Linux Security

[David Fletcher]

At 02:39 07/09/2006, you wrote:

>On Wed, 2006-09-06 at 19:49 -0500, Michael Yep wrote:
> > Users should run as restricted users
>
>When I was running Window NT, I did that, and it
>worked great, but when I "upgraded" to XP I found
>it was totally impossible to do anything and eventually
>gave up trying and just made my "normal" user
>an administrator.

I've got the same problem here (at work). Unfortunately like many 
others I have to use XP. Also unfortunately I need to use old 
software, which probably pre-dates windows 98. It works OK most of 
the time, but won't work at all in the "normal" user mode so I have 
to permanently work as an administrator.

The important difference is, I think, that until XP (in my experience 
which excludes NT) windows has always been totally insecure (which 
isn't saying that XP is totally secure) whilst Unix/Linux has always 
been secure by default. So applications for windows have 
traditionally been written to run in an insecure environment and 
generations of computer users don't have the first clue about 
security. Which as we've seen in recent years is a recipe for disaster.

So, if we the Linux community can manage to persuade computer users 
to switch from windows to Linux we've then got a problem with people 
who don't understand security. If they've always run windows in 
supervisor mode then they'll just run Linux as root user because they 
don't know or understand the reasons why that is A BAD THING.

It all boils down to education. If a Linux user can manage to turn a 
windows user away from the Dark Side then that's very good. But with 
that power comes responsibility - the responsibility to educate new 
users to run the operating system correctly and safely.

Would it be a good idea for FC to incorporate a "nag screen" that 
pops up with a security lecture if the system is logged in as root 
for longer than, say, 20 minutes at a time? Or is used to run desktop 
applications such as Open Office or The GIMP?

Dave F