2006-03-26

Root shell or no root shell?

I'm developing a program which has to run with root privileges (e.g. to be able to execute mlock()). It's boring to su to root shell all the time, so I opened a terminal with root constantly logged on. Sometimes I type faster then I think, so to protect myself from typing the wrong thing into the wrong window, I executed unset PATH in the root shell. Now the root can't "accidentaly" execute anything. :)

Tags:

4 comments:

Anonymous said...

Consider using sudo. Although old-time sysadmins tend to scorn it, preferring to keep a root shell around, sudo is in fact a great tool and exactly fits the needs of a programmer with the occasional need for root access.

It's much harder to accidentally type something stupid as root when you need to prefix the command with "sudo" for it to be executed as root. Another benefit is that root's commands executed using sudo are registered in your own history file, which means they're easy to retype.

zvrba said...

I'm using sudo for e.g. mounting/unmounting of temporary file systems.

If I configure sudo not to ask for the password at all (for any program), then it soon becomes an easy habit of prefixing everything with sudo and again typing something stupid.

On the other hand, if it asks me for password all the time, then it soon becomes inconvenient.

root shell with unset PATH is the best solution I managed to come up with (as I only need to execute files from my development directory; ./ is not hard to type).

Anonymous said...

I agree that prefixing things with sudo comes almost too naturally after a while, but it's still a decent line of defense. The prefix must be explicitly typed, and you don't type it in front of everything, so some thought has to be involved before using it.

As for using ./ to execute development binaries, that's the case anyway as long as you don't have "." in your PATH, which no self-respecting programmer/sysadmin should have anyway. Protecting yourself from doing "something silly" by requiring typing /usr/bin/make install instead of make install, and so on, sounds like over-protection. Sort of like those people (and annoyingly hand-holding Linux distributions) that alias rm to rm -i, cp to cp -i, and so on, and end up getting hurt in a new environment without that particular training wheel. sudo, on the other hand, doesn't suffer from that problem: it always requires you to type an explicit prefix to become root.

I agree that sudo is not perfect, but it seems the best of a bad bunch: an reasonable compromise between ergonomy and security.

zweistein said...

Although I'm using sudo for anything requiring root privileges, I have to say this is an interesting idea and a cool way to avoid errors while being root :). Nice one.