LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-03-2009, 04:22 PM   #1
riddler313
LQ Newbie
 
Registered: Apr 2009
Posts: 9

Rep: Reputation: 0
Basic security


I guess this is a fairly stupid (at least ignorant) question, but after hearing time and time again how dangerous it is to use the root account for everything, I have a few questions to ask.

I use kubuntu and really the only account that ever gets used by me is the root account. When I go to the console almost every second command I run should be sudo "command" if I chose to use a regular account. After a while it gets even more tiresome than vista asking if I really want to run the program I just started. This is a desktop system that doesn't run any servers. If I only use firefox/torrent/dc++/ftp am I vulnerable to attacks from the net. I mean, can someone "log" onto my system through a bug in one of these "client" programs or because of a bug in the kernel itself or is my computer vulnerable to attacks only if I run server software like apache/database server?

If I understand correctly no one can enter the system through a closed port unless there is some server process like xinetd listening and spawning server processes when a request to a port arrives. To go even further, is the root password even mandatory because no one else can log onto this machine locally but I and it would be faster to bypass the kdm login altogether?
 
Old 07-03-2009, 04:48 PM   #2
NeddySeagoon
Gentoo support team
 
Registered: May 2009
Location: 56N 3W
Distribution: Gentoo
Posts: 178

Rep: Reputation: 40
riddler313,

There are several issues here.

Daemons (services) usually run as their own user, never root, so if someone finds an exploit in one of these process, they can only do whatever that processes user can do. That varies from service to service.

The main/only user running as root is a bad thing on the internet. If any applications you use have exploits, any attacker would become root, install a root kit and you would never know your system ws compromised. Such an attacker could do anything. Use you box for sending spam, as part of a DDoS attack, part of a bot net ....

Using a normal user account makes it harder for intrusions to go undetected as any intruder still needs to get root to install a root kit. They can still do all the nasty things above but not cover their tracks as easily.

As a normal user, you cannot accidently trash your install with a careless space. The worst you can do is to delete things your user owns.

Security is not any one thing, its like the layers of an onion. The idea is not so much to keep attackers out but to make it clear to them after they have got past a layer or two, that there are easier systems to attack, so they give up on your system.
 
Old 07-03-2009, 06:25 PM   #3
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 871

Rep: Reputation: 43
First; the buntu's are notorius for weak security in the linux world. My understanding about that is that they use the normal users password for to gain access to root in a less than disirable way. It should not be to hard to find a discussion about that on the web.

Second; I am not a security expert so bear that in mind.

Third; I would not bet that someone could not get in my machine even with all the ports closed and no public services running. Those who are really good at it can get in about anywhere they want to. All you would have to do is click on the wrong link on a web page and they have you. Most of the time machines are compramised by the user using unsafe surffing habits or throug email links and what-not called 'social engenering'.

Once they are 'in' if you are running as root or with substancial root privlage then their job of further comprimising your machine is simple. On the other hand if they have to hack another account (not required in the buntu's unless you specifically set it up) that can slow them down a lot and may even cause some of them to give up.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Basic Security matchgirl Linux - Newbie 4 03-23-2006 02:21 AM
Basic Security? M$ISBS Linux - Security 6 10-28-2005 04:47 PM
probably one of the most basic security questions... breezewax Linux - Security 11 10-10-2004 01:30 PM
basic security?? wrat Linux - Security 5 05-15-2004 03:55 AM
Security Basic vcheah Linux - Security 2 01-08-2002 05:38 AM


All times are GMT -5. The time now is 03:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration