View Single Post
  #8 (permalink)  
Old December 18th, 2003
nDiScReEt's Avatar
nDiScReEt nDiScReEt is offline
_eLeCtRiFyInG MeMbRr_
 
Join Date: May 9th, 2002
Location: Chicago
Posts: 232
nDiScReEt is flying high
Lightbulb Enlightenment

Quote:
Originally posted by juztin
nDiScReEt,

thank you for the great explanation...maybe you should write a n00b tutorial ....that really helped me a lot understanding groups and permissions (something i was a little tangled on before)...

one question though...

...when people say that staying logged in as your root account is dangerous, does this apply to people who are using a computer that they are the only ones who have access to? i am the only one that uses my computer, it's a home PC...is it still dangerous for me to run the root account all the time?

thanks again...
juztin
The danger isn't minimalized because you are the exclusive and solo user on your system, that only compounds your risk. I can break down the risk in two scenario situations: Mistakes and "Uninvited Guests" (crackers).

In the first instance, you might delete something that is critical or highly important but you can't recover it like accidentally deleting system files and directories. A good example is the two following:

rm -fr ./

or

rm -fr /

In either case you have commited the worst mistake when your finger accidentally tapped the "Enter" key. You have deleted every file and directory on your system. You have commited seppuku in standard old samurai tradition. (Is there a hint that I have seen the movie "The Last Samurai"?

The second case, users whom "accidentally" type in their "root" password when trying to access an ftp account or webmail account. Or simply loggin in daily to your system as root will give a patient hacker the oppurtunity to achieve root access to your system where as it wouldn't have been as easy with a regular user logged in, because the hacker would have to "escalate" his access. Escalate meaning that they would have to reach a higher level of access then a regular user. Preferably and usually root. In other words, whatever access you have, they will have. Another way that a hacker can access your system while you are logged in as root for regular desktop functions is through your browser. They can make a server-side script, cookie, and/or combination of the two to gain access to your system. In this case you have given your enemies the sword to cut your head off.

Good URLs to learn howto get "spun up" on Mandrake is http://www.mandrakeuser.org and http://www.tldp.org/docs.html.

HTH
altoine
Reply With Quote