next up previous contents index
Next: 4.1.3 Dealing with users Up: 4.1 About RootHats, Previous: 4.1.1 The root account

4.1.2 Abusing the system

  Along with the feeling of power comes the tendency to do harm. This is one of the grey areas of UNIX system administration, but everyone goes through it at some point in time. Most users of UNIX systems never have the ability to wield this power---on university and business UNIX systems, only the highly-paid and highly-qualified system administrators ever login as root. In fact, at many such institutions, the root password is a highly guarded secret: it is treated as the Holy Grail of the institution. A large amount of hubbub is made about logging in as root; it is portrayed as a wise and fearsome power, given only to an exclusive cabal.

This kind of attitude towards the root account is, quite simply, the kind of thing which breeds malice and contempt. Because root is so fluffed-up, when some users have their first opportunity to login as root (either on a Linux system or elsewhere), the tendency is to use root's privileges in a harmful manner. I have known so-called ``system administrators'' who read other user's mail, delete user's files without warning, and generally behave like children when given such a powerful ``toy''.

Because root has such privilege on the system, it takes a certain amount of maturity and self-control to use the account as it was intended---to run the system. There is an unspoken code of honor which exists between the system administrator and the users on the system. How would you feel if your system administrator was reading your e-mail or looking over your files? There is still no strong legal precedent for electronic privacy on time-sharing computer systems. On UNIX systems, the root user has the ability to forego all security and privacy mechanisms on the system. It is important that the system administrator develop a trusting relationship with the users on the system. I can't stress that enough.



next up previous contents index
Next: 4.1.3 Dealing with users Up: 4.1 About RootHats, Previous: 4.1.1 The root account



Matt Welsh
mdw@sunsite.unc.edu