Re: Zsh configuration files

[Peter Stephenson <pws@xxxxxxx>]

On Tue, 25 Nov 2008 12:10:43 -0500
"Allan Caffee" <allan.caffee@xxxxxxxxx> wrote:
> > 2. For running as root, I can just link my normal-user .zshrc and .zshenv
> > files, and it'll detect that they're linked, and use the .zsh_* files from
> > my normal-user directory
> 
> That sounds really dangerous.  You're offering a hook for someone to
> execute arbitrary code as root.  If someone breaks your user account
> they could for example add a file in your home directory that resets
> the root password or does some other really mean things.  If you want
> root to have the same setup as your regular user you should put it
> somewhere that only root can write.

It's probably worth pointing out that if you use sudo, as many people do
(it's the normal method of accessing root in a lot of places), then it will
usually execute your own start up files: the shell starts up essentially as
for the user, except with UID 0.  Furthermore, the password for accessing
root in this case is the same as the user's own.  So it seems a lot of
people aren't too worried about this aspect.  They probably tend not to be
sites accesible by the general public.

-- 
Peter Stephenson <pws@xxxxxxx>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070