On Sun, 14 Jun 2009 01:42:53 -0400 Todd Zullinger <tmz@xxxxxxxxx> wrote: There's some truly awful advice in this thread, aside from Robert Cochran's :-( > Mike Dwiggins wrote: <snip> > > Some of us are causal users who wander in from the Windows world! I > > wish I could live in Linux but, that ain't gonna happen! > > > > I need to be able to log in as root to do my job! I wish it were > > not so but, it is! Life always fair! Easy fix: * Log in as your normal user * "su -" (interactive root shell with full environment) * "su - -c "some command"" - run "some command" as root with appropriate environment * sudo "some command" (like above, simpler but needs sudo installed) - Fat-fingering a command like rm or fdisk / mkfs etc. as a user may result in limited damage. Doing so as root will be a disaster. Don't shoot yourself in the foot. - NEVER ssh as root. PermitRootLogin defaults to "no" in OpenSSH for good reason. If your root password is weak and an attacker guesses it, it's game over, your machine is compromised and you're another zombie in someone's botnet. Log in as a regular user and su - Many X programs are not designed to run with root privileges (xscreensaver refuses to - jwz has BOFH nature, bless him) or pose security risks when run as root (GTK apps spring to mind) Again, log in as a regular user, run your app and if it needs root privileges you'll be prompted for them. If a regular "user app" NEEDS root privileges and doesn't have a hook into ConsoleKit/consolehelper then frankly it's utter garbage and you would be wise to look at a packaged alternative. I'd be astonished if Opera couldn't save it's downloaded extensions to somewhere under $HOME like the Mozilla-based browsers do. > > I think some of that "need" might be based on the experiences you've > learned from in the Windows world. Permit me, as someone who has seen both sides (6 years systems admin on both sides of the fence, about 15 as a user - ex-Windows desktop user to Fedora desktop user and packager) to make some comments. > I think it's very unfortunate that > Microsoft has done such a poor job of encouraging and allowing users > to run with the least privilege needed. This isn't strictly Microsoft's fault alone. Their engineers have been aiming to get users to run with the least available rights (and good users / administrators have tried to do so, with mixed success) but a combination of laziness on the parts of application developers, "Enterprise" admins of MS domains and users (who are subject to and learn bad habits from lazy admins and developers) often results in users being added to Administrator groups (or just logging in to the Administrator account) with disasterous results. > In trying to help my friends > and family who cling to Windows, I am regularly appalled at needing to > login to an account with admin privilege to perform some task. A lot of the time this is installs / updates, for general day-to-day work most applications will run with regular user privileges. Perhaps not as gracefully as UNIX apps, but they can (will ask to run as an Administrator or other profile). Alas as most lazy installs have everyone running as Administrator most don't see it. :-( > In linux, I would only need to use su or sudo (or, in many cases, I'd > automatically be prompted for credentials when more privilege was > required). For the most part, I think Fedora gets this right much > more often than Microsoft does. *nods* - the ConsoleKit / console-helper apps are much more elegant - just prompt for the root password, no fuss, no complexity. Michael. -- Michael Fleming <mfleming@xxxxxxxxxxxxxxxxxxx> - (EMail/XMPP/Jabber) WWW: http://www.thatfleminggent.com Fedora / Red Hat Packages: http://www.thatfleminggent.com/rpm-packages Twitter: http://twitter.com/thatfleminggent -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
