Eben King wrote:
> On Sat, 9 Oct 2004, Bob Stia wrote:
>>Second question: Rather than continually switch from user to root I made
>>myself (who is really root) a member of the "root group" Is there some
>>unknown unforeseen security danger in this strategy?
>
>
> I don't know what "root group" does or is, but if it makes it possible for
> you to run processes without a root password that previously required a
> root password, then it does the same thing for buggy programs. Whereas
> before, they'd be stymied by the root pw and unable to execute their
> mischief, now they'd be able to do whatever.
>
Those of you more 'nix knowledgeable than I am, correct me if I'm wrong:
Giving your non-root user account the same privileges (or much the same,
at any rate) as the root user is a security risk for pretty much the
same reason using sudo is a security risk, but worse. It also pretty
much negates every reason for having a separate root account.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:27:29 EDT