Re: [PATCH] Single user linux

Stephen Satchell (satch@fluent-access.com)
Thu, 26 Apr 2001 10:16:40 -0700


At 09:03 PM 4/26/01 +0700, you wrote:
>right now it's the kernel who thinks that root
>is special, and applications work around that because there's a
>division of super-user and plain user. is that a must?

Short answer: Yes.

Long answer: The division is artificial, but is absolutely necessary for
administration of a Unix-type system. For example, when the process
currently running is not running as a "superuser" process, the process
cannot run resources down to absolute zero -- think disk allocation. This
means that the administrator (who may be the same person as the "user") has
a chance of being able to recover from a runaway process gracefully by
being able to go in and kill that process before the whole system lays down
and dies.

Ever watch what happens when Windows runs out of "swap space" because the
swap file can't get any space? Ever try to recover from it? Make damn
sure you have the non-upgrade CD around when you try this. Even more
important, make sure you have multiple back-ups when you try this.

The whole point of "user" and "superuser" is that when the user does
something stupid or careless or even malicious, the superuser can bail the
system out. You don't usually work in superuser mode, and programs that
don't need superuser access don't get it.

Humans make mistakes a number of orders of magnitude more often than
computers do. The barrier helps minimize the damage.

Satch

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/