From owner-freebsd-chat Mon Oct 16 13:26:46 2000 Delivered-To: freebsd-chat@freebsd.org Received: from smtp.nwlink.com (smtp.nwlink.com [209.20.130.57]) by hub.freebsd.org (Postfix) with ESMTP id 3F1D937B66E for ; Mon, 16 Oct 2000 13:26:44 -0700 (PDT) Received: from utah (jcwells@utah.nwlink.com [209.20.130.41]) by smtp.nwlink.com (8.9.3/8.9.1) with SMTP id NAA04557; Mon, 16 Oct 2000 13:26:27 -0700 (PDT) Date: Mon, 16 Oct 2000 13:39:44 -0700 (PDT) From: "Jason C. Wells" X-Sender: jcwells@utah To: Kris Kirby Cc: freebsd-chat@FreeBSD.ORG Subject: Re: Traditional UN*X conventions (Or: Why not to login as root?) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 15 Oct 2000, Kris Kirby wrote: > Lately I find myself pondering why or why not one is supposed to leave the > root account alone altogether, instead su(do)ing as necessary to > perform various tasks. Is there a series of texts out there that states > this and other traditional measures taken (perhaps with a historical or > logically documented process in regards to tracking break-ins)? Let's consider the following typo: # cd / # rm -rf /tmp/ * Which the user intended to be: # cd / # rm -rf /tmp/* If you are in fact root, then you are in fact very, very screwed if you issue the typo. In this case, not being root will save you from removing every last file on every mounted disc. Not using root is a commonly held wisdom. This tidbit is in lots of different references. A real good book for many tidbits of wisdom is "Essential System Administration." Thank you, Jason C. Wells To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message