Douglas Mayne wrote:
> On Fri, 06 Nov 2009 12:38:02 +0000, The Natural Philosopher wrote:
>> Maxwell Lol wrote:
>>> The Natural Philosopher <t...@invalid.invalid> writes:
>>>> The Doctor wrote:
>>>>> Right I got a customer who is only running one account, namely root
>>>>> and 1 app. I suspect this person is opening himself to trouble.
>>>>> yes/no?
>>>> well its a risk yu dont need to take.
>>>> Youy can configure IIRC a no password user login, and put that user in
>>>> the root group so privileges needed for admin are granted
>>>> automatically, and still run as an unprivileged user..
>>> Sounds like a very bad idea to me to perenantly grant IIRC privileges
>>> this way.. a Setgid mechanism, which drops these privilegdes once the
>>> network channels are established would be better.
>> well its not secure from the keyboard, but it is secure from perversion
>> of user processes.
>> I.e. here I run as me, but I don't have to enter any passwords to e.g.
>> run the package manager.
>> And if I want a root shell, I can get it instantly, but its very much
>> obviously a root shell.
>> For me, that's great., No irritating second password barrier to becoming
>> an admin, but its clear when I am admin.
>> And it means that my normal user stuff..editors, mail and browsers, cant
>> stamp on the whole filesystem including config files, by mistake. Or by
>> externally induced abuse.
>> For me, thats teh best compromise.
>> YMMV. there is no perfect security, there is always a tradeoff between
>> security and hassle in unlocking the doors.
>> What I was trying to convey, is that to achieve a good level of security
>> against net attacks, whilst making admin relatively painless, is no
>> extra effort than running all the time as root.
>> That is, the only advantage to running as root, is instant access to
>> admin. But you can essentially have that anyway, with less risk of
>> accidental trashing. So there is no real reason to run as root that I
>> can see.
> I use sudo instead. This doesn't introduce a console vulnerability. sudo's
> configuration file includes options to give access with or without a
> password, and to specific commands or all commands. With the most non-
> restrictive options you can get to root very quickly:
> $ sudo -i
> root@somebox:~#
> Be careful as root, then exit out of the shell when operations that
> require elevated privilege are complete.
That's a security hazard I am willing to accept for the convenience. I
don't recommend it, I just state that's my considered preference.
|
