Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!dkuug!iesd!iesd.auc.dk!fischer From: fischer@iesd.auc.dk (Lars P. Fischer) Newsgroups: comp.sys.next Subject: Re: Don't backup from root ! Message-ID: Date: 4 Jan 91 14:08:43 GMT References: <7u98u2w163w@questor.wimsey.bc.ca> Sender: news@iesd.auc.dk (UseNet News) Organization: Mathematics and Computer Science, University of Aalborg Lines: 61 In-reply-to: bb@reef.cis.ufl.edu's message of 4 Jan 91 06:15:16 GMT >>>>> On 4 Jan 91 06:15:16 GMT, bb@reef.cis.ufl.edu (Brian Bartholomew) said: Brian> In article <7u98u2w163w@questor.wimsey.bc.ca> Brian> lclarke@questor.wimsey.bc.ca (Lawrence Clarke) writes: Lawrence> ...and mistakenly entered [...] which tried too backup the scsi drive Lawrence> to the scsi drive, which deleted the filesystem. Brian> As you found out, when you are root, the computer does what you tell Brian> it to, usually with no questions asked. ... Brian> [recommends using shell script] The rules for being rot are simple: 1) don't be root 2) If you must be root, reconsider if it's really necessary 3) if you are root, read each command line a extra time before hitting return. Lawrence> If you create another user with OPERATOR privledge, then this command Lawrence> will not allow you too over write the filesystem. Brian> This is a nonesuch. You are probably thinking of VMS. Under UNIX, Brian> there is exactly one level of "privledge", which is called root. Brian> Either you have it, and are allowed to do anything, or you don't, and Brian> all the access control mechanisms apply. This is true for *userid's*, ie userid 0 (root) is the only one considered special by the kernel and the only one granted special permissions. There is, however, the *group* system. Each file is owned by a user and a group. A file has three sets of permissions: user, group, and world. You may write to a file if 1) you own the file and there is write permission for the owner 2) you are a member of the group of the file and there is write permission for the group, etc. (the rule is more complicated than that, but never mind...) Now, each user may be in several groups at ones. On machines with several users, groups would be used to allow (groups of) users to share files. It's a good idea to create a group for system maintenance. Members of this group would be allowed to, write to the raw floppy device, *read* from the raw SCSI disk (but *not* write), run the dump command, etc. Create such a group, grant it the permissions needed (using chmod and chgrp) and put you own username in the group. You are now allowed to dump the SCSI disk to the floppy but are *not* allowed to destroy the SCSI disk. Such a group is often called operator and would typically exists when the machine arrive from the vendor. I guess this is what Lawrence meant by "operator privilege". Brian> Take advantage of the built-in firewalls by only performing operations Brian> as root when there is no other reasonable way to do them. See rule 1) above (:-). If you set your system up in a reasonable way, you can make backup's without being root (rule 2). /Lars -- Lars Fischer, fischer@iesd.auc.dk | Q: How does a project get to be one CS Dept., Univ. of Aalborg, DENMARK. | year late? A: One day at a time.