[vox-tech] User with root privileges

Michael Wenk vox-tech@lists.lugod.org
Mon, 24 Nov 2003 02:22:44 -0800


On Sunday 23 November 2003 01:20 am, Mark K. Kim wrote:
> On Sun, 23 Nov 2003, Michael Wenk wrote:
> > On Saturday 22 November 2003 06:51 pm, Peter Jay Salzman wrote:
> > > > > but never mind that.  let's talk about something else.
> > > > >
> > > > > so we have a guy who presumably owns a solaris box.  he wants to
> > > > > install something.  i forget what it was.  oracle?  anyway.  he
> > > > > wants to do it from an account named "joeschmo", rather than
> > > > > "root".
> > > > >
> > > > > do you really not see anything wrong with that?
> > > > >
> > > > > the only person who should be doing that is a hacker.
> > > >
> > > > Or an oracle DBA/sysadmin... oracle is not installed as root,
> > > > although there are 2-3 parts that require you to run a script as root
> > > > to do somethings.
> > >
> > > and you would change a user's UID or GID to do this?
> >
> > You are not making sense.  You said above that you had a guy that wanted
> > to install oracle from an account other than root(which is the way oracle
> > is supposed to be installed.)   So you're dinging me for that?  Have you
> > ever done oracle installs?  Am I missing something here?
>
> Aiya... This is getting ugly.
>
> He wasn't criticizing the way you install Oracle.  He was sarcastically
> pointing out your misunderstanding of his point from the previous post,
> which was that the only person that would want to change a user's GID to
> root is a hacker.  In Peter's example he mistakenly used Oracle, which
> apparently rattled your cage a bit and caused you to miss his point about
> the GID.  It was just a lot of misunderstanding so... let's just leave it
> at that before it gets more ugly...
>
> > > you ain't administrating any machine that i own, that's for sure!  ;)
> >
> > Ya know, there's one thing that always makes me laugh, and that's when a
> > non professional gets all anal about their home system.  Get a grip, the
> > absolute worst thing that can happen is you have to spend an hr or two
> > reloading your system.   Its one thing to expend the level of effort to
> > learn about something, another thing to just do it cuz you're afraid of
> > being hacked.
>
> Well... I have large archives of files that date back to my junior high
> school days... including homeworks, project files from various projects I
> undertook, all my diaries, and photos from many of my trips and my past
> that's utterly priceless and irriplaceable once gone.  Those are more
> important to me than any expensive tech gadgets or collectables in my
> possession.  In such case I'm sure you understand how one administers the
> computer system can be important to certain people.

Accept yes.  Understand no.  I don't understand why methodolgy is important on 
a home system.  Yes, the stuff on there may be important to you, but why the 
hell would anyone else want to get it?  and if so, and if data and system 
security are that important, what about physical security?  If someone really 
wanted my data, they'd just break in, yank my box, and run.  So you work yer 
ass off for something, and 9 chances out of ten, you're leaving yourself open 
to the lowest level of attack.  That I don't understand, and it makes me 
laugh.   Personally, I do the 10% that keeps out 75% of the people.  and when 
I did this for a living, I did the additionaly 80% that kept out 20% in 
addition to...



-- 
wenk@praxis.homedns.org
Mike Wenk