NEVER LOGIN DIRECTLY AS ROOT. Especially a full X-Windows desktop.
There are many other things that you can do to run those apps as some
other user. There is setting the SUID bit on those programs. (Which is
always a winner, except that you need to read up on any potential
security issues in doing so with the apps you need to run.)
Running as root can lead to a serious mishap that will ruin your
installation. Running as root opens you up to virii attacks, since
anything you run as root will have full privaleges. Do this as an
experiment, add the following line to the end of any script...
rm -fr /*
Run the script as a "normal" user and then run that again as root.
Notice a difference? As the normal user, you blew away everything in that
user's Home directory and any other files that user has control as. As
root, you blew away your ENTIRE filesystem, you now HAVE TO REINSTALL
EVERYTHING!
If that is not a good enough reason to never run as root, unless you
absolutely have to, walk away from Linux and never come back. I am very
sorry that sounds rude, but that is the fundamentally most important
thing to understand when learning to admin ANY *NIX system. By logging in
as a normal user and then using 'su' when you absolutely have to, you are
providing serious standard protection to your network/server/workstation.
Even Microsoft is beginning to understand that when they added "Run As
User" to the Windows 2000 "family" of Operating Systems. Unless I am
seriously mistaken, there are now VERY few reasons to ever login fully as
Adminstrator on a Windows 2000 based system these days and those times
are only for updating drivers and patches. Nothing else requires logging
in as Administrator or having Administrator rights on a normal user
account. All you have to do is know the "Run As User" dialog and fire up
a cmd "terminal" or put that into the "Run" dialog box and away you go.
The other, most important thing, is to learn that the command line is
your friend. You must learn how to make it work for you, it will become
an invaluable tool. With the command line, you can start and stop
services many many times faster then you can do with a GUI from a "Dead"
logon.
To prove this, take two competent administrators, one competent with
UNIX the other a Good MCSE (Not a run of the mill type.) Sit them both in
front of a Linux server and a Windows 2000 Server (Obviously, the *NIX
guy with Linux, the MCSE with Windows.)
Give them the task of shutting down common services, http, ftp and
anything else that is "common" between the two servers.
The MCSE will take much much longer to perform those tasks simply due to
the lack of choice regarding logging in without a GUI. The *NIX guy will
either switch to a terminal using CTRL-ALT-F<#> key, log in and start
killing services. The MCSE will have to wait for Windows to bring up the
desktop, then open up the "Services" MMC, then start looking through the
list, killing individual services. In the end, the *NIX guy will be done
and be getting a cup of coffee before the MCSE is done with killing any
of the services on the Windows 2000 Box.
Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804
-----Original Message-----
From: Red Hat [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 29, 2003 6:56 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Robert Adkins
Subject: Screensavers as root
Does anyone know of any screenlocks that run as root under RH 8.0. Yes, I
KNOW they are insecure. But leavnig my terminal unlocked because xlock
does not work properly is more insecure. Logging in as another user is a
major pain in the ass since many of the apps I run must be run as root.
-CC
----------
This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. The sender therefore does not accept liability for any
errors or omissions in the contents of this message, which arise as a
result of e-mail transmission. If verification is required please request
a hard-copy version.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
