Re: info about redhat & Question about exporting CVSROOT

[Geoff Beier]

Hi Thom,

> Just curious Geoff, why is it a bad idea to build as the superuser?  Is it
> something specific to the CVS build, or just generally a good policy?
It's nothing specific to the CVS build; it's just not a good idea to 
build *anything* as the superuser. (A good general rule is to perform 
any given task with the lowest privilege level that will allow you to 
complete it successfully.) I see three concerns with building as the 
superuser:

1. Security. For example, if a user on your system knows that you run 
autoconf scripts as root, there are vectors for privilege escalation. 
More generally, you've made several tools that normally are not treated 
as such security-critical.

2. Availability. If you want to see something that normally fails with a 
warning message bring down your whole system, try it as root ;-) Typos 
that are normally merely irritating can cause days of work.

3. Successful compilation. Many configure scripts will fail (for 
assorted reasons) when executed by the superuser. I spent a couple of 
hours helping a friend chase down a configuration problem only to find 
out he was root. It worked fine when run from his account. I don't think 
CVS is one of these, though.

Regards,

Geoff