Re: question about Linux boxes only running as root

[The Natural Philosopher]

The Doctor wrote:
> Right I got a customer who is only running one account, namely root
> and 1 app. I suspect this person is opening himself to trouble.
>
> yes/no?
well its a risk yu dont need to take.

Youy can configure IIRC a no password user login, and put that user in
the root group so privileges needed for admin are granted automatically,
and still run as an unprivileged user..

[The Natural Philosopher]

Douglas Mayne wrote:
> On Fri, 06 Nov 2009 12:38:02 +0000, The Natural Philosopher wrote:
>
>> Maxwell Lol wrote:

>>> Sounds like a very bad idea to me to perenantly grant IIRC privileges
>>> this way.. a Setgid mechanism, which drops these privilegdes once the
>>> network channels are established would be better.
>> well its not secure from the keyboard, but it is secure from perversion
>> of user processes.
>>
>> I.e. here I run as me, but I don't have to enter any passwords to e.g.
>> run the package manager.
>>
>> And if I want a root shell, I can get it instantly, but its very much
>> obviously a root shell.
>>
>> For me, that's great., No irritating second password barrier to becoming
>> an admin, but its clear when I am admin.
>>
>> And it means that my normal user stuff..editors, mail and browsers, cant
>> stamp on the whole filesystem including config files, by mistake. Or by
>> externally induced abuse.
>>
>> For me, thats teh best compromise.
>>
>> YMMV. there is no perfect security, there is always a tradeoff between
>> security and hassle in unlocking the doors.
>>
>> What I was trying to convey, is that to achieve a good level of security
>> against net attacks, whilst making admin relatively painless, is no
>> extra effort than running all the time as root.
>>
>> That is, the only advantage to running as root, is instant access to
>> admin. But you can essentially have that anyway, with less risk of
>> accidental trashing. So there is no real reason to run as root that I
>> can see.
>>
> I use sudo instead. This doesn't introduce a console vulnerability. sudo's
> configuration file includes options to give access with or without a
> password, and to specific commands or all commands. With the most non-
> restrictive options you can get to root very quickly:
>
> $ sudo -i
> root@somebox:~#
>
> Be careful as root, then exit out of the shell when operations that
> require elevated privilege are complete.
>
essentially that's what my root console does. There is just no password
challenge.

That's a security hazard I am willing to accept for the convenience. I
don't recommend it, I just state that's my considered preference.

I have another machine that is set up to always ask for a master
password every time I do anything remotely admin. It gets on my tits.