Eliezer Croitoru
2014-Jan-01 23:53 UTC
[CentOS] I want to ask about some Kernel level operations.
I want to make sure that while compiling as root nothing will break down inside the machine. I want to compile software on a Xeon SERVER. The basic issue is that there is a recommendation to not compile it as a root user. I have compiled software as a root user more then once and I am not sure why would there is a need to run it as non-root user? I have taken a look at the /proc/ FS but I do not see anything that can harm anything yet. From my aspect it's just background of electricity noise. I will be happy to hear from experience of others about it. Thanks, Eliezer
Frank Cox
2014-Jan-02 00:11 UTC
[CentOS] I want to ask about some Kernel level operations.
On Thu, 02 Jan 2014 01:53:09 +0200 Eliezer Croitoru wrote:> I have compiled software as a root user more then once and I am not sure > why would there is a need to run it as non-root user?1. Bad Things? happen sometimes. If you are root, Worse Things? can happen than what might happen if you are not root. 2. It's just basic common sense to use the root access to the minimum extent possible. (See Step 1) 3. Since it's not necessary to compile software as root -- goto Step 1. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
John R Pierce
2014-Jan-02 00:14 UTC
[CentOS] I want to ask about some Kernel level operations.
On 1/1/2014 3:53 PM, Eliezer Croitoru wrote:> I have compiled software as a root user more then once and I am not sure > why would there is a need to run it as non-root user?Its the principle of least privilege. You don't need to be root to compile software, or to test software in a local directory, you only need root privileges to install it to a system directory. When you're developing, building, testing software, there's a very good chance of something going wrong, so if you are running as a non-root user, the potential damages are minimized. -- john r pierce 37N 122W somewhere on the middle of the left coast
Markus Falb
2014-Jan-04 16:37 UTC
[CentOS] I want to ask about some Kernel level operations.
On 02.Jan.2014, at 00:53, Eliezer Croitoru wrote:> I want to make sure that while compiling as root nothing will break down > inside the machine. > > I want to compile software on a Xeon SERVER. > The basic issue is that there is a recommendation to not compile it as a > root user.Actually I would go even further and not recommend to have a compiler installed on a server.> > I have compiled software as a root user more then once and I am not sure > why would there is a need to run it as non-root user? > > I have taken a look at the /proc/ FS but I do not see anything that can > harm anything yet. > > From my aspect it's just background of electricity noise.An example: imagine a Makefile with a clean target $BUILDDIR=something clean: rm -rf $BUILDDIR/* a bug in the configure script could lead to an empty $BUILDDIR in the Makefile. What do you think happens when you type # make clean -- Markus
Bowie Bailey
2014-Feb-04 17:15 UTC
[CentOS] I want to ask about some Kernel level operations.
On 1/1/2014 6:53 PM, Eliezer Croitoru wrote:> I want to make sure that while compiling as root nothing will break down > inside the machine. > > I want to compile software on a Xeon SERVER. > The basic issue is that there is a recommendation to not compile it as a > root user. > > I have compiled software as a root user more then once and I am not sure > why would there is a need to run it as non-root user? > > I have taken a look at the /proc/ FS but I do not see anything that can > harm anything yet. > > From my aspect it's just background of electricity noise. > > I will be happy to hear from experience of others about it.The basic issue is limiting your exposure in the case of a problem. As long as everything works and is programmed properly, you can do whatever you want as root. But as soon as there is a problem, there can be huge consequences. The root user has access to everything on the server. So a typo in a program/makefile/command has the possibility of bringing down the whole server. On the other hand, if you are logged in as a normal user, then the damage is limited to your directories. Best practices say that you should do everything possible as a normal user. Root should only be used when you must have access to something that the normal user doesn't. Some distributions (like Ubuntu) even enforce this by not allowing root logins and forcing the user to use sudo for commands that require root access. Bottom line is this: It's your server, so use root if you want. Just be aware of the dangers and don't try to blame anyone other than yourself when a typo or misbehaving build script takes down the system. -- Bowie