Linked by Thom Holwerda on Wed 31st Mar 2010 14:41 UTC
Windows As geeks, we're well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSNews, it's often hard to illustrate just how important it is - until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply... Not running as administrator.
Thread beginning with comment 416239
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Not entirely...
by TemporalBeing on Wed 31st Mar 2010 17:06 UTC in reply to "RE: Not entirely..."
TemporalBeing
Member since:
2007-08-22

Honestly, most Linux distro's enact the first user as the 'root' user too.

I am not aware of any such distro. I don't use that many distros though, but atleast the one I use a lot, Mandriva, does NOT enact the first user as root. No, you always have to enter root password separately if you wish to install applications or do other similar system administration tasks, just as it should be.

Could you now then elaborate which distros actually do enact the first user as root?


Being the OP...

Distro installers always ask you to enact a password for root. That is the first user enacted during the installation.

After that, you can then add a normal user to use.

Reply Parent Score: 2

RE[3]: Not entirely...
by Thom_Holwerda on Wed 31st Mar 2010 17:12 in reply to "RE[2]: Not entirely..."
Thom_Holwerda Member since:
2005-06-29

Distro installers always ask you to enact a password for root. That is the first user enacted during the installation.

After that, you can then add a normal user to use.


Yes, but they don't make you run as root. That's a rather crucial difference.

Reply Parent Score: 4

RE[3]: Not entirely...
by WereCatf on Wed 31st Mar 2010 17:12 in reply to "RE[2]: Not entirely..."
WereCatf Member since:
2006-02-15

Of course distros ask you to set a password for root, but I am not aware of any distro which didn't also create a normal user account. Even Mandriva installation _mandates_ you to create a normal account, you can't continue installation without. And in no situation is the root user the default user; it doesn't log automatically in, it doesn't show up in GDM/KDM and so on.

That is very different from what you at first said.

Reply Parent Score: 3

RE[4]: Not entirely...
by TemporalBeing on Wed 31st Mar 2010 17:34 in reply to "RE[3]: Not entirely..."
TemporalBeing Member since:
2007-08-22

Of course distros ask you to set a password for root, but I am not aware of any distro which didn't also create a normal user account. Even Mandriva installation _mandates_ you to create a normal account, you can't continue installation without. And in no situation is the root user the default user; it doesn't log automatically in, it doesn't show up in GDM/KDM and so on.

That is very different from what you at first said.


No, that is exactly what I was saying Microsoft should do as well.

Reply Parent Score: 2

RE[3]: Not entirely...
by lemur2 on Thu 1st Apr 2010 02:56 in reply to "RE[2]: Not entirely..."
lemur2 Member since:
2007-02-17

"Honestly, most Linux distro's enact the first user as the 'root' user too. I am not aware of any such distro. I don't use that many distros though, but atleast the one I use a lot, Mandriva, does NOT enact the first user as root. No, you always have to enter root password separately if you wish to install applications or do other similar system administration tasks, just as it should be. Could you now then elaborate which distros actually do enact the first user as root?
Being the OP... Distro installers always ask you to enact a password for root. That is the first user enacted during the installation. After that, you can then add a normal user to use. "

In most distros, one MUST add normal users to use.

The root account is there, but it is not noramlly used. Indeed, many Linux distributions login manager will not allow root to login. Users must first login as normal users with limited priveleges, and most of the time run applications as that noraml user. Only when a system administrative change is required would one run someting as root, and the user must supply the root password to become root in order to accomplish such tasks.

On Linux, users do NOT nromally run as root.

Reply Parent Score: 3

RE[4]: Not entirely...
by TemporalBeing on Thu 1st Apr 2010 13:04 in reply to "RE[3]: Not entirely..."
TemporalBeing Member since:
2007-08-22

"[q]Honestly, most Linux distro's enact the first user as the 'root' user too. I am not aware of any such distro. I don't use that many distros though, but atleast the one I use a lot, Mandriva, does NOT enact the first user as root. No, you always have to enter root password separately if you wish to install applications or do other similar system administration tasks, just as it should be. Could you now then elaborate which distros actually do enact the first user as root?
Being the OP... Distro installers always ask you to enact a password for root. That is the first user enacted during the installation. After that, you can then add a normal user to use. "

In most distros, one MUST add normal users to use. [/q]

Yes. And Microsoft should force the same on Windows.

The root account is there, but it is not noramlly used. Indeed, many Linux distributions login manager will not allow root to login.


That's really not as much a distro limitation as it is that root doesn't usually have permission to run X-Windows (Xorg/etc). If you want to login as root directly, go to the console login.

Users must first login as normal users with limited priveleges, and most of the time run applications as that noraml user. Only when a system administrative change is required would one run someting as root, and the user must supply the root password to become root in order to accomplish such tasks.

On Linux, users do NOT nromally run as root.


Agreed; and Microsoft should force the same on Windows; and remove the ability to add anyone to the Admin group, and change the meaning of the 'Domain Administrators' (which typically carries all privileges of the Admin group on a local system).

With Vista and Win7, they have made a step in the right direction, but they still have a long, long ways to go.

Reply Parent Score: 2