Hello,

I've read that for security reason you're strongly advised never to surf on the internet as "root". That seems pretty reasonable.

However while you run apt-get to get and install deb packages, aren't you connected to the internet as "root"? Isn't that dangerous then? What else can you do?

Thanks in advance for your help and advice!

It's always dangerous, either you are connect as root or not. The best is to keep your Operating System (Any system you use for that matter) up-to-date. For a hacker take over full control of Linux is no harder then taking over full control of Windows if not patched correctly.

I would not really worry about using or not root when surfing the web. I do, would highly recommend you getting a firewall and using only trusted server at your /etc/apt/source.list for obvious reasons and keep an up-to-date system

Thanks for the recommendations Megaman X! So I take it it's pretty safe to apt-get from the Debian site.

And no, my system isn't up to date, I'm afraid. That's because I'm running a free and oldish version of Libranet, which has the advantage of making me learn how to upgrade.
So I'm learning very slowly.

Cool, thanks eeried!!!

We might hear more peoples with more ideas too coming into this thread . Are you using Libranet 2.7 Classic Free? I loved that distro really much . When I say keeping the system up-to-date, I mean security packages, or programs that has to connect and open ports to the Internet as Gaim or Apache. Other patches as, let's say, for nautilus or midnight commander are not a must. Meaning that if you run (x)adminmenu and install the latest security patches would help a lot .

2.7 is neat. In fact, I liked 2.7 more then the new one. The last one did not give me so much headache with Alsa then 2.8 did .

Yes I'm running Libranet 2.7 Classic, and I really love it - my first experience with Linux.

Well, let's hope Libranet 3 will be better than 2.8 as I might be tempted to get it when I feel more at ease with Linux.

Yes I understand this, I just meant that almost everything in my Libranet version has to be updated, and I'm on a dial-up connection!



Cheers,

You do not have to be necessarily logged in as root to use apt-get. In a gui environment you can be logged on as a user but use a single consol as super-user (root) to install packages. This means that just that single consol is accessing the debian server at the time.

Many thanks TigerOC for this explanation.
I actually use a consol as super-user, but never thought there was any difference between being logged in as root and typing "su" in the consol when connected to the internet


Linux really takes care of everything.

Cheers,

The difference with "su" is that its a temporary state, which can be ended without logging the user out by simply using "exit". In practice, the difference is nil. If you are using apt-get to update, remmber that one of the things that's been a hallmark of this package management system for a long time was checking the signatures of the package. If they match what's been submitted to Debian along with the original package, then its a good package. If you use things from other sites, not sendorsed by the Debian project, you'd better be sure the maintainer is legit. Security begins with the user.

Thanks vectordrake for your reply. It's all very clear now.

Sure enough!

Cheers

Hello again,

I forgot to ask this: What do you need to write after apt-get install to get the security updates?
I had a look at the list of security updates on the Debian site but I don't suppose you need to write the names of each files.

I stupidly typed , and I'm now getting upgrades for all packages -- never mind I think I know how to stop this enormous download Ctrl + c)!

Cheers,

Hello again,

I forgot to ask this: What do you need to write after apt-get install to get the security updates?
I had a look at the list of security updates on the Debian site but I don't suppose you need to write the names of each files.

I stupidly typed , and I'm now getting upgrades for all packages -- never mind I think I know how to stop this enormous download (Ctrl + c)!

Cheers,

Advising someone that it is alright to surf the web as a root user is irresponsible!!!! You must learn to only use root when absolutely necessary. If you execute a piece of malware as root user that code runs with the priveledges of root which means that it can do anything to your machine. If this code was run with a normal user it would have died because of lack of permissions. This is one example there are many many reasons why you don't want to run as root. Learn to su or use sudo to run a single command and then exit to your normal user. example su -c 'apt-get update' will run apt-get update as root and exit back to your user. You are always 1 command from deleting your os when running as root.

eeried:

all you need to get security updates is the security site in your /etc/apt/sources.list and then every time you type you'll be up to date. That's why Debian has such a strong cheering squad - its that easy.

Hello,

Don't worry peacebwitchu! I'm aware of the dangers as my original post shows, and I do use su to run apt-get. But of course if your upgrade lasts for hours your computer is open to whatever even if you aren't actually surfing all over the net.

As for getting security updates, I've finally understood how to do that: got the right sources from Libranet, and commented everything in the sources.list that had nothing to do with security -- so as not get a huge download.

And yes, vectordrake, apt-get is really smart!
As for reconfiguring after download is complete, i suppose libranet was some help. There were some instructions to stop you wreck the system (I suppose), and and I didn't change anything in Shh, Postfix, and Fetchmail. I don't seem to need Shh (a Telnet thing), Postfix (mail server), and I suppose the fetchmaildaemon configuration that was shipped with Libranet was still alive and kicking.

Cheers