On Thu, 2010-04-15 at 14:32 -0400, Bill Davidsen wrote: > Good. Because if you have root password then all you have accomplished > with nanny login is to force the user to type the root password for > every GUI, or force the user to try to use su and a possibly unfamiliar > CLI to do things. Not quite. The difference between (a) logging in as root and (b) logging in as a mortal user and escalating privilege as necessary (via consolehelper/su/sudo) is that: (1) activities that don't require root on the desktop will run with user-level privilege. For example, it's not uncommon to need to look something up on the web when doing sysadmin activity; if the user is logged in as root, then Firefox (and all of its plugins) are running as root as well. With the many recently-reported security problems in AcroRead (as an example), this is a definitely a significant risk. In the worst case, _the web owns your root_ (what could possibly go wrong?!). The same applies to other desktop apps such as OOo; don't tell me a sysadmin never creates a spreadsheet. If the user is logged in as a regular user, then Firefox and plugins, OOo, etc. run as that user, limiting damage in the event of a compromise through those tools. The user can still run selected tools (system-config-* for example) with elevated privilege, right alongside the other windows. (2) logging in as root causes the desktop environment (window manager, file manager, applets, userspace side of FUSE, and so forth) to run as root as well, significantly increasing the surface area for an attack. (3) creating files as root tends to encourage future login as root in order to conveniently access those files. > "We have more to fear from the bungling of the incompetent than from > the machinations of the wicked." - from Slashdot Exactly. -Chris -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
