I’ve been running without root access to systems for nigh on two years now, and I must say that it is very annoying, even with sudo in order to start some web servers and such. The basic UNIX security model is really, truly, FUBAR. What I’m finding is that every now and again you run into a relatively painless operation which, because of design assumptions way back in the Dark Ages, is restricted to the superuser — and that working around wasting the time of the BOFH opens many more holes than would be present if the code-monkeys had been just a little more thoughtful.

And the question I have to ask is, “What are you protecting?”

Comments are closed.