http://www.freebsdwiki.net/index.php?action=history&feed=atom&title=Root_privilegeRoot privilege - Revision history2026-04-03T22:46:04ZRevision history for this page on the wikiMediaWiki 1.18.0http://www.freebsdwiki.net/index.php?title=Root_privilege&diff=6505&oldid=prevNinereasons: common misspelling2006-05-23T23:24:14Z<p>common misspelling</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:24, 23 May 2006</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>This is a <del class="diffchange diffchange-inline">seperate </del>entry because -- surprise -- you don't have to be [[root]] to run programs (or for [[daemons]] to run themselves) as root in order to have root privilege. Any daemon, user or group that has a [[uid]] or [[gid]] of 0 runs as [[root]] effectively. So anyone that hijacks an account that has a root uid is effectively root. Which is why it's a good idea to run as few programs as possible that do that.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>This is a <ins class="diffchange diffchange-inline">separate </ins>entry because -- surprise -- you don't have to be [[root]] to run programs (or for [[daemons]] to run themselves) as root in order to have root privilege. Any daemon, user or group that has a [[uid]] or [[gid]] of 0 runs as [[root]] effectively. So anyone that hijacks an account that has a root uid is effectively root. Which is why it's a good idea to run as few programs as possible that do that.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Denying the right to use [[su]], and therefore unlimited root privilege, from a regular user account is more secure for work that doesn't need root privileges in unpredictable ways; root can make scripts for that user to still be able to do predictabled root-privilege tasks as needed. Root is harder to hack that way if that user is compromised by a hacker or malware - assuming the simple user isn't permitted to edit the scripts, which is a common novice oversight.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Denying the right to use [[su]], and therefore unlimited root privilege, from a regular user account is more secure for work that doesn't need root privileges in unpredictable ways; root can make scripts for that user to still be able to do predictabled root-privilege tasks as needed. Root is harder to hack that way if that user is compromised by a hacker or malware - assuming the simple user isn't permitted to edit the scripts, which is a common novice oversight.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:4789:newid:6505 -->
</table>Ninereasonshttp://www.freebsdwiki.net/index.php?title=Root_privilege&diff=4789&oldid=prevSimon at 18:32, 17 January 20052005-01-17T18:32:15Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:32, 17 January 2005</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This is a seperate entry because -- surprise -- you don't have to be [[root]] to run programs (or for [[daemons]] to run themselves) as root in order to have root privilege. Any daemon, user or group that has a [[uid]] or [[gid]] of 0 runs as [[root]] effectively. So anyone that hijacks an account that has a root uid is effectively root. Which is why it's a good idea to run as few programs as possible that do that.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This is a seperate entry because -- surprise -- you don't have to be [[root]] to run programs (or for [[daemons]] to run themselves) as root in order to have root privilege. Any daemon, user or group that has a [[uid]] or [[gid]] of 0 runs as [[root]] effectively. So anyone that hijacks an account that has a root uid is effectively root. Which is why it's a good idea to run as few programs as possible that do that.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">Denying the right to use [[su]], and therefore unlimited root privilege, from a regular user account is more secure for work that doesn't need root privileges in unpredictable ways; root can make scripts for that user to still be able to do predictabled root-privilege tasks as needed. Root is harder to hack that way if that user is compromised by a hacker or malware - assuming the simple user isn't permitted to edit the scripts, which is a common novice oversight.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:1749:newid:4789 -->
</table>Simonhttp://www.freebsdwiki.net/index.php?title=Root_privilege&diff=1749&oldid=prevJimbo at 04:31, 24 December 20042004-12-24T04:31:11Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 04:31, 24 December 2004</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This is a seperate entry because -- surprise -- you don't have to be [[root]] to run programs (or for [[daemons]] to run themselves) as root in order to have root privilege. Any daemon, user or group that has a [[uid]] or [[gid]] of 0 runs as [[root]] effectively. So anyone that hijacks an account that has a root uid is effectively root. Which is why it's a good idea to run as few programs as possible that do that.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This is a seperate entry because -- surprise -- you don't have to be [[root]] to run programs (or for [[daemons]] to run themselves) as root in order to have root privilege. Any daemon, user or group that has a [[uid]] or [[gid]] of 0 runs as [[root]] effectively. So anyone that hijacks an account that has a root uid is effectively root. Which is why it's a good idea to run as few programs as possible that do that.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category:FreeBSD Terminology]]</ins></div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:806:newid:1749 -->
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Root_privilege&diff=806&oldid=prevDave: stub article -- needs work2004-12-22T23:48:13Z<p>stub article -- needs work</p>
<p><b>New page</b></p><div>This is a seperate entry because -- surprise -- you don't have to be [[root]] to run programs (or for [[daemons]] to run themselves) as root in order to have root privilege. Any daemon, user or group that has a [[uid]] or [[gid]] of 0 runs as [[root]] effectively. So anyone that hijacks an account that has a root uid is effectively root. Which is why it's a good idea to run as few programs as possible that do that.</div>Dave