Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.3: Make Palm HotSync work in Panther' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Make Palm HotSync work in Panther
Authored by: daggerquill on Nov 04, '03 10:27:22AM

This is a myth, and a limiting and potentially dangerous one at that. There are no inherent problems with logging in as root in terms of system stability or security. The practice of not logging in as root developed as a way to protect systems with multiple administrators: the dangers are that someone will forget that they are logged in as root and accidentally do some damage, or that in an environment where the system is being constantly customized and extended that some program run from root will have unexpected consequences--probably due to a bad relative path--and hose the system. root functionality, however, is vital to system administration. And I don't mean just giving programs an administrator password to install software, I mean really going in once in a while and poking around to make sure everything looks right. On traditional UNIX systems, sudo and su provide this functionality for administrators, but permissions in Aqua don't work in traditional ways, so for a normal user to effectively administer and secure his/her system, he/she needs to occasionally log in as root. And if it is a simple way to handle or avoid permissions issues, why not? It's really no different that using sudo to launch a graphical installer in other Unices, expcept that OS X doesn't really allow users to run programs as other users effectively in the Finder.

As long as useres understand that they shouldn't be using it as a normal account to check mail, read macosxhints, etc., it is a useful and necessary tool. Would I prefer that there be other other ways of doing things? Sure, and PSuedo may be part of that way, but only part. Until Apple truly incorporates that functionality as part of the system itself, people are going to need to use the root account if the are unwilling or unable to learn the cli. OS X isn't UNIX. It's not BSD; it's BSD-based, and some of the old truisms just don't apply.

---
Always remember: pillage *before* you burn



[ Reply to This | # ]
10.3: Make Palm HotSync work in Panther
Authored by: foobar104 on Nov 04, '03 03:05:52PM

I consider myself to be a knowledgeable UNIX system administrator. I've been doing it for over a decade now, and I've seen a lot of things. I can find my way around in the dark, as it were.

I never, ever, EVER log in as root. Why? Because one time, just one time, I screwed myself.

I had a tar file in my home directory. I un-tarred it only to find that the resulting directory and all the files in it were owned by somebody else. No problem, I thought to myself. I'll just change the ownership on the directory.

I changed directories into the directory in question:

% cd foo

I became the superuser.

% su
Password:

I recursively changed ownership of the directory.

# chown -R me.mygroup .

At least, that's what I meant to do. Have you ever noticed that the dot and the slash are right next to each other on the QWERTY keyboard? That's right, kiddies, I typed, as root, the following magical incantation:

# chown -R me.mygroup /

The computer dutifully obeyed--I was root, after all, so it was assumed that I knew what I was doing. It started at the top of the filesystem and began changing the ownership of all the files on the computer. One by one. In alphabetical order, depth first.

It had already made it all the way through /bin by the time I slammed the interrupt key.

That was the day I learned that the computer I was using couldn't boot, not even into single-user mode, if the Bourne shell executive wasn't owned by root. Because /bin/sh was owned by me, not by root, I couldn't do ANYTHING. I couldn't even run any shell commands because the computer was unable to fork due to the permissions problem.

The only solution was to reinstall my OS.

All because of a typo.

Tell me again how, "There are no inherent problems with logging in as root in terms of system stability or security."



[ Reply to This | # ]
10.3: Make Palm HotSync work in Panther
Authored by: huzzam on Nov 06, '03 06:40:38PM

The exact same thing would have happened if you had typed:

$ sudo chown -R me.mygroup /

which is what the "anti-root faction" ;) is advocating. The fact is that you wanted to change the ownership of a directory tree owned by root. The only way to do that is by somehow getting root-level access, whether through logging in as root, su'ing to root, or using sudo. They all carry exactly the same risk.



[ Reply to This | # ]
10.3: Make Palm HotSync work in Panther
Authored by: JayBee on Nov 07, '03 11:29:01PM

True-ish, but there's always the handy "please enter your password" breaker to let you think and go "uh-oh" ;)



[ Reply to This | # ]