root and users (once again)

K

Kris

Registered
You're probably tired of the endless questions about root.. But I've got one more..

I have read several post about root and how and why you shouldn't enable it. And I've got the point; security.
But let's say you enabled root, and logged in a couple of times. Later you decided to login as another user and go online to check email or something. Would you still have the security-issues? Isn't enableing of root only a problem when you are root and can mess up the file-system, or when you go online? If not, can you do anything about the security issues, - except from re-innstalling?

...I'm impressed.. where have you guyes learned all the things you know about Mac OS X? :)

Kris
 
I'm definately NOT the one to ask (I myself ask UNIX Qs all the time!) but I will say this; in short:

NO!

Enabling root can be a security problem even when you are NOT logged in as root. The REAL security issue that experts talk about when referring to the root issue is not the "oops, I deleted the System folder" problem -- since only those that are not morons (read: tech geeks like me and you) tend to even know about root let alone want to enable it (most folks could care less about this stuff -- can you picture a ten year old girl saying to her dad, "daddy can you enable root so I can by-pass your permissions blocks so I can download porn on the Internet?" I thought not).

The real problem is that once enabled, root can be a "backdoor" for professional hackers to gain COMPLETE CONTROL of your computer from remote access. Of course, for the average user, the odds of this type of thing happening are quite extreme -- after all, a hacker would first want to actually break in to YOUR system. Nonetheless, once you 'enable' root access it is like placing a door in a brick wall: once there is a door in a wall it is the easiest point of access; it's harder to break into a Castle that has NO drawbridge just a moat with crocks.

In otherwords, a professional hacker (read: not typical script kiddies) can use brute force to digitally break into your machine by trying to access every point of possible entry (ports are a good example). If they can access your root account, they can turn your machine into their bitch. If they merely gain access to your normal user account (even if it IS an administrator account) they have less power and cannot do as much damage (although simply deleting the hard drive would likely be enough for me to cry foul!).

I think that for MOST uses, sudo is sufficient. Personally, I'll tell you a little trick. When I want to do things that OS X won't let me do, I either TEMPORARILY change permissions to folders/files using SuperGetInfo or BatChmod (and now the Unix command line "chmod" command -- thanks SimX for your help) or ... and this is the biggie ... I simply boot into OS 9 and do whatever the heck I want!! You can do ANYTHING in OS 9: move folders that are for DIFFERENT users (heck, you don't even need to be an admin let alone a root user in OS 9 to reek havoc), copy icons onto System & Library folders (to customize the appearance of your system and make it look real cool (see my .jpg below), and make invisible files visible (like bin, sbin, private, etc. -- just use File Buddy or a similar tool).

The point is that there are MANY ways to do things that OS X normally doesn't let you do. And each of these ways is safer than using root!

That all said, I think root is cool. :D
 

Attachments

  • library 001.jpg
    library 001.jpg
    58.6 KB · Views: 30
"Root" : it's not just a famous book (and movie of the week) or some kind of Canadian thing or a Turnup ...

it's the thing that can transform a geek into ... well, an even bigger geek.

Root. It's not just for breakfast any more.

Yes, you CAN have your root and eat it too.

If you don't stop playing with your root, you'll go cross-eyed or blind, young man!

I'll show you my root if you show me yours.

The Root Stuff, a new film from the makers of Apollo 13.
 
Thank you for replies.

I got the point about the door..
And if some stupid kid enabled root, can the door be removed?



Kris
 
testuser: While that is good advice, we're just talking about root here.

I believe this is what it boils down to: you shouldn't enable root because 1) people have FULL access to your hard drive when they use this account and 2) the hackers easily know the login if this is enabled -- part of logins is needing to know both the login AND the password.

But testuser is right, you really shouldn't enable any services you don't need to use.
 
testuser, I'm jealous of your brain. :p

I wanna know if anyone here has used MacAnalysis X. I tried the demo which ran for only 10 minutes and it wasn't done analyzing before the demo quit. I couldn't read the reports and see if it reports truly holes or just paranoia for selling copies of software. Anyone have a review?
 
You must log in or register to reply here.
Back
Top