undefined | Better HN

0 pointscandiddevmike3y ago0 comments

For desktop use, sudo let's you elevate your permissions as necessary (polkit kinda replaces some sudo stuff, but similar concept). The reason you want this is when you run anything, it will _by default_ run as your unprivileged user, not root. That is a huge security benefit and pretty standard across desktop OS these days.

Now on a server, sudo for a single user probably doesn't make sense, just use root and keep it simple.

0 comments

portabelllaa3y ago

> That is a huge security benefit and pretty standard across desktop OS these days.

But is it really though? That's the parent was alluding to.

I have the same feelings - all my important data are readable/writeable as my user, if I somehow manages to run a malicious program as my normal user it's game over as far as I'm concerned, having root would cause no extra damage.

candiddevmikeOP3y ago

Root access can be more insidious, like adding a crypto miner in the background or some other kind of virus masquerading as a system process. Your data would still be there, just silently being exfiltrated, along with your keystrokes/passwords.

ehutch793y ago

Are you suggesting running everything as root?

As in when you setup a new vm or whatnot, that you shouldn't create a user account to run thing as?

Does this include things like nginx not dropping privileges to run as a user?

candiddevmikeOP3y ago

With just one user managing the server, for sysadmin tasks like SSH, use root, especially if you're going to sudo everything you do anyways. For services, they should still run as unprivileged users.

j / k navigate · click thread line to collapse

0 pointscandiddevmike3y ago0 comments

Now on a server, sudo for a single user probably doesn't make sense, just use root and keep it simple.

0 comments

portabelllaa3y ago

> That is a huge security benefit and pretty standard across desktop OS these days.

But is it really though? That's the parent was alluding to.

candiddevmikeOP3y ago

ehutch793y ago

Are you suggesting running everything as root?

As in when you setup a new vm or whatnot, that you shouldn't create a user account to run thing as?

Does this include things like nginx not dropping privileges to run as a user?

candiddevmikeOP3y ago

With just one user managing the server, for sysadmin tasks like SSH, use root, especially if you're going to sudo everything you do anyways. For services, they should still run as unprivileged users.

j / k navigate · click thread line to collapse