Subj : Re: linux permissions issue
To   : Digital Man
From : tenser
Date : Tue Sep 02 2025 01:01:16

On 31 Aug 2025 at 01:34p, Digital Man pondered and said...
 
 DM>   Re: Re: linux permissions issue
 DM>   By: tenser to Digital Man on Sat Aug 30 2025 01:33 am
 DM> 
 DM>  > That said, I know people who have written books on Unix security that
 DM>  > just login as root because, well, it's their damned computer.
 DM> 
 DM> I've also noticed that the more expertise one has with security, the more
 DM> paranoid (read: secure) "their damned computer" environment is. Unless
 DM> you've airgapped the computer, "just login as root" is a really bad
 DM> idea, for anyone. -- 

It depends on the threat model, doesn't it?  If you sandbox
applications you've got a different set of considerations.

MIT used to write the root password for the Athena clusters on
the wall, because they got sick of precocious undergrads breaking
root all the time.  It removed the incentive, and abuse went way
down, and root on a workstation wasn't that interesting: all of
the important data lived on servers on a network somewhere and
local root didn't give you access to that, since the network used
a different authentication scheme understood by the network file
system (AFS with Kerberos).

Honestly, the whole idea of "root" is just really bad.  An omnipotent
"superuser" account that could bypass essentially all permissions?
It worked ok on a centrally managed timesharing used by a small,
tight-knit group of researchers, but it didn't grow up once Unix
escaped the PDP-11/45, and makes no sense in a networked environment.

Plan 9 did away with it entirely.  There, a "host owner" is just a normal
user who has access to the hardware resources of a given host, but
that's it: host owners can't bypass file permissions.  If I log into a
terminal, for example, then I "own" that machine.  Per-process file
namespaces are sort of like capabilities (I had a long discussion with
Ben Laurie about this at one point, and we agreed they were more or
less isomorphic to e.g. Capsicum-style capabilities), so you can
easily fence off what a program like a web browser sees and has access
to.  It was a nice system; shame it never really caught on.  Some of the
good ideas made it into Linux, but are poor imitations of the original.

--- Mystic BBS v1.12 A48 (Linux/64)
 * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

.