On Thu, Sep 04, 2008 at 07:55:09AM +0200, Krist van Besien wrote: > On Wed, Sep 3, 2008 at 18:12, Joseph S D Yao <jsdy@xxxxxxx> wrote: > > > Doing everything as root is just plain bad security. Plan around it. > > That is why sudo is so convenient. I never meant that you would need > to do everything as root, only that you needed to be able to do things > as root. I almost never do a su - root, and use sudo almost whenever I > need root powers. > > I keep my config files writable only by root, and use sudoedit to edit > them. I use sudo apachectl to restart apache etc... Sudo without "-u ..." is root. Plan how to do without it. Does it matter whether you say: $ su # cd / # ls tmp/"temp files "* # rm -rf tmp/"temp files" * or $ cd / $ ls tmp/"temp files "* $ sudo rm -rf tmp/"temp files" * ? Either way, you're history. Have your files owned by a system account and readable by the Web server account, and 'su' or 'sudo' to that account to RCS control and edit them. Then again, this may be a level of effort too great for casual Web sites that can be easily reconstructed by hand, and where it doesn't really matter if it is off the Web for a while. For such personal-use systems, doing everything as "root" is fine, since the only one upset with you if you make such a mistake, will be you. ;-) -- /*********************************************************************\ ** ** Joe Yao jsdy@xxxxxxx - Joseph S. D. Yao ** \*********************************************************************/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|