Re: dangerous to leave root logged in?

From: prg (rdgentry1_at_cablelynx.com)
Date: 03/29/05 

Date: 28 Mar 2005 14:53:09 -0800

hans_schulze98@yahoo.de wrote:
> prg wrote:
> > hans_schulze98@yahoo.de wrote:
> > > Is it a problem to leave root logged in at all times?
> >
> > Yes. That is "Yes". And in case you did not get it, "YES".
> >
> > > ... Or to leave
> > > root-admin tools (YaST, kuser, ...) running at all times? ...
> >
> > See above!
>
> I appreciate if people tell me about specific problems with this
setup
> (as opposed to the commonly-asked question whether you should log in
as
> root
> *and* use it for everyday activities).
>
> > > ... This is done
> > > on a different X Server than the ones used
> > > for regular users, and noone has physical access to the machine
> (but
> > > internet is always on).
> >
> > Run _anything_ as root as little as possible, for as short a time
as
> > possible.
>
> But maybe this is safer? No root passwd to type within normal user's
> account.
>
> > > In fact, is it dangerous to run an (extra) X-server for root
> > > (additionally to the one for the
> > > user)? E.g. SUSE prevents this; logging root into kdm only gives
> > YaST,
> > > not KDE.
> >
> > SuSe is trying to protect you from yourself ;-)
>
> Not if permissions are "easy" or "normal".
>
> > If you want convenience (laziness?), use Windows. What's the point
> of
> > subverting the security mechanisms built into *nix?
>
> What? Under *nix, X always runs as root, no matter what you try. For
> every user.
>
> > Root priviledges are sometimes _necessary_ but should be (and
usually
> > are) dropped as quickly as possible by applications.
>
> So what's the problem with an idle root-xterm? Where's the risk? It
> just sits there.
>
> > Applications that _run_ as root (eg., config tools) for their
> duration
> > are _not_, _not_, _absolutely_not_ to be left "hanging around" for
> your
> > convenience (ie., laziness). Invoke them, use them, then close
them.
> > Period.
>
> Strong convictions like this require reasons.

9th google hit from: linux suid (top-of-the-head search)

http://www.samag.com/documents/s=1149/sam0106a/0106a.htm

I don't have time to pound this nail ;)

prg

Relevant Pages

  • Re: Low Memory
    ... another thing you have too much code in the root of the exe ... over lay more and make ur main start up routine the only thing in the root ... where does the memory go? ... I have noticed that the .prg ...
    (comp.lang.clipper)
  • Re: dangerous to leave root logged in?
    ... prg wrote: ... >> Is it a problem to leave root logged in at all times? ... >> for regular users, and noone has physical access to the machine ... Under *nix, X always runs as root, no matter what you try. ...
    (comp.os.linux.security)
  • Re: F 9 problems to install
    ... from root - startx: ... No screens found ... The display driver is NVIDIA GeForce 9600GT. ... I typed "setup" and got a setup which included X. ...
    (Fedora)
  • File Permissions
    ... I'm new to linux and recently setup SuSE 9.0 with as a server on my home ... The partitions created during setup are all owned by root and the group is ... To further confuse me, in samba, I can connect to a shared partition (from ...
    (comp.os.linux)
  • Re: Periodic Emails are not coming
    ... My aliases file was setup properly, but I have discovered that it ... wasn't compiled (I hadn't run "makealiases" for courier-mta). ... tried to send mail to root, ...
    (freebsd-questions)