[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Getting people to say nice things about Microsoft (Linspire repo)



Les wrote:

	In this case Craig is right.  I do not run as superuser.  I run as a
liddle ole' normla user (sic).  I have found that my stumbling fingers
stumble into some nasties all by them selves as root that I then have to
try to figure out what I did and why it had those precise consequences.

I think everyone is right, use the method that is going to work best for your usage pattern on a particular box. If you do stuff like making rpm packages, doing it as root significantly increases the chance of damaging your system, so have a user on that box so any unintended writes to / just bounce off as disallowed. If you admin a box for someone nontechnical to use, make sure they are running as a mortal user so they can't meddle with network settings and so on. If you run network services, really this can include using a web browser, better if it runs under non-root credentials so any exploit has potentially more trouble disappearing into your woodwork -- and the other network services running under their own unprivileged UID/GID is useful for the same reason, but this is the default anyway.

On the other hand if you all ever do on a box is root-level admin, for example a remote server, then by all means log in as root and don't bother with a user, since a mortal user can't do anything you need to do anyway. Les Mikesell's point that all your valuable docs are under your UID and you can trash them as your mortal user is a very strong one since in most cases the OS can be regenerated/reinstalled pretty easily, eg with the rescue CD or an explicit reinstall, but your work product can't be, so merely running as a mortal does not protect you from that kind of disaster. If you prefer to use sudo to just allow some things to be done as root from a mortal login, hey that's fine too. The only way that is definitively wrong is if your particular method does not match what you needed on a particular box, like building rpms as root.

-Andy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]