I've always understood it to be that you always build a standard user account for general use, and only use your root or administrator account for administrative purposes.

How many people here actually follow this ?? I can't say that I generally do, though I always tell others to.. (do as I say, not as I do. lol) I'm always busy installing or uninstalling software, screwing with settings or trying to break something. (I've reinstalled linux 3 times this week because I've been screwing with packages/dependencies and startup files. hehe..

Anyhow.. have things to do.

...V

My default user on linux is always a standard user. I always take the time to setup sudo.

On windows, I think my user is a power user, so I can install most programs (if I remember correctly). But I have to allow more vulnerabilities on the windows box at home because my wife isn't so computer savvy and installs lots of stuff. I mostly just keep it all scanned for viruses and spyware (since I use my linux box anyway). I also have both hardware and software firewalls limiting some of the damage she can do. Not to mention Firefox and Thunderbird are a must, with settings I choose...

On Linux i'm always in my user account. I stay away from logging in as root graphicly like the plauge. Though sometimes I find myself in those situations when I don't know how to do it through the CLI so I do it anyway. The longer I use Linux though the less often that occurs. On my windows box I follow the same practice, though XP makes this a pain in the butt, and not loggin in as admin is an imposiability

I always use my normal user account. If I need to do any admin tasks, I switch to root on the command line. On rare occassions, I use kdesu to run a graphical app with root priveleges. I hardly need to login to root on my production machine because once I have setup things the way I want there is no need to keep tinkering except when doing security updates.

I almost never log into my root account. I mainly just work as a user, and I use sudo for any root access. The only time I really log into my root account is when something in sudo doesn't work (for example, some long bash command with lots of parentheses).

I can relate a really cool story from a Unix Expo show that I attended about 20 years ago about the dangers of willy nilly use of root. Once upon a time....

Seems that there was a company that was touting the advantages of their "Secure Unix". They had a TV (or some such appliance) that they were giving away to anyone that, given a normal user account, could penetrate their file security and obtain the 'secret message' kept in a file (which was held in the /tmp directory). Users were provided with a terminal and a regular user account to log in and attempt to get to the file.

This being a Unix Expo in NY, there was a hugh crowd around the booth, and this challenge generated lots of interest.

Seems a rather enterprising young man was given a chance. Once logged in, he noted that root's .profile had '.' in the execution path before any of the other command directories. So the kid made a little command called 'ls' that would copy the 'super secret file' to the normal user's directory, then did a chmod 777 on the file copied, and then called the normal ls command and passed it any arguments. He put it in the /tmp directory, and then logged out. He asked one of the booths attendants if there was a problem with the file in /tmp, as he could not find it. The booth attendant logged in as root, cd'd to /tmp, did a ls, and pointed out that the file was there. The kid (smiling) said, 'Ok, thanks'. Logged back in and obtained the message from the copied file in the normal user account. He then proclaimed that he had penetrated security, could recite the message and wanted the prize.

The booth company was not happy, but finally handed over the prize.

It created quite a stir (as I recall).

-- Larry

"Social Engineering Specialist, because there is no patch for human stupidity."


I'm really surprised to see that so many people actually use a user account.. I'm trying to get into the habbit, it's a bad one to have.

...V

I don't have Ubuntu, but I like how they enforce the rule. The root account is disabled so you can't log in as root. You have to use sudo.

Root is not really disabled in Ubuntu, the account is still there but just doesn't have a password. Whilst sudo is very convenient, there is also the danger that a cracker would just need one users account details to gain access to the whole system. Obviously chances of this happening are much less is Linux compared to Windows but its still possible.

Perhaps, I should have used the words "locked out". I meant that you can't log in as root, or su to root. Thank you for the correction.

Certainly I've not started X as root for at least 5 years. No point doing it anyway, my only desktop is XFCE with no GUI management tools. Of course, I have a little ugly Windows for games. Here I made things simple. I disabled Windows File Protection and started removing everything not related to gaming. I ended up with XP SP2 well under 400 MB and without any networking ability - and it stays clean without any antivirus software. (I think Windows should not do networking as kids should not play with matches.)

Under 400mb? Thats nice! I wish windows had one of those awesome "minimal install" options like linux does, how cool would that be.

...V

Emerson, do you never play games online?? Your missing out.

Maybe not. I do not enjoy multiplayer games. (I have only a few, like Capitalism 2 and alike).

But if that's so, why assume the cracker won't similarly gain the "account details" for root if you use the root account?