[ale] Running stuff as root == bad, was Re: FC13 question

Greg Freemyer greg.freemyer at gmail.com
Sun Aug 1 08:22:00 EDT 2010


kdesu works in kde.

I use it from time to time.

Greg

On 7/31/10, Richard Bronosky <Richard at bronosky.com> wrote:
> While I agree with the sentiments of this message, the subject is just
> plain wrong. Running *stuff* as root *is not* bad. Running
> *everything* as root *is* bad. That is exactly what happens when you
> log into GUI [display manager|window manager|desktop
> environment|whatever] (I don't know anything about the X.org stack. I
> don't use GUIs) you run *everything* as yourself. You don't want that
> _yourself_ to be root. I could have sworn that back when I was doing
> MythTV I used xfce or rat poison and I used a utility called Xsudo,
> sudoX, or GnomeSudo. That was good for running the occational app as
> sudo. I found that MythTV being graphical by nature forced me to do
> this.
>
>
> On 7/30/10, scott mcbrien <smcbrien at gmail.com> wrote:
>> One of the big problems with other OS'es is that users log in as an
>> account with administrative privileges.  On those OS'es, when an
>> application, being run by the user, runs amok (perhaps a web browser
>> executing badness from flash or java script?), that application runs
>> amok with administrative rights.  So when the application tries to
>> mangle system files, libraries, etc. it can because administrators
>> could also modify said files. That's one example of why you don't want
>> to log in as root, but there are many more, mostly because desktop
>> environments like gnome run many many many processes and helper
>> applications each of which, when logged in as root, is given full
>> administrative permission to do whatever they want on a system.
>>
>> -Scott
>>
>> On Fri, Jul 30, 2010 at 7:05 PM, William Fragakis <william at fragakis.com>
>> wrote:
>>> Nautilus, for one ;-)
>>>
>>> GParted can do some interesting things, too, I'd gather but I've never
>>> tried (to do "interesting things"). Gedit can make your day exciting as
>>> well. Personally, I can easily do as much damage from the CLI if not
>>> more.
>>>
>>> I do find it easy sometimes to actually have a root Desktop although, on
>>> this esteemed list, I'm probably in a distinct minority.
>>>
>>> If something bad happens, I was never here.
>>> regards,
>>> William
>>>
>>> On Fri, 2010-07-30 at 18:49 -0400, Drifter wrote:
>>>> Thanks, this seems to work.
>>>> But you have to admire the warning label that pops up before the GUI
>>>> actually appears on the screen:
>>>>
>>>> "You are currently trying to run as Root super user. The superuser is a
>>>> specialized account that is not designed to run a normal user session.
>>>> Various programs will not function properly and actions performed under
>>>> this account can cause unrecoverable damage to the operating system."
>>>>
>>>> No hint, of course, as to what sorts of programs can cause the damage.
>>>>
>>>> Sean
>>>>
>>>> On Friday, July 30, 2010 06:13:33 pm William Fragakis wrote:
>>>> > http://blog.ask4itsolutions.com/2010/04/23/login-as-a-root-from-gui-fed
>>>> > ora-13/
>>>> >
>>>> > Did this a couple of days ago.
>>>> >
>>>> > Use at your own risk, owner assumes all liabilites, etc. etc.
>>>> >
>>>> > On Fri, 2010-07-30 at 17:32 -0400, Drifter wrote:
>>>> > > There are times when I need to to things as root that are -- for me
>>>> > > -- much easier to do using the GUI aps rather than the command line.
>>>> > > Years ago on a Red Hat install, root actually had a directory in
>>>> > > /home and I could log into the system as root and have the GUI.
>>>> > >
>>>> > > This FC13 install doesn't provide that feature. I can create, as
>>>> > > root, a directory in /home. That's easy enough.  But what do I have
>>>> > > to do so that I can log in as root directly just as I log into my
>>>> > > regular user account? If I try to log in as root now, the system
>>>> > > just laughs at me.
>>>> > >
>>>> > > Clearly I am missing several steps in the process.
>>>> > >
>>>> > > Sean
>>>> > > _______________________________________________
>>>> > > Ale mailing list
>>>> > > Ale at ale.org
>>>> > > http://mail.ale.org/mailman/listinfo/ale
>>>> > > See JOBS, ANNOUNCE and SCHOOLS lists at
>>>> > > http://mail.ale.org/mailman/listinfo
>>>> >
>>>> > _______________________________________________
>>>> > Ale mailing list
>>>> > Ale at ale.org
>>>> > http://mail.ale.org/mailman/listinfo/ale
>>>> > See JOBS, ANNOUNCE and SCHOOLS lists at
>>>> > http://mail.ale.org/mailman/listinfo
>>>> _______________________________________________
>>>> Ale mailing list
>>>> Ale at ale.org
>>>> http://mail.ale.org/mailman/listinfo/ale
>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>> http://mail.ale.org/mailman/listinfo
>>>
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
> --
> Sent from my mobile device
>
> .!# RichardBronosky #!.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

-- 
Sent from my mobile device

Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -
   http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com



More information about the Ale mailing list