[ale] Stupid Question Time

David Tomaschik david at systemoverlord.com
Sat Feb 4 18:11:55 EST 2012


On Sat, Feb 4, 2012 at 5:54 PM, Michael Nolan <michaeldnolan at gmail.com> wrote:
> This is more of a follow up concept question...
>
> Why, if I used mount manager while in my user account, to mount the
> drive with the two partitions (and probably had to enter my user
> password), did it create mount points owned by root?
>
> It just makes no (real world) sense to me why, for the sake of
> security and wisdom of using user accounts, (and not logging in as
> root)... a command like sudo is even allowed to exist and be available
> to the user account.
>
> I'm really not looking for an answer here... it's just an observation
> from someone who is trying to apply logic to something they don't
> understand, but want and need to.

I think it's a very valid question, and deserves an answer.  Your user
account can't mount devices, create filesystems (write to raw
devices), etc.  There are a number of mechanisms by which elevated
privileges are managed, and sudo is a mechanism for elevating those
privileges.  In many ways, its similar to UAC on Windows (though long
predates UAC) in that it gives you an ability to control with which
privileges commands are run.

Sudo also allows system administrators to control what commands a user
can run and as what alternate users.

The other oft-used mechanism for elevating privileges is actually
using an IPC mechanism like D-Bus that allows unprivileged processes
to "ask" privileged processes to perform tasks on their behalf.

Hope that clarifies things!

David



-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com


More information about the Ale mailing list