What happens to root then? [LWN.net]

What happens to root then?

Posted Jun 26, 2003 13:36 UTC (Thu) by GreyWizard (guest, #1026)
In reply to: running as root is inherently wrong by ballombe
Parent article: Lindows.com - Friend or Foe?

Who *does* get the root password in that case? Or should the installation be unable to do anything not in the original specification? As long as a user can log in with no passphrase and install packages, they are effectively running as root. For example, a virus would simply install a small package (possibly downloaded from somewhere) containing malicious code and invoke it rather than doing harm directly.

On the other hand, this might still protect against accidental damage (dragging /usr to the trash...).

to post comments

What happens to root then?

Posted Jun 26, 2003 16:31 UTC (Thu) by iabervon (subscriber, #722) [Link] (1 responses)

Nobody gets the root password. Being root (if necessary at all) requires a shell started by init on the console. That's how I have my home desktop machine set up: no passwords, physical access is necessary and sufficient for everything (except ssh identity, of course, which is protected on disk with a passphrase). The root password is untypable, but there are root shells started automatically on virtual consoles. So root access is protected by requiring the actual keyboard. If I were setting this up for distribution, I'd also make the root account inconvenient for running non-maintenence programs (e.g., remove /usr/X11R6/bin from root's path).

In most desktop situations, it's impossible and unnecessary to secure the system against people with physical access, and vital to secure it against remote attackers; but it's also unnecessary to permit remote users at all and inconvenient to support them usefully anyway (Mom hangs up the modem and turns off the computer when she's done).

It would be interesting to design an package management tool which could be run on a virtual console out of init in a way that end users could handle easily.

What happens to root then?

Posted Jul 9, 2003 16:09 UTC (Wed) by maphew (guest, #1147) [Link]

I'm intrigued, where can I find info on how to setup a linux computer in the manner you describe?

What happens to root then?

Posted Jun 26, 2003 18:35 UTC (Thu) by ballombe (subscriber, #9523) [Link]

Just make a suid wrapper to apt-get with source.list pointing to LindowsOS and Debian. This will allow non-root users to install packages but only from reputable sources.