Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!surfnet.nl!news.unisource.nl!xs4all!newsgate.cistron.nl!news.iac.net!news.kudra.com!tabby.kudra.com!robert
From: robert@tabby.kudra.com (Robert Sexton)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: make a user root
Date: 29 Jan 1997 03:39:09 GMT
Organization: Kudra.Com Web Services
Lines: 54
Message-ID: <5cmgot$fap$1@tabby.kudra.com>
References: <ttt5-2801972101520001@help.schap.rhno.columbia.edu>
NNTP-Posting-Host: localhost.kudra.com
X-Newsreader: TIN [version 1.2 PL2]
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:34682
Tim Trampedach (ttt5@columbia.edu) wrote:
: Hello all!
: I will soon be getting a Pentium machine to run FreeBSD on and I was
: wondering if it is possible to make a user root in the sense that there
: are no differences when logging in between the two. Since it will mainly
: be a single-user machine, but will have some accounts on (for limited
: access), I want to be able to perform all my system administration on that
: machine when logged in as myself, yet not have root as my eMail address.
This is not really a good idea. (And yes, it can be done). The
primary reason is that you don't need root priveleges to do most
of the grunt work of SA. In fact, it's much easier to make some
sort of regrettable screwup when working as root. For multi-user
machines (Multi-human, that is), running as root destroys any useful
accounting trail. Thats why you often want root, news, etc to not
accept network logins. I only su when Installing software, or
killing/restarting system facilities. That way it requires a
deliberate action on your part before your can make a major mistake.
I speak from experience here!
In my professional capacity, I've run into system where users used the
root login as a user login, and it pretty much destroys the systems'
ability to protect itself from your stupidity. It also leaves the
system littered with root-owned files, which are a major PITA when
you are not root, and you can't edit your resume, etc.
Recent example (I saw somebody who knows better toast one this way)
<Starting in />
# cd /var/thingie/spam
/var/thingie/spam: not found
- At this point we are not paying good attention :-(
# rm -r *
!Oh Shit..
We all Make mistakes.
I'll list some alternatives to doing this, all of which help.
1. If you use a system console, leave a window open as root.
switch windows only when you need to do root stuff.
2. sudo
3. Add groups that cover subsystems/daemons/etc. I good example is a
webserver. Make a www-admin group, and make config files writeable by
that group. Then add yourself. This also makes it possible to add
priveleges to other people. Another good example is inn, which can be
completely managed by someone in group news.
4. Get used to su-ing. Its not much of an imposition.
Actually when you get your groups and sudo stuff set up, its much
cooler than running around as root.
--
Robert Sexton, robert@kudra.com
If quality were genuinely the issue, members of the New York Philharmonic
would be millionaires and Billy Ray Cyrus wouldn't. - Ben Rothke