0

To you, my loyal readers, I must offer up a sincere apology for my recent post, Five *nix Myths Busted, and am posting this full retraction for that post. To fully drive home my retraction and refute any myths about my competence with Linux or Unix, I am going to go through each point that I made in that errant post and recant it.

5. Logging in as Root - You should never login as root to a *nix system. Never. In fact, you should never login as yourself and then su to root. By becoming root, you're putting yourself and your system at undue risk and you don't want to make any mistakes as root, since a mistake as root might prove unfixable. Use sudo exclusively. Always use sudo to issue any commands as the root user. The commands take the form of the following:

$ sudo cp -p httpd.conf httpd.conf.$DATE

You'll be prompted for your user account password for this initial use of sudo but not on subsequent uses unless you don't use sudo for five minutes. And, no, you may not login as root at the console or in single user mode either. Figure out some other way to fix your broken system by using sudo.

4. su is SuperUser - su means Super User. I thought everyone knew that. My CentOS 5.x system (RHEL 5.x) falsely reports that su is substitute user--but what the heck does Red Hat know about *nix? There are two types of users on a *nix system: common users and the super user. The super user is 'super' because it has the ability to do anything on the system including removing any file or directory. The super user, sometimes known as the root user, gets its power from its user and group ID, which is 0. On some systems, the super user has a group ID of 1 (other) but will always have the user ID of 0. If you give any user a user ID of 0, it becomes super user too, so don't do that.

3. *nix Systems Can't Get Viruses - *nix systems can't get viruses and it's just plain silly to think so. The most you could do with a *nix virus is wipe out the user's home directory and /tmp. *nix system are impervious to viruses and that's why you should always use *nix systems for servers, appliances, desktops and really anything for which you use a computer. Products like ClamAv and Panda Antivirus are worthless because of this invulnerability.

2. *nix Systems are More Secure - I love the confident security of *nix systems. They are collectively the most secure systems on the planet. Unlike the MacOS and Windows, that leak like security sieves, *nix systems arrive out of the box in a secure mode. A default install of any *nix system stands as the very picture of a bullet-proof system. The only reason why any *nix system ever gets hacked is because their system administrators are stupid. They're the kind of people who login as root (See #5 above). When you need a system with 100% sterling security, choose *nix, you won't be sorry.

1. You Never Have to Reboot - That pretty much says it all: You never have to reboot. Why would you? Any problems that arise, you can remedy them with a kill or a HUP for a quick resolution. I like to hear of systems that have uptimes in excess of 5 years. It's awesome to know that *nix systems are so stable and so reboot shy that we can have those kinds of uptimes. I once had a Sun system with an uptime of about five years and it was a very cool bragging point for me. I had the longest uptime on the entire network of 800+ systems. I laughed at the people who rebooted when they patched their systems or used rebooting as a diagnostic tool. They, themselves, were 'tools' by doing so.
I'm not even sure why there is a reboot command or an init 6 capability on a *nix system. It's totally useless. Don't ever reboot your *nix systems.
I'd like to know who has the longest *nix system uptime. Anyone have one over 3,000 days?

Thanks to all of you who kept your lunch down when you read that original post. Again, I apologize for it.

9
Contributors
9
Replies
11
Views
7 Years
Discussion Span
Last Post by jonkx
1

Dear Ken,
Do you feel better now that you've thrown the toys out of the pram?
This entry is pathetic. If you can't accept criticism, you should quit blogging.
I'll certainly stop reading you. What do I hear? Good riddance? Pathetic...

0

I saw that some responded quite harshly, but this looks counter-productive. Some of your points would justify a follow up clarification of facts or opinions.

I would agree about number 5, 4 (strange this would be an issue since su could be followed by whatever user you want to substitute, even though it defaults to root), 3 (even if it at the moment usually need to involve some manual compromising of a system, the injected code would qualify as a virus if it behaves like one) and partially about 2 and 1.

About number 2 I would add that it's possible to make a Windows system as secure as Linux, but because of its design and, as someone commented, unruly third party applications you likely need to limit usability. It will probably be surrounded by external protection as well, which gives it a twist since such an infrastructure very well could include Linux or BSD in some kind of implementation. If you compare them as protected inside a well designed infrastructure, I would agree with you, but that doesn't equal the base design stand alone, and hence I can't see real proof to agree on such generalisation. I for sure would not put a Windows server in front to protect the rest.

The reboot myth is more of a bragging factor. If you're comparing desktop systems there's no need to test these limitations, but if you do many would agree that Linux isn't affected by uptime the same way as Windows. If we agree that uptime by itself isn't the sole purpose of a system, then we must understand that there's a reason for why technical solutions for hot-swapping of the kernel has been developed. You don't actually think that it's just some unnecessary bragging geeks making it possible to brag some more, do you? I doubt you do and hence we shouldn't dismiss Linux upper hand here as part of the "never rebooting myth", but recognize that Linux because of this is a better choice for some implementations. I'm not the expert, but your statements about it came through as erroneous to me.

Edited by KimTjik: n/a

1

I sometimes run very long jobs and the system going down even monthly is BAD! Of course I am not talking about workstations or desktops.
And I can write a monitoring script to restart the job from a point where this is possible, but running on a stable Linux machine that goes down once or twice a year saves me couple of hours of writing and testing; then few hours of testing when downtime occurs.
We currently four Linux systems, each 16 quad cores. 3 of them have not been down for 6 months. The other one was replaced because of bad MB (at least that is what the vendor says) and has been stable since (2-3 months).
These are running huge jobs and are handling Oracle, mysql and posgresql. I am not bragging since I am user, not sysadmin. Just saying there are systems, where stability does matter.

0

5) Have you ever ever thought that maybe "don't login as root" is a quick way to say "If you routinely and usually login as root and perform non administrative tasks, your system is slightly more at risk than if you don't, so if you leave the root access open, you or your users will end up logging in as root, because sometimes you do have to be the *Super* *User*, and people really don't want to remember more than one password, so you or your users will probably end up reading email or surfing the web as root and thus any process you launch will have total access to your system just like on most insecure Windows machines"?

You take this (mostly right) sentence, "u shouldn't login as root" and transpose it to "Don't ever EVER ever login as root". Then you tag it as a myth, and show your hate fort it and make fun of people saying it.
And when most readers comment that you are just plain wrong, you come out with this other ironic post and use *YOUR* transposed sentence "Don't ever EVER ever login as root" to make fun of them. This is not what they

I think you are the one that is missing something. Apparently logic

0

And about the super user, in

http://pthree.org/2009/12/31/the-meaning-of-su/

there is the source of the original su command.
If you read the code you find:

ok:
setuid(0);

There is no other user switching option. Not yet. There is even no mention of root.

You just become "the user with uid 0". Not necessarily named root.

How can you *define* the user with uid 0 whatever it is named on that system?
The "super user". Usually the super user is called "root", but we don't care in this code.
[ http://en.wikipedia.org/wiki/Superuser ]
"Regardless of the name, the superuser always has zero user ID."

Is it so difficult to understand that someone may have decided to add the user switching capability later on, and thus renamed su from "Super User" to "Switch User". Like PHP was renamed from "Personal Home Page" to the recursive "PHP Hypertext Processor" later on?

So probably the right definition is:

<<SU originally meant "Super User" but was later changed to "Switch User" when more options were added>>

The keyword here is "probably". The intelligent dubitative approach of Aaron Toponce (whoever he is) in that page is the right way of addressing the question. While your "I know the Truth while the others follow myths" approach is simply disgusting.

0

I see I was confirmed in the opinion that you are an idiot.

Enjoy throwing your toys out of the pram it can be theraputic. Doing it in public is generally considered childish.

0

Jane, you are an ignorant slut. That was all I could think of after reading the first post, and then the rebuttal. Have you lived in the the real "Unix" world? No, not the Linux world, or the window-hugging recent newbie convert to some windows-like distro that has a gui (like Mac)? I am talking about boxes that have never been past runlevel 3 (on linux) and don't even have any X code on them. Me, I prefer OpenBSD or FreeBSD servers, or even stripped down Debian servers. No services except when you specifically install them. No ports open unless you specifically open them. And yes, no remote access to root via SSH.
Yes, you can get hosed on these boxes if you install a stupid app or stupidly install a stupid app. Hopefully you get an email every day informing you of the latest vulnerabilities on the box (like any good BSD does). And then you patch. Unless you have a kernel patch, you don't reboot. Maybe, once a year, or every couple of years on a BSD box, or every decade on an OpenBSD box.
Look, I appreciate your trying to make Unix "mainstream". Good luck with Solaris. It is a PITA to install headless. It wants its GUI. I don't want no stinkin' gui. That's what makes windows "servers" such a piece o' crap - that and the browser and media player that they toss in for "added value". WTF was M$ thinking, putting that kind of crap on a server.
Nice rant, eh? I usually don't do this, but I have been dealing with the marketing department all month, and am ready to go postal. So this crap / drivel just drove me right to the edge.
Good luck.

Edited by orlov: n/a

0

A similar post by me on pthree.org
I worked with the Unix OS from the early 1980′s (at first we ran early versions on a DEC PDP-11) until 1992. Starting in 1992, I did contract work on proprietary versions based on SVR4.

It was just easier to say the initials “S U” or “super-user” than to say “switch user” or “substitute user”. To insist on correctness, whether authoritarian, historical or otherwise seems petty. To me, "super-user" really means "root" and "su" is a command that might enable me to become root - IF - root has a password and I know that password.

Depending on the options used, su can be used to switch user, substitute user or become “super user”. Success depends on knowledge of the appropriate password. “sudo” on the other hand may allow one to become any other user (depending on the configuration of sudo and being a “sodoer”) knowing only the login password.

On the systems I have used, a sudoer can become root (“super user”) using this shell command at a terminal:

sudo su – root

and responding to the prompt with the login password used to sign in the current user.

I think it is important to point out that you cannot become “super user” or root from a shell with the su command alone unless there is a root password and that password is entered at the prompt.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.