|
|
10.3: Make Palm HotSync work in Panther
I'm continually amazed by how many alleged tips or hints include the phrase "log in as root."
10.3: Make Palm HotSync work in Panther
Before OS X every Mac user had the equivalent of root access to their computers. And yet somehow...their computers didn't explode on a dialy basis. Why are some of you so paranoidly frightened of root?
No, you probably don't need to be logged in as root very often, but saying "You should never log on as root." as if it's the end of the world is just plain silly.
10.3: Make Palm HotSync work in Panther
Sorry, no, foobar is right -- the burden of proof is on those who would advocate using the root account to justify why this makes any sense -- EVER.
10.3: Make Palm HotSync work in Panther
I am a firm believer in the tennant that everyone is a master of their own machine. If a certain fix seems to work when logging in as root, then I'm going to publish it. Notice that I did not explain how to login as root, how to enable the root password, or any of that other stuff. If one has figured that out for themselves already (yes, it's all documented here), then they're perfectly capable of deciding whether they want to risk a root login to fix their problem or not.
Logging in as root isn't good. And with apps like Pseudo, it may not even be required. But my job here is to try to document ways of doing stuff in OS X, and this particular example denotes a solution that requires logging in as root. So I chose to publish it, and I think I will always make such decisions. Maybe I'll just start adding an obligatory root tag line: "Logging in as root can be dangerous and many people claim it's never necessary. Procced at your own risk, assuming you've already figured out how to enable root." -rob.
10.3: Make Palm HotSync work in Panther
If a certain fix seems to work when logging in as root, then I'm going to publish it.
That's not the greatest selection criteria in the world, I think. The question ought to be not whether a given root-related hint works or not. It should be whether it's necessary or not. Because as soon as you tell somebody to enable the root account on his computer, you're giving him the gun and the bullets. When you tell him to log in as root, you're pointing the gun at his foot and putting his finger on the trigger. One wrong twitch and it's all over. Hints involving logging in as the root user should, in my unsolicited opinion, only be published when there is no other option. And I, personally, have never encountered a situation where there was no other option but to log in as root. Especially in this case; I installed Panther, then Palm Desktop (from the Palm website; whichever version is currently available), then the Palm iSync conduit, and had absolutely no problems. It works perfectly. So it's obvious that root access is not required.
10.3: Make Palm HotSync work in Panther
Hey!
10.3: Make Palm HotSync work in Panther
Hints involving logging in as the root user should, in my unsolicited opinion, only be published when there is no other option. And I, personally, have never encountered a situation where there was no other option but to log in as root. Especially in this case; I installed Panther, then Palm Desktop (from the Palm website; whichever version is currently available), then the Palm iSync conduit, and had absolutely no problems. It works perfectly. So it's obvious that root access is not required. For you. I installed Panther (clean install), downloaded the Palm installer, and it won't install, complaining that "access was denied" (how War Games!). Sounds a lot like a permissions problem to me. Just because you didn't have a problem doesn't mean that no one is having it. And probably until Palm fixes their installer, the only way I'll be able to install is by installing as root. Besides, there's no security difference between logging in as root to install something, and typing in your administrator password when an installer asks for it. Both mechanisms grant the installer root-level access. Do you never type your administrator password?
10.3: Make Palm HotSync work in Panther
I am a firm believer in the tennant that everyone is a master of their own machine. Sure, I'm not arguing against that. But just because it's possible to turn off the safety net that a disabled root account gives you doesn't mean it's wise to do so, even if you're a very competent admin of your own machine. The account is disabled as a safety mechanism -- protecting you from yourself, protecting you from malicious intruders, and protecting the world from misconfigured systems. Sometimes, things you want to do require escalated priviliges, but circumventing the protections on root is not the responsible way to acquire those priviliges. Think of the root account like a lockbox or safe -- the box and its contents are yours, but that doesn't mean it makes sense to leave it open all the time. If a certain fix seems to work when logging in as root, then I'm going to publish it. And that is what seems irresponsible to me. In every case I've read where a tip on this site tells the user to log in as root, it's almost always safer, easier, and even faster to do the same thing with sudo or Pseudo. I'm not saying not to publish the hints -- they're a great resource! But I am saying that, as a responsible editor, the responsible thing to do would be to edit them. If the hint submitter suggests using root without justifying it, consider having the submitter rewrite the hint using sudo or Pseudo. If the submitter can't or won't make the change, consider doing it yourself. But please, please please don't run sloppy advice like this -- it dilutes the quality of the site for those who have been burned by such advice in the past. Notice that I did not explain how to login as root, how to enable the root password, or any of that other stuff. If one has figured that out for themselves already (yes, it's all documented here), then they're perfectly capable of deciding whether they want to risk a root login to fix their problem or not. This is where I disagree most strenuously. Advice about how to enable the root account gets passed around so much out of what seems to be nothing more than ignorance about better, safer ways to do things. Just because someone figured out how to turn on root does not mean they know what they're doing -- chances aren't bad that they're just cargo culting a bad habit they picked up from some HOWTO site that also didn't know any better. I know how to pop my car's hood. I do not know how to change the transmission. That doesn't mean that I couldn't learn, or that I might not have a good reason to have to try it some day, but just because I might, someday need to be able to rebuild my transmission does not mean that it makes any sense for me to leave the hood off all the time just in case I feel like poking around at some future date. For that matter, it seems like skilled mechanics also leave their cars' hoods closed most of the time. Curious, eh? Logging in as root isn't good. And with apps like Pseudo, it may not even be required. But my job here is to try to document ways of doing stuff in OS X, and this particular example denotes a solution that requires logging in as root. But that's the thing -- did the essential quality of this hint depend on the user turning off the safety check of the disabled root account, or was there some safer way to do this? Clearly, there were other, better, ways to do it. Running bad advice can be almost as bad as running no advice at all. Maybe I'll just start adding an obligatory root tag line: "Logging in as root can be dangerous and many people claim it's never necessary. Procced at your own risk, assuming you've already figured out how to enable root." That would be a fair start, but as I say above, an even better approach would be to actively discourage hint submitters from advocating such behavior. Like I say, almost every hint I've seen that suggested using root could easily be rewritten in such a way that the same task can be accomplished without putting the user's system security at such risk. Like I said in my earlier post, the burden of proof should be on anyone advocating such unrestricted use of the root account. Such legit uses may exist, but I can't think of any, and I've been a sysadmin for a while now. With such easy & safe options as sudo and Pseudo, I have a hard time seeing why people keep advocating the much riskier, much more archaic alternative of an unrestricted root account. ---- My I wrote a lot, didn't I? Well I hope this comes across as constructive, and not just pedantic -- I really do think that the site would be a stronger resource if this kind of irresponsible advice didn't keep getting casually tossed around, and I hope you see how easy it could be to clean up the situation a bit. Please consider it -- thanks. ---
10.3: Make Palm HotSync work in Panther
Constructive tone noted and understood (and after three years, I've learned to take nothing personally! :-). Given the realities of time management and hint submissions, getting authors to re-write their submissions, and explaining why, is simply not feasible. Similarly, I dislike changing what others have written (beyond correcting grammar, spelling, and formatting), so I'm not inclined to change it myself.
10.3: Make Palm HotSync work in Panther
This is a myth, and a limiting and potentially dangerous one at that. There are no inherent problems with logging in as root in terms of system stability or security. The practice of not logging in as root developed as a way to protect systems with multiple administrators: the dangers are that someone will forget that they are logged in as root and accidentally do some damage, or that in an environment where the system is being constantly customized and extended that some program run from root will have unexpected consequences--probably due to a bad relative path--and hose the system. root functionality, however, is vital to system administration. And I don't mean just giving programs an administrator password to install software, I mean really going in once in a while and poking around to make sure everything looks right. On traditional UNIX systems, sudo and su provide this functionality for administrators, but permissions in Aqua don't work in traditional ways, so for a normal user to effectively administer and secure his/her system, he/she needs to occasionally log in as root. And if it is a simple way to handle or avoid permissions issues, why not? It's really no different that using sudo to launch a graphical installer in other Unices, expcept that OS X doesn't really allow users to run programs as other users effectively in the Finder.
10.3: Make Palm HotSync work in Panther
I consider myself to be a knowledgeable UNIX system administrator. I've been doing it for over a decade now, and I've seen a lot of things. I can find my way around in the dark, as it were.
10.3: Make Palm HotSync work in Panther
The exact same thing would have happened if you had typed:
which is what the "anti-root faction" ;) is advocating. The fact is that you wanted to change the ownership of a directory tree owned by root. The only way to do that is by somehow getting root-level access, whether through logging in as root, su'ing to root, or using sudo. They all carry exactly the same risk.
10.3: Make Palm HotSync work in Panther
True-ish, but there's always the handy "please enter your password" breaker to let you think and go "uh-oh" ;)
10.3: Using Root to make Palm HotSync work in Panther
Personally I have never had to log in as root. Of course, I haven't upgraded to Panther yet either, and I am holding off until other good folks have blazed a path for me that is completely "root free".
10.3: Make Palm HotSync work in Panther
Thou shalt not log in as root? |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.15 seconds |
|