On Tue, 15 Dec 2009 11:58:36 Rajko M. wrote:
On Monday 14 December 2009 06:56:02 Rodney Baker wrote:
Unfortunately, if you are logged in as root and don't think carefully about what you're doing, nothing can protect your system from you or any other rogue process launched during that time. Hands up anyone who's accidentally damaged/destroyed a system by typing 'rm -rf *' whilst logged in as root and being in the wrong directory (e.g. / :-()...you usually only do that once!
In a discussion about system protection people often repeat what root can do to system, while for personal computers is equally important what user can do.
On the majority of personal computers user is synonym for a single user, computer owner. The system protection in that context is equivalent of the user data protection, as that is the only part of the system that can't be recovered if it is lost and user has no backup, so discussion how to protect system from the naive user should talk more about data protection.
To remove all user data for good it is *not* necessary to be a root. What root adds to loss is about 30-40 minutes of pain to reinstall, and then some time to customize system.
That is true on a single- (or even multi-)user personal system. Unfortunately, I managed to do it to a live server supporting about 12 staff; I managed to kill the process when it was about half-way through removing /lib (it had already gotten through /etc, /bin, /home. Aaargh! I was logged in via ssh, but at least I was still logged in. Then I made the *really* stupid mistake of logging out, at which point all was lost as not even root could log in since /etc was gone! Had I realised that there were statically linked versions of restore and tar in /sbin I could have recovered the system from a backup before logging out. As it was, the system was down for several hours while the external support contractors located a boot disk with the correct versions of dump and restore on them to restore the backups. Needless to say, I wasn't the sysadmin there for much longer (and rightly so)! Oh well - you live and learn, sometimes the hard way ;-). -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au =================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org