mikshaw
Group: Members
Posts: 4856
Joined: July 2004 |
 |
Posted: April 11 2007,18:21 |
 |
There are at least a few arguments against running applications as root (particularly graphical apps) and being root all the time. Two of the most common are
1) Root can do ANYTHING, including destroy your whole system with a mere typo or running a malicious piece of code. There are usually no "are you sure?" or "operation not permitted" messages when you are root.
2) Applications usually run with the permissions of the user running them. If you are running a hijacked program and are not root, the most damage that can occur is the destruction of your personal data. If you are root, the most damage that can occur is just about anything.
Some people consider running apps as root to be something completely off limits unless you absolutely have no other option, and logging in as root on a desktop system is simply not done. Other people think the whole thing is simply overblown paranoia and they continue to do everything as root because it's easy. Personally I'm somewhere in between. I'm an advocate of using a limited user to do as much as I can, and if it's a task that requires root I want to limit it to commandline or at most a visual shell such as mc, but I am not entirely against simply logging into a console as root. What I consider the most important part of security is having _good_ passwords for root and all users who have any ability to do harm to the system. I like to mention this whenever I hear someone say they want to just run as root all the time, but I don't want to push it too hard (particularly since you are running an offline machine, and frugal DSL systems can easily be repaired).
I still don't quite understand why running X applications as root is any more dangerous than console apps, but i guess it probably has to do with the fact that the added complexity of a GUI would inherit a greater chance of security issues...more code generally means more opportunities for programming errors. Maybe there's more to it than that.
There are many articles and forum posts on this subject spread around the Linux/Unix/OSX/BSD sections of the internet, so I think i'll leave it at that (plus I make a lot of assumptions about things I read, and feel comfortable stating only what sounds logical to me).
As for learning more about the commandline, there is a great repository of Linux guides at http://www.tldp.org
The url in my signature is a good one for linux basics.
I've looked into trying to get Postfix and Mutt installed and configured on a DSL machine, but have had no luck so far. Part of this is because Postfix/Sendmail configuration is way above my head, and haven't even succeeded in getting it working in Slackware, where I have a pile of documentation and support files already installed. When I used Suse, Postfix was already configured so that I could send and receive POP mail using Mutt, although I still have no idea if it was securely configured to prevent being used as a relay for others.
--------------
http://www.tldp.org/LDP/intro-linux/html/index.html
|
.
DSL Market ,
Great VPS hosting provided by Tektonic
