Root growing
in [Suse]
|
From: mjt on 29 Jun 2010 18:46 On Tue, 29 Jun 2010 22:44:24 +0100 David Bolt <blacklist-me(a)davjam.org> wrote: > > Either way (sudo or su) ... my point is that the results > > of the "du" will be different if you running it as your > > regular user or if running as the root user. > > Which was why I initially said to be the root user when using it. That > > I'd like to add one other option for "du" ... the "-h" option, > > which prints out the sizes in a human-readable format :) > > I specifically didn't include that because, My bad on both points ... I was fixated on the command itself, without regards to the talking points in the text. -- "It's Fabulous! We haven't seen anything like it in the last half an hour!" -- Macy's <<< Remove YOURSHOES to email me >>>
From: mjt on 29 Jun 2010 18:50 On Tue, 29 Jun 2010 22:59:01 +0100 David Bolt <blacklist-me(a)davjam.org> wrote: > As for things that need to be run as root, for instance using YaST2 to > do package maintenance as a normal user pops up the password dialog > box[0]. And, one thing I dislike about it is the checkbox allowing the > password to be remembered. Oddly enough, that "save password dialog" never has worked. I've done it in the past, and it never "remembers" the password. -- "I went to a job interview the other day, the guy asked me if I had any questions , I said yes, just one, if you're in a car traveling at the speed of light and you turn your headlights on, does anything happen? He said he couldn't answer that, I told him sorry, but I couldn't work for him then. -- Steven Wright <<< Remove YOURSHOES to email me >>>
From: David Bolt on 29 Jun 2010 18:59 On Tuesday 29 Jun 2010 23:25, while playing with a tin of spray paint, Ulick Magee painted this mural: > David Bolt wrote: >> >> You'd hope so, wouldn't you. I don't have much faith that some people >> running servers, any servers, have even the slightest clue. If they >> did, I don't think I'd see quite so many attempts to access phpmyadmin >> and other such stuff on my web server. > > That doesn't tell you all that much though. > It's a bit like spam. > It costs basically nothing to send out millions of attempts, and you > only need a few responses for it to pay off. And, apparently, there are more than enough badly administered systems with it accessible to the outside world, so it's worth doing. Unfortunately. > PHP does seem to be one of the most popular ways to get inside a poorly > secured linux web server though. Oh yes. I still remember a Linux specific worm spreading because of insecure PHP and Apache installations. Looking at the datestamp of my archived copy of the payload, it was around mid December 2005. > At the end of the day there are various ways that OSes attempt to limit > the effects of user stupidity, but there's no cure for admin stupidity. There is, it's just illegal in most countries. >> I'm not sure there's many that do. All the advice I see given, >> especially when talking about running X as root is basically >> "just don't do it" TM. > > You could call that the "inverse Nike" approach :) Now that's something I hadn't thought about calling it. >> As for things that need to be run as root, for instance using YaST2 to >> do package maintenance as a normal user pops up the password dialog >> box[0]. And, one thing I dislike about it is the checkbox allowing the >> password to be remembered. It shouldn't be there, but it is, and I'll >> bet that an awfully large number of users would also make sure the >> password is remembered. > > I was a bit dismayed when that first appeared in KDE3.something, too. I'm not sure which one it was, but I think it was 11.0 that removed that checkbox, accidentally or otherwise, but it reappeared with the next version. Pity, as it would have been nice if they'd left it out. > I've never used it on a 'real' box, but recently tried it on a > oS11.2/KDE4 VM just to see what would happen, a thingy appears in the > taskbar saying that privileges are elevated. I never use it. I don't like it and, from a security point of view, wish it was possible to remove it completely. If it isn't there, you can't be tempted to check it "just as a time saver." > Now whether that just > applies to YaST (or whatever else originally asked) or to anything, I > don't know. No idea. >> And running with root, administrator, or whatever you'd like to call >> it, still seems to be the default for the first user created even with >> their latest "more secure" offering. > > Well there's a big difference (I hope) between running as root and > having the password for root the same as your own There is. You still need the root password, even if it is the same as your normal user password, to do privileged actions. If that wasn't the case, I'd be very worried. > - the latter has been > the default on openSUSE installations for a while now. You can change that by, IIRC, either a single click or few clicks at installation time, at the same time as turning off auto-login and sending roots mail to the named user. Boy do I wish they'd switch defaults for those two as well. Regards, David Bolt -- Team Acorn: www.distributed.net openSUSE 11.0 32b | | | openSUSE 11.3RC1 32b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11
From: David Bolt on 29 Jun 2010 19:09 On Tuesday 29 Jun 2010 23:46, while playing with a tin of spray paint, mjt painted this mural: <snip> No worries about it. It's sparked a bit of a debate, and some thread drift as well :-) Regards, David Bolt -- Team Acorn: www.distributed.net openSUSE 11.0 32b | | | openSUSE 11.3RC1 32b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11
From: Ulick Magee on 29 Jun 2010 19:20
J G Miller wrote: > ;) > > It is important to note that sourceforge.NET does also host Windoze software > including exe files. Well, yeah, but that's their problem :) > And I am sure you recall the trojan that was planted in a deb file for > a screensaver package at Gnome-Look.org. That certainly wasn't the first time, either. Didn't someone try to sneak something nasty into the kernel, once, but failed? (I'm not referring to Android :D :D :D ) The biggest problem I have with closed source isn't free-software ideological as such, but that it's so much harder to keep the ####ers honest. I run a few closed source things but only from vendors with a long track record of trustworthiness (I make a big exception to that for Adobe :( but keep Flash disabled in my browser 99.9% of the time, and blacklist Acrobat Reader) and in fact my preferred browser is Opera. In the end it's up to every admin (if you have the root password for your home PC, congratulations, you're an admin) to take responsibility for what they do. When you install something you are placing trust in it so that trust better be justified. Unix has had 40 years of undergraduate students trying to do things they shouldn't on their university account. That toughened it up a lot... and Linux got a lot of benefit from the 'Unix Way' :) but once you have root, legitimately or otherwise, you can do whatever you want, including making incredibly dumb decisions. -- Ulick Magee Free software and free formats for free information for free people. Open Office for Windows/OSX/Linux: http://www.openoffice.org openSUSE Linux: http://en.opensuse.org |