Slashdot Mirror
Root as Primary Login: Why Not?
A user writes, "I help moderate a forum dealing with Mac OS X, and I'm having an awful time convincing a fair portion of our readers that logging in as root all the time is a Really Bad Idea. Worse, though, are the ones who try to convince others to log in as root all the time, claiming it's 'more Mac-OS-9-like,' or saying 'it's not really more insecure,' or even that 'a firewall should deter hackers pretty well.' I know all the standard arguments, but they're not working out. Does anyone here have some real-world anecdotes that I can point to?"
I'm a newbie and I always initially log in as root because that's the only way I can get adsl-connect going. I guess maybe I installed it as root, because it doesn't show up or run when I log-in as a regular user. Not a big deal but it is annoying to have to log in as root to get online and then to log out and log back in.
evanchik.net
I'm as mimsy as the next borogove but your mome raths are completely outgrabe.
My main reason for why you don't use root entirely is eventually no matter how careful you are you WILL make a mistake. Be it rm, chmod, mv, it will happen. If you use another account and try to do as much as you can as a none root user and only su up you will be less likely to simply careless do something.
But that is my 2 cents, my advice would be to present your argument, if they don't want to listen and want to put their boxes at risk, let them. When they accidentally make a mistake bring their system down they will learn. If they don't learn from that and keep recommending bad admin practices to others, well they are morons. But that is another issue.
...you just have to let the rat get caught in the trap to learn.
Relax and get out of the way. You can't take responsibility for protecting them from themselves. Let them screw things up a few times, and once they learn from heir mistake(s), they will be your best promoters.
It sounds more like you're hurt they don't respect your input. Big deal...if they want to trash their system, make it clear you aren't responsible for the time lost when you have to come fix it later. Have them sign a waiver and go on with your life.
I hate to say it, but they're going to have to get burned before they understand why they shouldn't log in as root all the time. Everyone I know has rm -rf'ed something important once, but just once.
this sig intentionally left blank
Those pretty bar graphs indicated the time spent getting the job done. That means that the taller one labeled Mac on each of them means the Mac took longer. Generally that means the Mac loses to the Athlon.
besides, its all offtopic anyway :)
Bleh!
Don't smoke it. I did once and got hooked. I ran Mac OS Updates as root. Fuck, I even had sex with my girlfriend as root. Man, that caused some permissions problems. When I started the road to recovery (logging in as Zacks) my girlfriend was all like: "Fuck no! You can't get any cause you don't own me an I don't go groups. You don't have the power to read, write OR execute so get out of my FACE" So I was all HELL NO bitch. And she wuz like you do not have root (superuser) privlages so get out of my TruBlueEnvironment! So then I went chown and chmodded her ass to me. Dat be-otch be up in my hizzouse. What what. Holla!
"...claiming it's 'more Mac-OS-9-like,' "
Nope. Not at all. OS 9 has the same level of protection for itself that OS X does, it just works a bit differently. Tell your friends to try this... In OS 9, drag your System Folder to the trash. Go on, do it. Whupps - you can't. Why? Because you don't have 'permission' to. You can only do it if you boot from a different source, like a CD or another volume. Unix does this far better than OS 9 could, but it's basically the same idea. Logging in as ROOT lets you do anything you want. Toss your kernel? SURE!!! No problem! BAD idea. I feel that if someone doesn't know why they shouldn't be root, that alone is reason enough for them NOT to be.
There are a lot of threads at various mac forums with this topic, but a current one is here at MacNN forums.
MacNN forums seems to have a well deserved reputation for being full of idiots. Especially in the OS X threads.
Say hello to "Bobby" from Ventura California, who started this thread :)
Let's say that you want to change the permissions of all the files in your home directory to go-rwx (which make sense). So, you type:
/*
/bin, /sbin, /var, etc. You're system is now screwed up to the point where it's probably faster to reinstall than change all the permissions. If you weren't root, you'd see something like this (from a Linux-PPC box):
/* /bin: Operation not permitted /boot: Operation not permitted /dev: Operation not permitted /etc: Operation not permitted /home: Operation not permitted /lib: Operation not permitted /lost+found: Operation not permitted /mnt: Operation not permitted /opt: Operation not permitted /proc: Operation not permitted /root: Operation not permitted /sbin: Operation not permitted /tmp: Operation not permitted /usr: Operation not permitted /var: Operation not permitted
:)
chmod go-rwx ~/*
But by mistake, you hit the space bar, and get:
chmod go-rwx ~
By the time you realize the hard disk has churned too long, you'd just gone and wiped the permissions on
[pts/2@tardis:/home/dmorriso @00:45] chmod go-rwx ~
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
chmod:
[pts/2@tardis:/home/dmorriso @00:46]
And yes, back in the day, I did make this oops and had to reinstall, because I had used su rather than sudo, and had forgotten to un-su. I started using sudo right afterwards.
_sig_ is away
For the old unix hacker it looks like you're logging in as root, but that's not really the case. At install time the system creates two users, both have the same name and the same password!
One is just a user, the other is root. In previous versions ( i haven't tested it lately) you could change the password of one but it wouldn't result in a password change of the other (which gave alot of headaches).
Now if you log in you're the normal user, and you can't do anything really dangerous. You need su (which needs to be activated, it isn't possible by default) or sudo to do something as root. Also when you're doing an install that requires root the installer will ask for a super user.
In both cases you use your own username and password (if your user is created at startup). So If somebody sneaks behind my computer when I'm gone to do something else, they can't really do anything dangerous. They would still need a password!
You can make more users if you want without any rights (that's easy), but the system works better than it looks because you don't log in as root!
You can if you want to btw. The password of root is the same as the password of the user.
It does nail down the importance of good passwords which is something that alot of macusers are new to.
Mix root with a nice, easy to use GUI and you've got trouble. Having a CLI provides a level of protection (But still, the difference between rm -rf /tmp/somedirectory and / tmp/somedirectory may only be a space, but I hope you've got backups).
/lib directory into the /usr directory. As libc couldn't be found, I was unable to run any commands, and this resulted in a reinstall, as I didn't have the skills to restore the problem.
Anyways I was using the Gnome filemanager at the time and was logged in as root, and moved the
As a command-line user, I understand the value of not logging in as root all the time.
However, most Mac users couldn't use a command line if their life depended on it and probably don't even know that MacOSX has a command line.
The MacOSX user who's a classic mac user will probably never use the command line; if they have to rename a thousand files to add an extension or a prefix or whatever, they'll do it by hand, not by using a tcsh script.
So, the question is, how much damage can one do from the MacOSX GUI at root? I don't know. I have accounts on other ppl's MacOSX computer (namely, at my University) but have never been logged in as root.
Of course, not logging in as root doesn't only protect you from yourself. It also protects you from "trogan" install programs, which say they'll do one thing, and in fact delete the entire hard drive or something else like that.
social sciences can never use experience to verify their statemen
Make them use Windoze for a week or two, all the while passing all relevant details of their machines to every cracker you know. They'll be begging you to never let them use root again. :)
Seriously though, a lot of the time when I'm running Linux, I'm in both using my normal account and my root account (though root is on a console and just running top). If there's danger even in that (other than killing the wrong processes), I'd love to hear about them -- better safe than sorry!
Chris 'coldacid' Charabaruk Meldstar Entertainment
Mod this up. It's supposed to be funny. I don't see how it's a troll.
Are there any problems or security issues doing everything as administrator with Windows XP Professional? I'm just a personal user, and other than using client software for many internet uses, I don't server anything. And problems other than "the fact that Windows sucks" would be nice. ;)
That said, Mac OS X has a root user, but root does not have a valid password on installation. The first user that is created via the setup assistant is what is known as an admin user. These are users who are members of the group "admin", a predefined group. Apple provides an API whereby a GUI application can ask for an admin user's password, and thus gain sudo-style privileges for actions such as installing software (which might need to put things in places that can only be touched by root). Also, the
In addition, admin users have access to the
Note that the
If a user were to log in as root, he or she would immediately gain write access to the
From the command line side of the house, admin users are allowed to do anything via the sudo command, which is preinstalled on Mac OS X. If you need root access, you can use sudo to do just about anything from the command line. If you really, really need a root shell, you can always do "sudo -s" and get one.
In summary: Mac OS X has the tools that you need to perform system administration tasks form either the GUI side or the command line side without needing to log in as root. Logging in as root is the equivalent of opening up a piece of machinery with the warning label, "No user serviceable parts inside", and you should not be surprised if you get hurt when you do this.
Paul Suh
psuh@apple.dontbotherspammingmeigetwaytoomuc
Note: on Mac OS X Server, root is enabled by default. This is considered less of an issue since it is expected that servers will be run by people who have a better understanding of the issues involved and are more likely to be doing things that need root access, even from the GUI level.
Administrator on Win2k and WinXP are very different from root on a *nix. Win2k and WinXP both treat Administrator as a normal user, but this normal user has certain permissions that allow them to install/remove any software, read/write any file, or even delete a system file (which Windoze quickly replaces with a fresh copy). AFAIK, Administrator doesn't pose any serious security problems unless your computer is one accessed by more than one user - like a spouse or children. create an account for each and stay logged out when away from the computer.
my only recommendation is MAKE SURE IIS IS NOT INSTALLED. script kiddies and horny teens can gain Administrator access without a password. (unless you're insane and actually want to USE it.)
grey wolf
LET FORTRAN DIE!
While doing work experience at SGI, I was told of their awards that they give out every month (in the form of two movie tickets), you get one if you do something great (help the community, fix a mass bug, etc) or if you do something really stupid. Well they had a main Origin 2000 server (snort), and a couple of months prior, one of the engineers (the one looking after me, I believe he was working on XFS at the time) has accidentally done rm -rf / while logged in as root on snort, there went everyone's stuff, snort was like the workhorse and the big storage yard. This is the result of their liberal policies (once your within the building you have all access to everything inside). I still love SGI! :)
If a nasty IE or Outlook(or whatever) exploit ever appears, you can end up with much more damage done to your system if running as admin. If you're logged in under a normal account, only files that you have permission to can be deleted/modified (mp3s, docs .. presumably stuff you've backed up). As Admin, if the trojan/worm is nasty enough, you may need to completely reinstall OS and all your software. Think of permissions as low level, last resort anti-[virus|worm|trojan] protection.
I'll only tell you the anectdote salient to this article. He would, of course, only log in as root as the KDE rpm front-end wouldn't work when you're logged in as a regular user and he didn't want to figure out how to use the the command-line rpm (I don't know if currently KDE does a sudo/su-type thing using the GUI, but it didn't back then - if you ran kfm as non-root, you couldn't use the RPM front-end).
At one point he could no longer log in. Problem? / was full. He was downloading all his stuff into /root (a one gig partition) and /home (20 gig partition) was completely empty. You could log in from console, but not from XDM since XDM creates files in /tmp upon login. He had no idea how to get from XDM to another virtual console, so he was effectively locked out of his machine.
My point? Give up. Don't worry about it. They will not learn why logging in as root is bad until they get burned. Especially since you're just a forum moderator - if you were getting paid to do this and your job depended on these machines staying up, you would have every responsibility to ensure people were properly following your policies; but, as a mere guru to these people, allow them to learn in the most effective fashion: trial by error.
shit, that was funny
c-hack.com |
OS 9 like, sounds like "More Mac like", and logging in as root is not.
My first Macintosh manual (for the Macintosh 512k) had the following to say about installing the "Programmer's Switch": "The Programmer's Switch is used to create an Interrupt or a Reset. If you do not know what an Interrupt or a Reset is, you do not need this switch". While people may criticize this, it has always been Apple's strategy to protect users from their own stupidity.
So really to emphasize the parent post, "If you do not know why to log in as root, don't do it." Period. Nuff said
Alex -- (And I don't even normally log into my BSD box as root)
Absinthe makes the heart grow fonder
When you're right in the middle of typing rm -fr /usr/something/ and you hit the enter key accidentaly hit the enter key just after the /usr/ part because you had to reach for napkins to clean up the gin and tonic that you spilled in your lap you learn that when you're root you can seriously fuck things up.
Don't waste your breath--or keystrokes--on people who don't want to listen. They're bound to learn why they ought not log in as root all the time.
I think this issues is mostly a holdover from the early DP and Public Beta versions of OS X. Without Unix knowledge, it was impossible getting things done without being root, and doing things as root caused so many permissions issues that many of us gave up and simply logged in as root all the time, just to be able to use the system. Things are *much* better now, but there are still issues that crop up making me wish that things worked more like OS 9. Mac users are used to having 100% control of their systems, OS X can be extremely frustrating to those of us who, for example, want to replace our System file with a backup copy because things are getting strange and you think corruption of the System files might be the cause.
Most of you posting here are Unix geeks, don't forget that there the Unix "way" is not, and never has been the Mac "way." Ted and MacFixit put it best (this quote is from memory):
"Any time you are *forced* to use the command-line to fix a problem (get something done?), it is a failure of the OS."
while addin a new disk ( was migrating data )..
/usr/lib /tmp
mv
no command worked after that cause everythign was dynamically linked.
Sorry man I don't controll the aliens.
I realize this is slightly offtopic and I can probably kiss some karma points goodbye but, did anyone else notice a modified image at the top of this page? This image was at the top of this story.
I Don't Work Here
It comes down to good practices. When I started playing with Suse I remember how I would get kick/banned on the spot for trying to get into #linux on Undernet while logged as root. I asked them and they simply explained it was to teach me to use SU instead of a real root.
I think we all agree root itself is too dangerous to leave it on for more than a few minutes, even if you really know what you are doing. Even us windows weenies are trying to enforce this: my IT folks spent a week adding garbled (read: cannot memorize) local passwords for all our servers and for administration are using an obscure account with the proper permissions. It is impossible to guess by name that this account is a local administrator for all machines in our network.
For OS X and BSD I guess you should be able to do whatever you need without logging as root, that is what SU is used for.
Pedro
----
The Insomniac Coder
user: /
cd
rm -rf *
"OMG! where have all my files gone"
reply:
"PEBKAC"
All people need to do is enable root and then su or sudo if they absolutely have to. If they can't fix any problem they are having not being logged in as root, then they should go and read some books. Hopefully some Mac users who are new to the *nix world will get some benefit from O'Reilly's new "Learning Unix for Mac OS X" book. Not that there aren't plenty of other books that should teach them the lie of the land, but I have a feeling this one will be popular as it's focussed on OS X.
Windows; windows 9x.
Windows 9x is always logged in as root.
Windows 9x makes it easy to mess up your computer, due to the lack of security.
Not logging in as root increases your security.
:. always logging in as root makes it easy to mess up your computer.
What's wrong with
Why is Grand Theft Auto a much more serious crime than Reckless Driving?
MacOS has always run with the simplicity of giving the [single] user complete access to the entire system. It wasn't until they bought NeXT and started working on OSX (parts of which, like permissions, made it into OS9 to smooth the transition) that permissions were involved in the OS at all.
/. readers, obviously object to this because it's not what they're used to. So, they will create their own [admin] account and play nice accordingly. Folks who are primarily from a Mac background may give up on the idea of an admin user and just set a root password and leave that account logged in all the time.
What does it matter if someone can wreck the entire installation? They could do it before in OS8 and lower. Why does it matter now?
Folks from a *NIX background, like a good portion of the
Do you really care if some random mac user wants to be able to trash their system? Do you?
Gabriel Ricard
i've been using OSX for just over a year now, and root scares the hell out of me. Call me unadventurous, but when something says "do not touch" i damn well won't touch it until i know what i'm doing. the only time i'll mess with it is if someone's holding my hand and pointing the way (ie. there's a nice step-by-step thing in MacAddict or something). and considering the number of typos i always make, i'd be one of those people who'd delete my entire drive or start global thermonuclear war from my iMac. :p
i don't own a mac 512, nor do i plan to own one (i'd like one though). i guess its safe to tell me,
:-D
what exactly does the programmer's switch do?
moox. for a new generation.
Most Mac users are always finding something about OS X to whine about. If it's not that the Chooser is gone, it's that they can't be root all the time. Honestly, is it really that hard to type in your password anytime you wish to update or make a system altering change? They have been blessed with this beautiful OS, a perfect blend of form and function, yet all I hear from Mac users is, "I hope the next release is more like OS 9." What is wrong with you people? OS 9 is antiquated. I switched to the Mac platform because I was tired of that other major OS churning out the same garbage for a decade. Troll me down but it's true, Mac users don't know how lucky they are.
I use an account that is an administrator-member every day on my Windows.
h tm if you want to use a firewall.
My uptime on this workstation is 40days and I have never been hacked (i dont run any firewalls, but a small network monitor). By the way, there exist a nice freeware portblocker at http://www.analogx.com/contents/download/network.
Now back to topic. Why can't users use root all the time? Every time I have to do changes on my Linux box I have to use a root-user, thus I use root almost every day. It sux, and I've started using root as my primary login. Ofcoz I could do a rm -R / * or similar, but guess what? I don't care!
It's all about functionality and user experience. Security people can just "stfu" coz they just disable the most used features at your computer.
In the end you have to respect users and their need to
a) learn about the computer by doing mistakes
b) trust that the general hacker do not want to hack you unless he has a good reason
c) see in the real world how things seem to work, even if you did not protect it like a child in a baby buggy
I am a UNIX geek and I have used UNIX all my computer life and as such I expect a level of security with my systems. I have always built my own firewalls and reinstalled my systems when they came preinstalled. So as a UNIX geek I would never log in as root, however most sane people just want to use their computers and not worry about logins and such. Most of them have a different level of security that they want and are used to. I think more than anything this is a personal preference issue on a SINGLE user system.
Is typing su really all that difficult? I can agree on running windows as administrator (as long as your change the account name) but only for the simple reason that to do much of anything useful you have to log off and log back in. If I could just open the command prompt and switch to admin, I would never log in as admin again.
I agree with your position that GUIs are less dangerous while root than CLIs are because GUIs execute gestures which have zero chance of a wildcard typo error. If one examines most of the other arguments presented by slashdotters for not using root, they seem to have to do with chowns, and rms gone awry. There is certainly no risk of that in a GUI.
However, I think you have a misconception of "classic" mac users. I would argure that because in order to log in as root in the first place, the user had to go out of her way to enable root in netinfo, this implies a certain level of sophistication, or a least a desire to learn the ropes and gain a greater understanding of the system. The behavior could have been motivated by doing a lot of su commands that the user viewed as tedious and hence sought an alternative. Which implies command line use.
I think the important question is WHY on earth do these users find themselves requiring superuser privleges in the first place? Its probably because they want to tweak the system, which mac users are notorious for, so they may as well resign themselves to having to re-install the system at some point.
I think the problem lies in recommending root-running to others. The argument should be presented like this:
root is there as a layer of protection, to protect you from yourself, and to protect your system from things you might download that could do bad things to your system intentionally or not.
If you run as root, you lose that protection. Take it or leave it, but if you recommend that others also abandon the protection that root provides, please provide them with the coutesy of explaining roots purspose in protecting them from themselves.
don't forget that part of the reason that people make such a big deal about logging in as root is that Linux geeks have ego. they like to think that since they always SU and SSH, they are "cooler" than the next guy, and so this Root problem gets preached a little more than it should.
:-)
on the other hand, the dangers of logging in as root are valid. personally, i log in as root all of the time because there isn't a single thing on my system that i couldn't fix if i needed to. for me, its "cool" to be challenged to fix it, so as far as i am concerned, "bring on the hackers"...
in a production environment, its obvious that perfect paranoia is the only way to go though.
-- Betting on the survival of the media industry is a serious risk. I advise investing elsewhere.
Those of us who might not be able to responsibly handle using root as our primary login want to.
For the record, I have root enabled - but I rarely log in with it.
The question should be, "Why do people who don't understand root access have it?"
:)
Perhaps you should lobby the companies these people work for to have their root (or admin) access removed
I hold it, that a little rebellion, now and then, is a good thing. -- Thomas Jefferson
...to understand why *nix is not ready for home user desktop prime time.
Syntax error: loose != lose, affect != effect, then!=than
The concept of permissions is too far above your average Mac user... But they'll eventually learn the hard way by getting hacked or removing something like the file system. But the common thread i see here is: "I don't really care" ... I say: With that attitude, niether should you.
First off, if you have any sort of connection to any sort of public network, especially the Internet, YOU ARE A DESIRABLE TARGET.Your machine gets bandwidth, and bandwith begets DOS attacks.
Secondly, I log in to an NT workstation as an admin a lot too. But on NT, a lot of system stuff of hard to get to and accidentally delete. If I happen to be in the wrong path on a UNIX system and type 'rm -fr *' I could be in deep shit, but if I don't go around carelessly wielding a root UID, then I protect myself. It's a bit like keeping the safety on a rifle. It's just a good idea.
After they have wiped out thier system ask them if they know how to install the OS ;-)
Its sort of like NT do you give all your users admin priveledges or just the ones you trust?
Only 'flamers' flame!
Any halfway smart(lazy) mac user that needed to rename 1,000 files would use DropRename or some other util.
Not Running as root is a general safety factor in many aspects some that are stated and some that are not.
/* is a desasterous command. Also sometime I acedently click and drag a folder into an other folder. Doing this as root would alow me to move stuff that needs to be in its place to an other spot.
/etc/passwd
/lib directory but you forgot about it and downloaded a file there. Then when you actually needed the file you cant find it so you have to run the find command. With a restriced access it allerts you that something is not right before you wast time.
1. Running as root is not forgiving of simple typo's rm ~
2. Not running as root is one of the first line of defence from protecting yourself from Viruses and Trojans. If you dont have access to mess up your system good chances the file attachment you opened up will not have permission.
3. Programming as non-root is good it could prevent you from accedently messing up important files Say you open("file","w") except for a open("file","r") and say file was
4. Stops you from making a mess of your file system. Say you were in
5. You know when you are doing something that may cause problems. If you cant do it as your own account then do an sudo to run it this makes you concious that you may be doing something that may damage the system so you will be more alert.
6. Sometimes other people use your computer and they may not be as carefull as you.
7. On multy user systems it may make people feel unconfortable if you use root all the time because they have no sience of privacy of there home directory. (This is a weak one but its true)
8. It is a lot easier to crash the computer as root and running apps as root. You cant always trust other people code
9. Loggin in as root all the time increases the chance that someone snooping your network will find the root password and create real damage.
10. Some programs may give them selfs a lower (nice) level and eatup your system resourses.
In generally running as root needs you be on on edge when ever you do something and the potential cost outwaigh the benefits
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
OOoops
[Pruneau
Many years ago, as a university sys admin I remember getting a call from the music department for help. Their NeXT machine wouldn't boot at all. They had been "cleaning up" the disk space and - you guessed it - they removed that big "vmunix" file.
Devon
Here's my root story -
I am an administrator of an OS X Server box, and I was trying to stop some job that had been screwed up. On accident I typed "Kill 1". This was a Very Bad Thing. Lesson learned.
-> c h i e f
good ppoint, but that's probably also why root is disabled by default...
If you have MacsBug installed (the system debugger) it brings it up with a cli.
If you don't, it brings up a modal dialog box with a prompt that simple remains until you type g on a single line or you hit the hard reset button. Needless to say, not many knew what to write.
To be fair, you could also type G <address> where address is what you want to set the pc to, but how useful is that in an OS with mandatory PIC?
As an OSX user, I'll submit that most users aren't going to use the terminal. For me though, sudoing root makes sense, mostly because if, god forbid, my HD is wiped out, backing up my ~ directory means all my stuff is in the right place when I reinstall. Brian.
or you can type G FINDER which (iirc) kills your current task and kicks you back to finder (relaunching if needed).
:)
or you can type DM XYZ where XYZ is a memory address, and display the memory at that address.
theres probably a bunch of other commands too, but I don't know them. Generally, ditching the builtin debugger for macsbug is a good plan.
I always love seeing the look on people's face when they see a legacy mac drop into the macsbug CLI.
It's nice to know that I can't do anything to my computer that will destroy anything other than ~/ I feel that the effort of reinstalling everything is far greater than the effort of typing "sudo"
Have her read at -1 to never speak to you again...
I'm new to both macs and unix, and at the risk of opening myself up to some flamage here, I have a supid newbie question about this root business. Now that we've established that logging on as root is bad, how do I know if I'm logging on as root? When I got my ibook, the os x setup created an account for me, and I've always logged on with it by default. I've done some minor tweaking (like changing the system icons) that requires the terminal and commands like sudo. So am I logging on as root to be able to do this? If so, what do I need to do - create another account for myself?
People login as root because they just want the damn machine to work. Apple users are not Unix users - and they never will be. Your best bet is to tell people to keep a current copy of all software they have installed and their home directory backed up. I totally understand where people are coming from on this one. Ever used fink to install darwin software? Hope you are very familliar with the command line to get all the source packages out of the /sw directory it creates...
my first idea is let them all change to root and find out how powerful it really is. if they want to pay 2 grand for a new system let them. My second is become admin and change all the people's posts encouraging root usage to discouraging root usage. if the second way doesn't work, then the first way will i guarantee it.
....an even more significant reason:
/uneducated/ user(and sometimes not even clicked on...just received by something like Outlook) while logged in as root....and poof there goes the whole machine....lucky, at least for the rest of us cause at least that users box is gone.....or really unlucky for the net community at large if the virus/worm/et.al. keeps the machine and starts doing nasty self propagation.
1)As root you have the ability to not only do damage to your own user files...but you have the ability to damage/destroy the whole system. Being a user on a UnixOS is one of its beauties. No matter how bad you screw up as a user, its only your files...the system will still be there.
2)OSX runs a number of Microsoft Applications....i.e. the Office Suite, and Outlook...which are notoriously prone to security problems.(albeit, quite a bit less on Mac)
Mix those two reasons and you get something like Windows, where one script sent by email, clicked on by an
So, just dont do it. There is so little a regular user needs root for...and for that Apple has provided sudo....built in from the start.
Dimes
In my analysis, there are three reasons.
I'm proud of my Northern Tibetian Heritage
Got root?
If you want your Mac to run "More OS 9 Like", how about run OS 9. If these people don't have the sense to log in as a user and su to root when needed, let them learn. One day they'll f*** up and realize, "Ohhhhh!!! That's why I should log on as root."
/
cd
rm -rf *
reboot
Have Fun!!
Where are my Luvs to collect all of the bullshit in this thread?
I don't get it. Why do people feel the need to be root anyway? I have been an OS X user since Beta. I host my website on OS X and recently OS X server. I have configured Apache, BIND, Sendmail (ugh) and Postfix. I compile C++ source from the command line. If for some reason need to run a command as root (which can be frequent) i use sudo. There is a program called pseudo that will run apps as if they are root by drag/drop-ing files on top of it. If the user is an admin, they can config the system and install by simply providing their passwd. I have activated root from NetInfo to access certain functions but never once needed to log in as root. What is all the fuss is about?
z(p)
People log in as root because it gives them all the power they could ever need (and more!) at once. They believe that they will ne'er ever mistype something.
As others have said, let them do it. Then sit back and watch them scramble after they hose their system in a big way...
Beauty is truth, truth beauty. That is all ye need to know on Earth, besides TCP/IP.
I am a stupid and ignorant Mac user (see above). I do not wish to run a server. Others will not be using my computer. I know how to install Mac OS 9 & X System Software (duh). I used to know how to back up my whole disc including my system (in OS 9). I can think of a long password and remember it. I dislike the long steep learning curve of Darwin/CLI, notwithstanding its impressive features. I frequently boot into mac OS 9 as it is the only way to solve real problems to do with old software, peripherals, drivers, and interface irritations, not to mention MY sheer speed of work.
/.ers seem to believe, the average Mac user gets a lot of real work done, but is not interested in running a multi-user time-sharing network available computing resource. Not yet, anyway. I think Apple should work on a default but optional simplified interface for those who chooose not to learn a lot of complicated Unix-technique that is of no interest to them. This is meant to be a consumer OS too, don't forget. I am fed up with being told by the system that I can't copy/open/trash certain files. I am fed up with trying to work out how to perform simple tasks like backup preference files or change my long user name.
Since I
1) always did know how to, and had the right to trash my OS 9 system, and never once did it, even by accident
2) don't intend to use the terminal if I can possibly avoid it,
I have found that logging in as root is the simplest way of overcoming the obstruction and frustration that OS X's unnecessary (for me) permissions scheme brings.
Contrary to what most
You're right - we Mac users are too stupid to use the terminal on our laptops so like idiots, we just drag any old thing around the screen and that is exactly why it doesn't really hurt to be root.
^admin^root
I'm not someone you would probably talk to anymore if you called in, but I have talked to many customers in the past who had done *bad* things, either by logging in as root, or by moving things around in OS 9 without thinking. If the customer had moved stuff around in 9, sometimes you could get it back in place and things would work, since 9 didn't touch (but seemed to preserve) the permissions. If it was done as root, quite often permissions would get changed and honestly, it's more trouble to fix hundreds of files than re-install.
Ok, so now you're up to re-installing. No big deal, right? Wrong. If you have a CD for 10.1.0, and you've upgraded to say, 10.1.2 - you are no longer able to just re-install. In this configuration, you would be required to erase and install. So wow, this looks bad now, huh? All this trouble because you want to mess around with stuff in
Like the other gentleman from Apple who compared this to opening a panel of a device clearly marked "Do no open" - this kind of situation reminds me of something these mac users who want to log as root would NEVER do. Ask them if they would use a soldering iron to modify their logic board to make the computer run faster. If they answer "yes" then they are hopeless. If they answer "no, because then my warranty would be void," then tell them that's like what they are doing to their OS. They are putting their OS in an "unsupported configuration" that they cannot receive technical support for. Returning the machine to a supported configuration (i.e. an OS that works) - and they will receive technical support. In most cases, doing this requires they wipe their HD, or learn UNIX real fast (this of course assumes that single-suer mode still works).
I don't want to sound like Apple tech support isn't going to help you if you use root. We absolutely will. We will, however, politely ask that you log in as a different user. As far as fixing permissions - in some cases we can quickly find the file/folder with the wrong permissions and fix it (userland stuff). However, if
I understand that you can accidentally delete every file on your hard drive, but it's not as easy to accidentally do as so many people claim. You have to want to recursively delete all the files at a certain point in your directory tree - I personally never use rm -r and most people who don't understand the trouble with root wouldn't even know how to use the command. They're much less likely to type it in, and then even less likely to type it in when their pwd is '/'.
I think that the classic example also downplays the dangers of typing in 'rm -rf ~/' - back when I did helpdesk work I had many more reports of people erasing their personal files than system files. It's much worse in my opinion to lose all your personal files than to lose important operating system files because they can't be replaced as easily (and these people almost never make backups). These were Windows 3.1 and 95 machines usually, so there was not much stopping them from deleting crucial files except their lack of knowledge. And all they would have had to type is "deltree c:\windows" or "del /y c:\windows\*.*" from any command prompt.
So my point is that home users logging in as root is bad practice, but not likely to cause any problems that couldn't easily happen on most Windows systems (since XP creates passwordless administrator accounts by default I am including it in this category). If an OS X user (or desktop linux user for that matter) logs in as root all the time, and then one day royally screws up his/her system, he/she will probably be able to reinstall, or find somebody to reinstall, the system files that only root can destroy. The personal files, those which the user could have destroyed without root, will be deleted either way:
So the lesson is: don't log in as root unless you know how to reinstall the OS.I really hate signatures, but go to my website.
"Apple users are not Unix users - and they never will be."
I have been a Mac user for 10 years. I became aquainted with the Mac in college, where I also used Windows and Sun workstations for awhile as well. I have always purchased and used Macs because of the high quality hardware and dependable operation at a reasonable price. Now I am reaquainting myself with UNIX because of OS X. Why haven't I been using UNIX before now? Because UNIX hardware was so expensive. With the Mac, I now have an affordable box to run UNIX on that's not x86 based. Moreover, Mac OS X has sparked my interest in Linux, where in recent months have began to use Red Hat Linux on x86 boxes at work (when it comes to my home machine, I'm always buying a Mac). In short, Mac OS X has drawn me to UNIX (using the command line), not discouraging me.
Interesting that one of the main reasons I've heard for not running as root wasn't mentioned yet:
:)
E-mail virus infection as a user other than root is MUCH less destructive than viruses as root, unless the virus compromises root.
On Windows 95/98/ME or MacOS 9 or earlier, running the virus infected e-mail compromises your entire machine and the virus can destroy everything if it wants.
On NT/2000/XP, things are a little trickier because the only user that has permissions to do everything is an admin user. Unfortunately, far too many people run as admin users on those platforms because that is the default setup. I've also heard it isn't hard to open back doors in other ways, but I haven't chased this myself.
Any UNIX variant including MacOS X - only the root user can erase everything or cause system instability. Also, only a root user can stop some processes, like your virus checker. Run as root, virus checker is down, virus is installed, Harddisk is wiped clean. Run as a user, worst case scenario, your user data is wiped out. Want a backup? have a cron job running as root copy the critical data once in a while (as non-execute).
More reasons:
You're surfing the web as root and run a java application. A malicious user exploits a java bug and uploads an exploit program that sends the contents of your entire harddrive to him and then erases the contents on your end.
You download a trojan program and run it. Running as root, you lose your harddrive. As a user, you only lose that user's data. Your system still boots and you don't need to reinstall all 25000 programs you own, only restore the data (which I hope you burned on a CD-R or backed up
A malicious Word macro virus can delete your hard drive as root.
You run as root. A malicious Word macro virus alters your mail server to be an open relay and sends an e-mail to spammers everywhere about it.
Notice the trend yet?
Hope that helps.
BTW, "SM" was another command you could use in Microbug... Set Memory.
FWIW, Mac Technote TN1136 has details on the ROM debugger, and an explanation of G FINDER. Turns out "FINDER" is interpreted as 0x00F27DEB
Actually, this is not the case. The whole reason why a non-root admin user has to give his password to invoke admin powers is to confirm that root powers are being invoked; it's basically like a sort of weird "sudo" command. When actually logged in as the superuser, this step is not necessary.
(The only exception is in some badly-designed apps that don't realise that they're running as root processes when you open them in root, and still ask you for the root password... arrgh! Take note of this rant, OS X developers!)
So is "viri"/"virii" an old joke! I know that I first encountered it in the sixties, as a little kid. My mom used it -- and she was an English major and professional editor and writer. She was well aware that it was incorrect, but it tickled her sense of humor (as did some other malformed words and phrases, such as "swell foop", which she used more-or-less consistently throughout her lifetime).
And how do you tell if people are using it "tongue-in-cheek"? When people use "boxen", they usually use it as if it were a real word, and don't draw any special attention to it. Pretty much the way they use "viri"/"virii". Unless you have previously unsuspected telepathic powers, you're using guesswork, and have no factual basis for your claim. Since I first encountered Tom C.'s humorless diatribe over a year ago, I have looked in vain for any evidence that anyone at all takes the silly misspelling seriously. I have failed to find any. It's a little more popular than "boxen", but then it seems to have spread through science fiction fandom, which was a little bigger and more widespread than hackerdom back in the sixties when all this silliness started.
As for the ridiculous "it's not proper Latin" argument, well, that's just dumb! This is English we're talking about, not Latin. Hell, the word "television" mixes Latin and Greek roots, and by the measures you're applying, is a REAL abomination. Why don't you start a crusade to stamp out the word "television" instead of wasting your time on a mild (and admittedly not-very-funny) joke.
and what led me to the question was the nth time i was unable, as the admin (the name put in at install time), i am often stopped at the gates when trying to read/write something to/from my wife's subdirectory /users/hotchick.
/users
One fateful night, i was, yet again, doing some printing for her (the printer's upstairs where my machine and the printer is) from her TiBook, and so i logged in as me on her TiBook to print her stuff...
well, i couldn't get into her subdir... so i tried batchmod - and that doesn't (apparently) have a -R on it, so then i went to the CLI to
sudo chmod -R 777
fine.
the GUI STILL wouldn't let me into her subdir until i rebooted the Finder... damnit.
then, later on that night, when she went to work on one of the files later, it turned out that when i had opened one up and made some changes for her, is changed the owner to adminboy - and hotchick couldn't open the files any more...
arrrrgggh!!!! Its my fscking computer, and i want me or my wife to be able to read/write either/or's files to our heart's content. This includes ~/pictures (where things _have_ to be for iPhoto) and other "predetermined" subdirectories.
i even went so far as to repartition the machine with a 18 gig primary drive, and a 2 gig hotchick_HD so that i could turn off file permissions..
of course.. that check box doesn't ACTUALLY work - because not a day later - after the fresh install and all - all her stuff is on the 2 gig part - and when i maked some changes, she wasn't able to open those files later.
so - if i have 2, and only 2, users on a machine that want to have separate logins (login-time differences, like desktops, Dock position, etc) but we want complete control of each other's files on the machine..
i don't want it when i edit a Word file for her that it makes it "read only" when she logs in later to work on the file.
so - that was, in a rage after the 100th time she came to me complaining that the computer wouldn't do what WE wanted it to do... in Pudge's conference..
:FOR THE LOVE OF GOD, I"M JUST GOING TO LOGIN AS ROOT FOR NOW ON, DAMNIT!
i didn't mean it.. but my quandry - non-system files being universally unprotected for all users to see and use - and how to get there in a very Mac OS 9-like way.... is still unresolved.
guns kill people like spoons make Rosie O'Donnell fat.
asshole.