![]() ![]() Linux will let you log into a graphical desktop as root — just as it will allow you to delete every single file on your hard drive while your system is running or write random noise directly to your hard drive, obliterating your file system – but it isn’t a good idea. PolicyKit also allows limited user accounts to make some system administration changes without obtaining full root access, making it easier to run as a limited user account with less hassle. The program wouldn’t have full root access to your entire system, which could protect you if a security hole is found in the application. The program’s interface would run with the limited user account’s permissions, only the part of the program that installed software would receive elevated permissions – and that part of the program would only be able to install software. While older Linux distributions ran entire system administration programs as root, modern Linux desktops use PolicyKit for even more fine-grained control of the permissions an application receives.įor example, a software-management application could be granted only permission to install software on your system through PolicyKit. However, if the application had root access, it could delete every single file on your hard drive, necessitating a full reinstall. This is bad, but if you have backups (which you should!), it’s fairly easy to restore the files in your home folder. For example, if you run an application that decides to delete all files it has access to (perhaps it contains a nasty bug), the application will wipe our your home folder. ![]() This also helps protect you against malicious or just plain buggy applications. While this could still cause problems, it’s much better than having your entire system compromised. In contrast, if you’re logged in as a limited user account, the malicious web page wouldn’t be able to do any of those things – it would only be able to inflict damage in your home folder. For example, if the Firefox browser had a security hole and you were running it as root, a malicious web page would be able to write to all files on your system, read files in other user account’s home folders, and replace system commands with compromised ones. ![]() You can’t modify system files without gaining root permissions. When you log in as your own user account, programs you run are restricted from writing to the rest of the system – they can only write to your home folder. Sudo helps enforce best practices, running only commands that need to be run as root (such as software installation commands) without leaving you at a root shell where you may stay logged in or run other applications as root. With su, you’d use the su command to gain a root shell, where you’d run the command you want to use before (hopefully) exiting the root shell. With sudo, you run a specific command (prefixed by sudo) that gains root privileges. Users coming from Windows sometimes decided to log in as root, just as they used the Administrator account on Windows XP. On other Linux distributions, it’s historically been possible to log in as root from the graphical login screen and get a root desktop, although many applications may complain (and even refuse to run as root, as VLC does). By default, the root password is locked on Ubuntu, so average users can’t log in as root without going out of their way to re-enable the root account. Discouraging users from running as root is one of the reason why ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |