undefined | Better HN

0 pointscharcircuit10mo ago0 comments

>"Being root" is just another name for the last option.

No, it's not. Take for example ping. If we want users to be able to always be able to use ping does that mean they need to be root? No, it doesn't. A privileged part of the OS can handle doing the raw socket and the unpriviledged user can talk to that part of the OS.

The key point is that some operations that require privileges are okay to expose to a user, but giving the user privileges for everything is dangerous.

0 comments

theamk10mo ago

Examples please? Modern desktop OSes are pretty good at exposing safe operations to users so that no "sudo" is required.

j / k navigate · click thread line to collapse

0 pointscharcircuit10mo ago0 comments

>"Being root" is just another name for the last option.

The key point is that some operations that require privileges are okay to expose to a user, but giving the user privileges for everything is dangerous.

0 comments

theamk10mo ago

Examples please? Modern desktop OSes are pretty good at exposing safe operations to users so that no "sudo" is required.

j / k navigate · click thread line to collapse