Re: Best explanation why NOT to run as administrator/root

Subject: Re: Best explanation why NOT to run as administrator/root
From: Lauren <lauren -at- writeco -dot- net>
To: techwr-l -at- lists -dot- techwr-l -dot- com
Date: Tue, 30 Apr 2013 12:18:56 -0700

On 4/30/2013 9:18 AM, McLauchlan, Kevin wrote:

Who can recommend the best and most persuasively presented summary of why one should NOT log in as Administrator (or root) for every-day, ongoing computer use?

* Because it's too easy to make a mistake no matter how perfect a
person thinks they are.
* When there is a change to something in the system there is no way to
track what user did it since more than one person is Administrator
and sometimes people deny accountability when something breaks.
* Every once in awhile a person may pop a sprocket and try to damage
something, like a hacker.


We were given a VM in which to run our apps (like Flare, GIMP, Visio, various other tools, etc.). ...
I gave the other guy his credentials AND the Administrator PW, since we are each other's backup, and I expected some sense from him.

You made a serious mistake. Only the server owner should give out that password. Even if you do have permission to share that PW, you have made a rule that the other user should not log in as admin to do work. You need to immediately revoke admin privileges for that user. Let the server owner handle any issues with a back-up admin. Don't shoulder that responsibility yourself. What if that user does break something? You would be responsible.

He soon began logging in as Administrator, as a matter of course.

Then he is not smart enough to be trusted with that account.

I said "stop that".
He said "Why? I know better than to break things, and besides, I had a problem with my username account."

He is very careless. Look at the contradiction in that one sentence. "I know better than to break things" and "I had a problem with my username account" when coupled with logging is admin shows that not only does he not "know better" he is a risk.

I responded that if he had Administrator access, and still couldn't sort out his own user account, that, in itself, was an indication that he was not as knowledgeable as he imagined, and he should stop using "Administrator" as his daily workspace.

Right. Now revoke his admin privileges.

Even if he isn't deliberately tap-dancing on the Registry, or otherwise taking an axe to the system security, he's running Flare and other apps that could possibly include malware/spyware in some future update (if they haven't already). Part of our normal verification of webhelp that we produce is to run several browsers against it. I see that as another security hole, when run as Administrator.

How is that not the "Best explanation why NOT to run as administrator/root"?

... instead am thinking of logging in as Administrator myself, changing the password, and then sharing that only with our manager.

Right. Do it. You talked your way to the right solution and the right reasons for that solution.

This could cause some bad blood, so if there's a good "here, read this; I'm not making this up" site or page or blog that might be persuasive to an otherwise reasonably sane person... I'd rather try that first.

You made the original mistake of sharing the password, so you kind of need to accept the consequences.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
From our sponsor Doc-to-Help: Want to see a Doc-To-Help web-based Help sample with DISQUS for user commenting?

Learn more: http://bit.ly/13xpg5n

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-
To unsubscribe send a blank email to
techwr-l-leave -at- lists -dot- techwr-l -dot- com


Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit
http://www.techwhirl.com/email-discussion-groups/ for more resources and info.

Looking for articles on Technical Communications? Head over to our online magazine at http://techwhirl.com

Looking for the archived Techwr-l email discussions? Search our public email archives @ http://techwr-l.com/archives


References:
Best explanation why NOT to run as administrator/root: From: McLauchlan, Kevin

Previous by Author: Re: Don't These Recruiters Learn? Still Violating Federal Wage Laws
Next by Author: Re: Best explanation why NOT to run as administrator/root
Previous by Thread: Re: Best explanation why NOT to run as administrator/root
Next by Thread: Re: Best explanation why NOT to run as administrator/root


What this post helpful? Share it with friends and colleagues:


Sponsored Ads