Todd Zullinger wrote:
Les Mikesell wrote:
And meanwhile you are so much better off just deleting your own files... I'm sure you'll be thrilled that the OS is still intact and running after that happens. While I agree that this is a 'best practices' thing and probably worthwhile in a multiuser scenario, I'm not sure its worth the extra effort when the user you normally run as has write access to everything that can't easily be reinstalled anyway.
One important benefit of running with limited privileges even on a single user system is that it thwarts attacks that aim to usurp system binaries and settings to further spread and damage other systems or to secretly steal your data without your knowledge.
While it would suck to lose your files to an attack, it would suck even more to have the attack surreptitiously install a key-logger that stole all of your passwords while you surfed, or used your system to attack others.
Running with the least privilege required to do your work makes plenty of sense even in a single user scenario. Just because it doesn't prevent the one attack you outlined doesn't make it useless.
I also think that many folks overestimate how much extra effort is required to run as a non-root user. So you are asked for an admin password every so often if you're configuring your system. Big deal. If you spend all day every day configuring your system, then you should be savvy enough to use sudo from the command line or slick enough to run as root all the time and work out the kinks in those uncharted waters.
Not to mention that the real reason why most people run MS Windows as a Computer Admin is that when MS Windows /does/ ask a Limited User for an Admin password, it always botches the temporary grant of privileges. The Gnome desktop handles a temporary grant of privileges almost seamlessly, whether you're running Gnome Terminal or simply launching an administrative app from a menu. I imagine that KDE handles such requests similarly.
Add to it that many MS Windows games are dreadfully ill-behaved.
This is the legacy of MS-DOS thinking that it doesn't just own the world; it /is/ the world. It is simply not suitable for multi-user, networked use.
UNIX/Linux has multi-user system security built into every line of its specification.
Better than that, I've been running /and enforcing/ SELinux' targeted policy ever since installing FC6. I have no lasting issues.
Temlakos