Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Adding Users?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
swingarm
l33t
l33t


Joined: 08 Jun 2002
Posts: 627
Location: Northern Colorado

PostPosted: Thu Nov 14, 2002 6:45 am    Post subject: Adding Users? Reply with quote

I am in a situation where I'm installing Gentoo on my Laptop and I wanted to ask a question, if I'm the only one who will ever be using my Laptop is there a good reason why I need to add a user? The only reason I could think of is security over the network, if someone gets into my computer as a user then the damage would be alot less severe. Is there any more reasons other than that?

Kent
Back to top
View user's profile Send private message
chh
Tux's lil' helper
Tux's lil' helper


Joined: 16 May 2002
Posts: 131
Location: Germany

PostPosted: Thu Nov 14, 2002 7:52 am    Post subject: Re: Adding Users? Reply with quote

swingarm wrote:
I am in a situation where I'm installing Gentoo on my Laptop and I wanted to ask a question, if I'm the only one who will ever be using my Laptop is there a good reason why I need to add a user? The only reason I could think of is security over the network, if someone gets into my computer as a user then the damage would be alot less severe. Is there any more reasons other than that?

Kent


Rule 1: Never ever work as root
Rule 2: If you think it is necessary to do something as root, think again.
Rule 3: If you are absolutely sure you have to do it as root use su or log in on a virtual console as root. Do what has to be done and then log out.

You can damage lots of things as root (especially in a GUI) too easily to take the risk. As a user you are quite safe to at least not risking the whole OS.
Of course there are the other known risks of others doing harm...

Chris
Back to top
View user's profile Send private message
swingarm
l33t
l33t


Joined: 08 Jun 2002
Posts: 627
Location: Northern Colorado

PostPosted: Thu Nov 14, 2002 8:11 am    Post subject: Reply with quote

When I have to emerge an application I have to do it as root, is there a way around this? If I want to reboot, halt, or logout I have to change permissions on those files in /sbin, is that the normal way to do it?
Back to top
View user's profile Send private message
Mnemia
Guru
Guru


Joined: 17 May 2002
Posts: 476

PostPosted: Thu Nov 14, 2002 8:34 am    Post subject: Reply with quote

Use su or login as root to reboot or halt. They are like that for a reason (security). You certainly don't have to change any permissions anywhere to be able to log out. You have to login as root or use su to emerge as well, because it alters files that are owned by root for their protection. There is no way around this and you don't really want there to be.

You should never ever be running anything as root that doesn't have to be. The user/group/world permission scheme in Unix is worthless if you don't have a user, and running as root you lose all the benefits like protection from viruses, hacking, your own mistakes....
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia

PostPosted: Thu Nov 14, 2002 8:38 am    Post subject: Reply with quote

Mnemia wrote:
You have to login as root or use su to emerge as well, because it alters files that are owned by root for their protection. There is no way around this and you don't really want there to be.

I know I've beat this dead horse before, but I see no reason why Portage has to do its compiling as root. Installing, OK. But absolutely no reason why it has to compile as root, and no reason why /var/tmp/portage/ things have to be only readable as root. Port debian's fakeroot if you have to, but this is a big pet peeve of mine.
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
jondkent
Apprentice
Apprentice


Joined: 26 Jul 2002
Posts: 289
Location: London

PostPosted: Thu Nov 14, 2002 10:00 am    Post subject: Reply with quote

Then there is always sudo, which means you never (almost) have to su to root (assuming you've set sudo up correctly).

Although I agree that needing to be root to emerge stuff is a bit mad, I tend to run

Code:
sudo emerge [xyz]


so I sorta get around it (its more 'cos I'm lazy that anything else :D)

Jon
Back to top
View user's profile Send private message
Mnemia
Guru
Guru


Joined: 17 May 2002
Posts: 476

PostPosted: Thu Nov 14, 2002 10:38 am    Post subject: Reply with quote

yeah, I know that you don't really have to compile as root. I just haven't bothered with doing it the other (arguably safer) way. I haven't had the need for the heavier security/safety on my laptop, which I always use from behind a firewall, but for a server it would definitely be smarter to compile as a user and only do the install as root.

It'll be cool if they get some heavier security built directly into Portage. I've seen that they are working on it in Bugzilla. The package signatures thing is also very very high on my list of things that should go in, mainly because I've been getting more and more nervous about hacked mirrors, etc as the number of rsync mirror servers has increased lately it seems.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum