 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Monday 31 January 2005 16:35, karina.popkova at verizon.net wrote: > I know there is an on-going argument on the > priviledge of using Root. > > If you are a System Admin, you do not > want the User to have Root priviledges. > If you are a Heavy Duty User, you want > access to root, for expediency. > > That argument aside, and assuming security is not > an issue on a small closed network, (yes, I know > that security is always an issue!), > > what are the kinds of things a User can do > if having Root priviledges, that makes his (her) > job (daily life) easier in a Linux environment? Let me start, but we have some experienced sysadmins on this list too. First, all users should use their personal account for normal use, and use root privilege only when needed (on Unix, Linux, OpenVMS, et. al.). I was hired to write a Unix device driver, but the system admin people refused to give me root privs on the machine I was using. After 6 weeks of negotiating, they relented, but then went to corporate security, and because I was a contractor, deemed that there had to be an employee to watch every keystroke I made as root. I had root privs in another location, so we shipped the board down to my location where I had root privileges. In a corporate environment there are several dynamics. First there is the corporate network. The admin people have a responsibility to protect that network. In this case, only authorized people should have privileges on the network. On the local work station there are 2 opposing issues. The first is that the corporate IT people who are responsible for support want to keep these work stations at a known level, and that can also prevent the loading of software that is against company policy. (The installation of pirated version of MS Office, for instance, which is a liability issue). By giving a person root privs, that person has much more flexibility. Note that my systems at work are running SuSE Linux 9.2 Professional with my personally licensed copy of Crossover Office and a corporate licensed copy of MS Office XP. But, if something happens on my system, I am responsible. In both cases, the workstation user my have some corporate assets, such as code, spreadsheets, documents, and other data. The IT people are responsible for some protection of that data. Going back to my war story, the IT people's argument was that it would be easier for me to undermine their network, and that I could change the root password, thus preventing IT from being able to do something on the machine. Both of these are valid points. With root privileges, I can easily run a network sniffer and attack the network from within. The second argument is valid when the IT people want to push an upgrade from a central location (such as a kickstart). So, it comes down to support, security, and data integrity. -- Jerry Feldman <gaf at blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
