Root vs Uer, WAS: Re: [CLUE-Tech] How Safe Is It, part II

Timothy C. Klein teece at silverklein.net
Wed Nov 6 10:24:20 MST 2002 

* Jed S. Baer (thag at frii.com) wrote:
> On 05 Nov 2002 19:13:52 -0700
> Roger Frank <rfrank at rfrank.us> wrote:
> 
> > I want to be able to write student labs and have them in my
> > /var/www/html tree.  I also want the solutions there in a 
> > subdirectory so they are tracked with the assignment.  The 
> > server is physically in my office and the student lab is in the
> > next room, so I can get anywhere in the /var/www/html tree as root.  
> > I'm wondering if it's simple enough to just chmod 0700 and have 
> > the owner root on the solutions subdirectory.  Students can find 
> > it, but they shouldn't be able to descend into it.  I couldn't 
> > either from the browser, but that's okay -- I don't need to
> > from that side.
> 
> Easy enough to just have that directory (html/labs/answers/ or whatever
> it's called) owned by any user other than the one running your httpd
> process, and then, as you say, use file permissions.
> 
> But why root? Why not rfrank? Or something other than root. You shouldn't
> force yourself to log in as root to do non-sysadmin tasks. Remember, a
> typo as joe user can be an inconvenience. A typo as root can be a
> disaster.

You know, as one who has always used his Linux machine for desktop stuff,
I find this wisdom just doesn't hold.  It makes sense on a server, where
a mistake could mean downtime that could make users angry, and possibly
get one fired.

But on my machine, it is used by me only.  My wife and mother-in-law use
it indirectly as it filters packets for them, and does NAT.  If I nuke
the whole machine (which I have done), it is no big deal.

So why does it not make sense to me?  The only important stuff on this
machine is all under /home/teece:  papers, source code, pictures, mp3s,
etc.  All that stuff is the reason I have my computer.  The stuff
outside /home/teece just makes the box work.  I have it on CD or it is
very easily attainable via the net.  Even config files in /etc are just
a little bit of time to rebuild.

So, to do real damage to my computing experience, I need to delete stuff
in /home/teece.  I can do that if I am root, or if I am not.  In the
end, I trust myself.  The whole mentallity of treating root as so
special doesn't really hold.  If I hurt myself, more than likely it will
be as 'teece', not as root.

I see this caveat always spoken, and it really doesn't apply in the
single-user machine.  It doesn't hurt, either, of course.

Tim
--
==============================================
== Timothy Klein || teece at silverklein.net   ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================

More information about the clue-tech mailing list