|
I very strongly agree with this.
On Linux, as with Windows, administrative privileges are not to be given lightly. You should reserve the supreme system powers only to the root userid.
On many Unix/Linux systems, there is a special user-group called wheel where the "big wheels" of the system live. And the /usr/local directory is generally read/writable to members of this group: if not, you can (as root) make it so with: chgrp -R wheel /usr/local.
Users who belong to this group can issue the command newgrp wheel and give themselves read/write privileges to this directory .. which is designated for the installation of local (i.e. computer-specific) software. Thus they are "administrators" of the local system, able to install and remove software on it, without being root. Once finished, they issue the newgrp command again to return to their home group.
It must be quickly understood that many if not all of these users may know the root password and be fully entitled to use it. But they voluntarily do not. They voluntarily limit their powers only to the minimum extent necessary to accomplish the task at hand.
Why? Because of "rogue programs." Viruses. Programs that could execute without their knowledge, using their login privileges. Normally, they set their powers to be no greater than the next guy's. Any rogue that tried to execute and do nasty things .. would fail.
On my systems, "I myself" do not belong to the wheel group. I have a separate system-maintenance account designated for that purpose. And it isn't even possible to log-on to that account except when maintenance is actually being performed.
User-ids are cheap. Use them to your best advantage. For example, if you "wear two hats" at your company (accountant, CEO, salesman) .. define a separate account for yourself, with different passwords, for every role that you play.
|
