrJgCgsrMB
> i4u8a//L3UiBWGkk3xGfqJs=
> =oP92
> -----END PGP SIGNATURE-----
> 
> 
> ______________________________________________________________________
> Philadelphia Linux Users Group       -      http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug
> 

-- 
Christophe Barbé <christophe.barbe@ufies.org>
GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8  F67A 8F45 2F1E D72C B41E

Cats seem go on the principle that it never does any harm to ask for
what you want. --Joseph Wood Krutch

Attachment: pgpnjs2lNkUlN.pgp
Description: PGP signature