oldlinux-files/docs/Install-Guide/install-guide-2.2.2/node157.html

<!DOCTYPE HTML PUBLIC "-//W3O//DTD W3 HTML 2.0//EN">
<!Converted with LaTeX2HTML 95.1 (Fri Jan 20 1995) by Nikos Drakos (nikos@cbl.leeds.ac.uk), CBLU, University of Leeds >
<HEAD>
<TITLE>4.1.1 The root account</TITLE>
</HEAD>
<BODY>
<meta name="description" value="4.1.1 The root account">
<meta name="keywords" value="gs">
<meta name="resource-type" value="document">
<meta name="distribution" value="global">
<P>
 <BR> <HR><A NAME=tex2html3778 HREF="node158.html"><IMG ALIGN=BOTTOM ALT="next" SRC="next_motif.gif"></A> <A NAME=tex2html3776 HREF="node156.html"><IMG ALIGN=BOTTOM ALT="up" SRC="up_motif.gif"></A> <A NAME=tex2html3770 HREF="node156.html"><IMG ALIGN=BOTTOM ALT="previous" SRC="previous_motif.gif"></A> <A NAME=tex2html3780 HREF="node1.html"><IMG ALIGN=BOTTOM ALT="contents" SRC="contents_motif.gif"></A> <A NAME=tex2html3781 HREF="node250.html"><IMG ALIGN=BOTTOM ALT="index" SRC="index_motif.gif"></A> <BR>
<B> Next:</B> <A NAME=tex2html3779 HREF="node158.html">4.1.2 Abusing the system</A>
<B>Up:</B> <A NAME=tex2html3777 HREF="node156.html">4.1  About RootHats, </A>
<B> Previous:</B> <A NAME=tex2html3771 HREF="node156.html">4.1  About RootHats, </A>
<BR> <HR> <P>
<H2><A NAME=SECTION00611000000000000000>4.1.1 The root account</A></H2>
<P>
<A NAME=4173>&#160;</A>
	Ordinary users are generally
	restricted so that they can't do harm to anybody else on the
	system, just to themselves. File permissions on the system 
	are arranged such that normal users aren't allowed to delete
	or modify files in directories shared by all users (such as
	<tt>/bin</tt> and <tt>/usr/bin</tt>. Most users also protect their
	own files with the appropriate file permissions so that other
	users can't access or modify those files.
<P>
	There are no such restrictions on <tt>root</tt>. The user <tt>root</tt>
	can read, modify, or delete any file on the system, change 
	permissions and ownerships on any file, and run special programs,
	such as those which partition the drive or create filesystems.
	The basic idea is that the person or persons who run and take
	care of the system logs in as <tt>root</tt> whenever it is necessary to 
	perform tasks that cannot be executed as a normal user.
	Because <tt>root</tt> can do anything, it is easy
	to make mistakes that have catastrophic consequences when logged
	in using this account.  
<A NAME=4180>&#160;</A>
<P>
For example, as a normal user, if you inadvertently attempt to delete
all of the files in <tt>/etc</tt>, the system will not permit you to do so.
However, when logged in as <tt>root</tt>, the system won't complain at all.
It is very easy to trash your system when using <tt>root</tt>. The best
way to prevent accidents is to:
<UL><LI> Sit on your hands before you press <IMG BORDER=0 ALIGN=BOTTOM ALT="" SRC="img238.gif"> on a command which
may cause damage. For example, if you're about to clean out a directory,
before hitting <IMG BORDER=0 ALIGN=BOTTOM ALT="" SRC="img239.gif">, re-read the entire command and make sure
that it is correct.
<P>
<LI> Don't get accustomed to using <tt>root</tt>. The more comfortable you
are in the role of the <tt>root</tt> user, the more likely you are to 
confuse your privileges with those of a normal user. For example, you
might <em>think</em> that you're logged in as <tt>larry</tt>, when you're
really logged in as <tt>root</tt>.
<P>
<A NAME=4192>&#160;</A>
<LI> Use a different prompt for the <tt>root</tt> account. You should
change <tt>root</tt>'s <tt>.bashrc</tt> or <tt>.login</tt> file to set the 
shell prompt to something other than your regular user prompt. For
example, many people use the character ``<tt>$</tt>'' in prompts for
regular users, and reserve the character ``<tt>#</tt>'' for the <tt>root</tt>
user prompt.
<P>
<LI> Only login as <tt>root</tt> when absolutely necessary. And, as soon as
you're finished with your work as <tt>root</tt>, log out. The less you use
the <tt>root</tt> account, the less likely you'll be to do damage on your
system.
<P>
</UL>
Of course, there is a breed of UNIX hackers out there who use <tt>root</tt>
for virtually everything. But every one of them has, at some point,
made a silly mistake as <tt>root</tt> and trashed the system. The general
rule is, until you're familiar with the lack of restrictions on <tt>root</tt>,
and are comfortable using the system without such restrictions, login
as <tt>root</tt> sparingly.
<P>
Of course, everyone makes mistakes. Linus Torvalds himself once accidentally
deleted the entire kernel directory tree on his system. Hours of work 
were lost forever. Fortunately, however, because of his  knowledge of
the filesystem code, he was able to reboot the system and reconstruct the
directory tree by hand on disk.
<P>
	Put another way, if you picture using the <tt>root</tt>
	account as wearing a special magic hat that gives you lots of
	power, so that you can, by waving your hand, destroy entire
	cities, it is a good idea to be a bit careful about what you
	do with your hands.  Since it is easy to move your hand in a
	destructive way by accident, it is not a good idea to wear the
	magic hat when it is not needed, despite the wonderful
	feeling.
<A NAME=4209>&#160;</A>
<P>
<BR> <HR><A NAME=tex2html3778 HREF="node158.html"><IMG ALIGN=BOTTOM ALT="next" SRC="next_motif.gif"></A> <A NAME=tex2html3776 HREF="node156.html"><IMG ALIGN=BOTTOM ALT="up" SRC="up_motif.gif"></A> <A NAME=tex2html3770 HREF="node156.html"><IMG ALIGN=BOTTOM ALT="previous" SRC="previous_motif.gif"></A> <A NAME=tex2html3780 HREF="node1.html"><IMG ALIGN=BOTTOM ALT="contents" SRC="contents_motif.gif"></A> <A NAME=tex2html3781 HREF="node250.html"><IMG ALIGN=BOTTOM ALT="index" SRC="index_motif.gif"></A> <BR>
<B> Next:</B> <A NAME=tex2html3779 HREF="node158.html">4.1.2 Abusing the system</A>
<B>Up:</B> <A NAME=tex2html3777 HREF="node156.html">4.1  About RootHats, </A>
<B> Previous:</B> <A NAME=tex2html3771 HREF="node156.html">4.1  About RootHats, </A>
<BR> <HR> <P>
<BR> <HR>
<P><ADDRESS>
<I>Matt Welsh <BR>
mdw@sunsite.unc.edu</I>
</ADDRESS>
</BODY>