A secure system has multiple components to it. Permissions are one. Running services are another. Strong passwords. Current patches. Backups. Intrusion detection.
Running as root certainly shouldn't be on your checklist of how to secure your system. However, it probably also wouldn't be at the top of my list. Closing unused services would probably be first, followed by ipchains and iptable configurations.
Lets says you're logged in as a user and someone takes control of your unpatched or unprotected system. What do they have access to, /home/you? If you wipe out my data, but don't touch my apache.conf file, am I happy?
Why do they run as root instead of running Click-and-Run in su mode? I honestly don't know.
However, does this necessarily make it less secure that other boxes running Linux? Does it make it less secure than yours? Remember, its a dangerous misconception the Linux is inherently stable. A mistake not likely to be made by a competant admin, but one that is unfortunately made more than I would like to see. Certainly, Linux is immune to Windows viruses. However, viruses are just one of the threats your computer faces.
So get a security checklist together. Make sure unused services are turned off, check your personal firewall configuration, have your external firewall boot from a CD, make sure you aren't using simple passwords, use shadow passwords, get gpgp, backup regularly, get a UPS, check the signatures of packages before you download them and make sure that you get into a habit of regularly updating your system.
Even with the system running as root, given that its immune to viruses, gets all of its software from a trusted location, and has all of its services turned off and its firewall professionally configured, Lindows doesn't rate the F in security as an entry-level, consumer PC that most people are giving it.
Learn about Linux
Download Linux
Get Linux help
Re:Lindows = Root-ONLY = Bad Thing
Posted by: DCallaghan on July 13, 2002 03:30 AMRunning as root certainly shouldn't be on your checklist of how to secure your system. However, it probably also wouldn't be at the top of my list. Closing unused services would probably be first, followed by ipchains and iptable configurations.
Lets says you're logged in as a user and someone takes control of your unpatched or unprotected system. What do they have access to, /home/you? If you wipe out my data, but don't touch my apache.conf file, am I happy?
Why do they run as root instead of running Click-and-Run in su mode? I honestly don't know.
However, does this necessarily make it less secure that other boxes running Linux? Does it make it less secure than yours? Remember, its a dangerous misconception the Linux is inherently stable. A mistake not likely to be made by a competant admin, but one that is unfortunately made more than I would like to see. Certainly, Linux is immune to Windows viruses. However, viruses are just one of the threats your computer faces.
So get a security checklist together. Make sure unused services are turned off, check your personal firewall configuration, have your external firewall boot from a CD, make sure you aren't using simple passwords, use shadow passwords, get gpgp, backup regularly, get a UPS, check the signatures of packages before you download them and make sure that you get into a habit of regularly updating your system.
Even with the system running as root, given that its immune to viruses, gets all of its software from a trusted location, and has all of its services turned off and its firewall professionally configured, Lindows doesn't rate the F in security as an entry-level, consumer PC that most people are giving it.
#