Destroying "only" your home directory (was Re: Newbie question on permissions)

Daniel Carrera daniel.carrera at zmsl.com
Sat Apr 1 22:42:44 UTC 2006 

Matthew R. Dempsky wrote:
> This is something that has always bugged me: privelege separation 
> between root and users is primarily desirable for system administrators 
> of multi-user machines, not single-user machines.

I couldn't disagree more. Priviledge separation is crucial for decent 
security even for a single-user machine whenever that machine is 
connected to the internet. Lack of priviledge separation is the key 
reason why Windows 9x is is the most insecure system around. This is why 
Microsoft is trying to add priviledge separation to Windows (although 
their imprelemtation is poor) and this is why Machintosh moved to a Unix 
base in OS X.

> The system files on my laptop aren't of that much importance to me.  
> Sure, it's an inconvenience to replace them, but that's no more 
> difficult than installing in the first place.

No, you're missing the point. Most viruses don't just delete your system 
files. The ones that do are easy to detect and just a minor 
inconvenience. The nasty viruses are the ones that try to hide 
themselves and run on the background. They might read your keystrokes as 
you type your credit card number. They might turn your computer into a 
zombie. They might send themselves to everyone in your addressbook. 
These are the things that real viruses do, and these are things that 
priviledge separation protects you against. A virus cannot install 
itself, or read your keystrokes in Linux because those things require 
root access.

> The files in my $HOME directory are precisely the ones I'm most 
> concerned about losing due to malice.

How many viruses have you heard of that work by deleting your personal 
files?

You can protect your home files by making backups. Ubuntu has a simple 
backup program (I think on the archives) that makes backups. Those 
backups will require root access to delete.

Cheers,
Daniel.
-- 
      /\/`) http://opendocumentfellowship.org
     /\/_/
    /\/_/   A life? Sounds great!
    \/_/    Do you know where I could download one?
    /

More information about the ubuntu-users mailing list