OSNews

"That can't possibly be standard operating procedure
for RHEL administration, can it?"

Why not? There's nothing wrong with using root when you are administrating a machine. That's the whole point of having a root account in the first place.

<em>Why not? There's nothing wrong with using root when you are administrating a machine. That's the whole point of having a root account in the first place.</em>
<p>
Can you please print that up on a nametag or something and stick it on your shirt? I'd like to see you coming so I can keep you the hell away from my boxes. You don't run the entire desktop as root. You escalate privs for a certain program using sudo or similar.

It is generally regarded that running the desktop environment (which is rather a lot of code) with escelated priviledges is bad form. Much better to run it as a user and only give priviledges to the shell or whatever within which you are going to perform the root operations (via su, sudo, gksu, sux, or whatever).

That PC is NOT running as root!
If you have used real RH, then you will know that to run up2date you need the root password.
Any operation requiring root password puts the key symbol, and normally gives you 5 minutes of authentication so that you do not need to retype your password.
hope it helps

Then why does the home directory icon on the desktop say "root's home"?

My appologies, my poor sight cant read that fuzzy charcters!

on observing closely I do see it!

I would agree, definetl not good practice, since it seems the review by implication was written as root?

that is indeed true.
The user in those screenshots is not running as root.
They have used RedHat's graphical su to gain privileges to install updates.
Wheter having the system pop up boxes asking for the root password is a good idea or not is questionable.

I much prefer the console version of su or sudo.
I type su or sudo because I know that I'm going to need root privileges. Instead of the system deciding that I'm going to need root privileges to perform an action.

I can see this style of system becaming a giant security issue on desktop linux.

If users are silly enough to still run random attachments to their emails, then they are silly enough to give to root password to any program that asks.

- Jesse McNelis

I'd imagine it's Red Hat developers working on this, not system or network administrators. And what, you're going to tell me Linux developers never need admin? Besides, who's to say this isn't something running under xen, or qemu, or the like. And take it from me, one of the more paranoid guys out there when it comes to security, simply logging on as root isn't really all that big of deal if you know what you're doing.

A bit of search and here

https://rhn.redhat.com/help/reference/ch-unix-support-guide.html

Thanks, similar to the wadminep command in Tivoli. And the solaris2mpm is also very interesting.

"Yeah, because BSD developed the majority of the security paradigims in seLinux and did not just copy them."

Don't be a dumbass. All of the security technologies were derived from work done by a corporation (Secure Computing Corp IIRC, with the assistance of the NSA), and *not* Linux developers. That work in turn, was based on University work on an OS called Flask, that is very distantly derived from BSD.

The BSD heritage is not my point, but rather that niether Linux, nor it's developers developed any of those SELinux technologies. None. Zip and zilch. Nadda.

Linux (perhaps in the form of Fedora Core) might very well be the first to get this technology to the masses, but that is another point entirely, and not the one you were trying to make.

You sir, are an uninformed troll.

And let's not forget that both FreeBSD and Darwin have the "TrustedBSD MAC Framework, which is technilogically equivelant to SELinux/LSM, has the ability to load "SEBSD" (a port of the SELinux LSM module), and was designed as such from the get go (whereas SELinux and LSM both started off as independant projects).

Also, you can load several different MAC modules in FreeBSD at the same time unlike with the current Linux kernel's framework.

"Don't be a dumbass. All of the security technologies were derived from work done by a corporation (Secure Computing Corp IIRC, with the assistance of the NSA), and *not* Linux developers. That work in turn, was based on University work on an OS called Flask, that is very distantly derived from BSD."

If the work is done for Linux and delivered on Linux how are they not Linux developers? Linux development isn't done as part of an exclusive club, it has contributions from many different people. That's the advantage of its openness as opposed to a more closed development model.

Working for Red Hat doesnt mean you know where every guide on every product is. Besides I was pointing out that it only takes sometime to search for the information if you wanted it

''Red Hat developers are top-notch. I'm impressed by the Fedora Core product. Features such as SELinux, Exec-Shield, and Xen are unique and appreciated.''

Indeed they are - but be clear who developed them. Also the Xen support in FC4 is little more than a joke at present, unfortunately, as a result of the desire to track the unstable branch.

"I'm just a lowly home user and not even in the IT industry and I use root frequently and have never had a problem."

Lowly indeed. I seriously doubt that you've any real idea if your frequent use of the root account has lead to a compromise or not. But what do I care? It's you box...

'' Hell, in windows you don't even have to be root to mess up all sorts of stuff.''

Well you sort-of do, it's just that the default user on an XP installation has full priviledges.