Michael Fleming <mfleming@xxxxxxxxxxxxxxxxxxx> writes: > With the likes of sudo / ConsoleKit / console-helper et. al you should > never, ever need to run an extended session as root. Your day-to-day > work can be done perfectly well as a standard non-privileged user, the > applications that *need* root, especially in X, are hooked into > consolehelper/ConsoleKit anyway and will prompt you for the root > password in any case (when run as a regular user) That doesn't mean it's more secure that directly logging as root using e.g. ssh, tty or xterm. I won't argue about X "desktop". A non-privileged account ceases to be non-privileged when you use it to become root. It may save you from incidental rm -rf /, but it creates a false feeling that the "non-privileged" account doesn't need the same level of protection as the root account needs. From a security standpoint, it's thus usually less secure that using root directly. Obviously one shouldn't use root account for non-admin tasks, sure. But it has nothing to do with security. If one has to perform many root tasks, there is nothing wrong in doing it in "an extended root session". Having to type root password many times may only create an additional opportunity for a compromise. > As a systems administrator I applaud this idea, as it stops people from > shooting themselves in the foot That may be true. The same can probably be said about alias rm='rm -i' and so on. This is not security, however. -- Krzysztof Halasa -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
