From owner-freebsd-questions Tue Sep 3 0:17:54 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F72E37B401 for ; Tue, 3 Sep 2002 00:17:51 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3397943E75 for ; Tue, 3 Sep 2002 00:17:50 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk ([IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.5/8.12.5) with ESMTP id g837HmGk020344; Tue, 3 Sep 2002 08:17:48 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.5/8.12.5/Submit) id g837HhgK020343; Tue, 3 Sep 2002 08:17:43 +0100 (BST) Date: Tue, 3 Sep 2002 08:17:43 +0100 From: Matthew Seaman To: John Chang Cc: FreeBSD LIST Subject: Re: XFree86 Message-ID: <20020903071743.GA20142@happy-idiot-talk.infracaninophi> References: <20020901151838.U37627-100000@earl-grey.cloud9.net> <5.1.0.14.2.20020902185316.0197ca98@j.imap.itd.umich.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.1.0.14.2.20020902185316.0197ca98@j.imap.itd.umich.edu> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Sep 02, 2002 at 06:55:12PM -0400, John Chang wrote: > Is it bad practice (security-wise and performance) to run a GUI like > Xfree86 when doing some administration? Or should everything be done in > command-line and not install it? Thank you In general, best practice is to avoid logging in as root where possible, and certainly not to run complicated desktops or windowing environments as root. The canonical rule is "don't do things as root that you can do as an ordinary unprivileged user". Using 'su' or 'sudo' or 'op' or the like to use root privileges in an xterm is acceptable. Running X applications as root on the local machine is probably OK --- so long as you exercise a bit of common sense about what you run. Running X applications as root on a remote server and displaying locally through the usual X mechanisms is as open to network snooping as, say, a telnet session as root. Not a good idea at all. Always use ssh's X tunnelling feature in this situation. If you have dedicated server machines, it's common practice not to run a local X server, or in many cases not to install X windows at all: why waste precious CPU cycles and disk space away from the server's primary purpose? Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message