Why do companies not give root access to employees on their desktop machines?
Clash Royale CLAN TAG#URR8PPP
up vote
14
down vote
favorite
Why do companies typically not give their employees root access to their desktop machines that are only used by a single employee?
If what I can do on my machine poses a threat to the rest of the network, isn't a security flaw in itself? Why would the rights I have on my own machine affect what I can do to others on the network?
Isn't the point of Unix user management to protect files of user A on machine X from access by user B on machine X?
If it's about protecting the user from himself (say, from installing something with root access that will wipe out the hard drive): Since I am working without root access, all my files are owned by myself; hence, if I am fooled and run an evil script without root access and it wipes all only the files owned by myself, it is just as bad as if I had given it root access and it wiped the entire hard drive.
corporate-policy root
New contributor
 |Â
show 3 more comments
up vote
14
down vote
favorite
Why do companies typically not give their employees root access to their desktop machines that are only used by a single employee?
If what I can do on my machine poses a threat to the rest of the network, isn't a security flaw in itself? Why would the rights I have on my own machine affect what I can do to others on the network?
Isn't the point of Unix user management to protect files of user A on machine X from access by user B on machine X?
If it's about protecting the user from himself (say, from installing something with root access that will wipe out the hard drive): Since I am working without root access, all my files are owned by myself; hence, if I am fooled and run an evil script without root access and it wipes all only the files owned by myself, it is just as bad as if I had given it root access and it wiped the entire hard drive.
corporate-policy root
New contributor
3
What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
â schroederâ¦
19 hours ago
13
What make you say that is typical? I have had root access on my local machine in every job I have had.
â kasperd
13 hours ago
3
This question would be a lot easier to answer if you had a use case for why you think you should have it.
â Joshua
13 hours ago
3
Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
â Jon of All Trades
10 hours ago
2
I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
â Bergi
10 hours ago
 |Â
show 3 more comments
up vote
14
down vote
favorite
up vote
14
down vote
favorite
Why do companies typically not give their employees root access to their desktop machines that are only used by a single employee?
If what I can do on my machine poses a threat to the rest of the network, isn't a security flaw in itself? Why would the rights I have on my own machine affect what I can do to others on the network?
Isn't the point of Unix user management to protect files of user A on machine X from access by user B on machine X?
If it's about protecting the user from himself (say, from installing something with root access that will wipe out the hard drive): Since I am working without root access, all my files are owned by myself; hence, if I am fooled and run an evil script without root access and it wipes all only the files owned by myself, it is just as bad as if I had given it root access and it wiped the entire hard drive.
corporate-policy root
New contributor
Why do companies typically not give their employees root access to their desktop machines that are only used by a single employee?
If what I can do on my machine poses a threat to the rest of the network, isn't a security flaw in itself? Why would the rights I have on my own machine affect what I can do to others on the network?
Isn't the point of Unix user management to protect files of user A on machine X from access by user B on machine X?
If it's about protecting the user from himself (say, from installing something with root access that will wipe out the hard drive): Since I am working without root access, all my files are owned by myself; hence, if I am fooled and run an evil script without root access and it wipes all only the files owned by myself, it is just as bad as if I had given it root access and it wiped the entire hard drive.
corporate-policy root
corporate-policy root
New contributor
New contributor
edited 9 mins ago
Andy Lester
30026
30026
New contributor
asked 19 hours ago
Bananach
17713
17713
New contributor
New contributor
3
What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
â schroederâ¦
19 hours ago
13
What make you say that is typical? I have had root access on my local machine in every job I have had.
â kasperd
13 hours ago
3
This question would be a lot easier to answer if you had a use case for why you think you should have it.
â Joshua
13 hours ago
3
Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
â Jon of All Trades
10 hours ago
2
I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
â Bergi
10 hours ago
 |Â
show 3 more comments
3
What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
â schroederâ¦
19 hours ago
13
What make you say that is typical? I have had root access on my local machine in every job I have had.
â kasperd
13 hours ago
3
This question would be a lot easier to answer if you had a use case for why you think you should have it.
â Joshua
13 hours ago
3
Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
â Jon of All Trades
10 hours ago
2
I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
â Bergi
10 hours ago
3
3
What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
â schroederâ¦
19 hours ago
What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
â schroederâ¦
19 hours ago
13
13
What make you say that is typical? I have had root access on my local machine in every job I have had.
â kasperd
13 hours ago
What make you say that is typical? I have had root access on my local machine in every job I have had.
â kasperd
13 hours ago
3
3
This question would be a lot easier to answer if you had a use case for why you think you should have it.
â Joshua
13 hours ago
This question would be a lot easier to answer if you had a use case for why you think you should have it.
â Joshua
13 hours ago
3
3
Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
â Jon of All Trades
10 hours ago
Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
â Jon of All Trades
10 hours ago
2
2
I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
â Bergi
10 hours ago
I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
â Bergi
10 hours ago
 |Â
show 3 more comments
3 Answers
3
active
oldest
votes
up vote
28
down vote
Security administrators are responsible for your machine and what happens on your machine. This responsibility violates the basic security model for a single-user Unix machine because the admin (an absent party) is root on your machine, you are not. Unix isn't really set up for this model.
Admins need to be able to install security controls on your machine in order to protect the company, not just the data and the network and the other nodes. If the local user had root access then admins are no longer in control over those controls. That's the basic premise.
Yes, there are tons of reasons why root is needed to do bad things or to turn the machine into a malicious node and all those are good reasons not to provide root access. And yes, there are lots of ways around those limitations and lots of ways that the local user could do bad things. But ultimately, the local user and the Risk Owner cannot be competing for control or responsibility over the machine.
2
The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
â JoL
4 hours ago
add a comment |Â
up vote
14
down vote
A few reasons off the top of my head:
ARP poisoning or network flooding attacks on the network would generally require root access to a machine on the network.
Being able to install unauthorised programs might open the company up to legal liability if those programs are themselves illegal (e.g. because they're pirated or not licensed for for-profit use or whatever).
If the company has any sort of remote monitoring of employees (or wants the ability to have such monitoring even if it's not in place yet), giving users root access would allow them to bypass that.
Not having root access means you can't
rm -rf /bin
, or any number of other destructive things, and nor can anyone who gains access to your login details, so there's no chance your company will need to help you recover from that situation.If your company might redeploy your machine if you leave, they might feel more comfortable doing so without doing a complete wipe-and-reinstall if you've never had root access to it.
Giving people root access is easy, if it becomes necessary; taking root access away comprehensively is difficult if it becomes necessary.
The general principle of least privilege is that you shouldn't give anyone/anything access they don't actively need.
Simply not having moved on from the days of shared servers because it's a process that's worked and nothing has broken the inertia (the hypothetical monkeys and ladders problem).
3
The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
â Ben Millwood
10 hours ago
It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
â thomasrutter
4 hours ago
add a comment |Â
up vote
2
down vote
This answer is not meant to contradict the existing answers, but rather supplement them because it's too long for a comment.
Part of the reason is (as others have alluded to) that users can't be trusted to do foolish/malicious things. But another part is whose responsibility is it to fix things when that happens?
I'm a full-stack developer and part time devops with root access not only to my own development machines but a number of our production servers and at least some level of access to the hypervisor they're deployed on. But if I mess up, I am the party (or at least a party) with the skills, expertise, and responsibility to fix it. Not so of the typical end user: if Bobby the user borks his/her Windows install that happened to have mission-critical data and/or be used for mission critical work then Bobby isn't the one who has to come in on his/her day off or work unpaid overtime to fix it. Not to mention answer to the brass how Bobby managed to almost single-handedly sink the ship.
So part of the reason IT departments limit end user privileges is that it reduces their own risk exposure.
How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
â Bananach
8 hours ago
@Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
â Jared Smith
7 hours ago
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
28
down vote
Security administrators are responsible for your machine and what happens on your machine. This responsibility violates the basic security model for a single-user Unix machine because the admin (an absent party) is root on your machine, you are not. Unix isn't really set up for this model.
Admins need to be able to install security controls on your machine in order to protect the company, not just the data and the network and the other nodes. If the local user had root access then admins are no longer in control over those controls. That's the basic premise.
Yes, there are tons of reasons why root is needed to do bad things or to turn the machine into a malicious node and all those are good reasons not to provide root access. And yes, there are lots of ways around those limitations and lots of ways that the local user could do bad things. But ultimately, the local user and the Risk Owner cannot be competing for control or responsibility over the machine.
2
The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
â JoL
4 hours ago
add a comment |Â
up vote
28
down vote
Security administrators are responsible for your machine and what happens on your machine. This responsibility violates the basic security model for a single-user Unix machine because the admin (an absent party) is root on your machine, you are not. Unix isn't really set up for this model.
Admins need to be able to install security controls on your machine in order to protect the company, not just the data and the network and the other nodes. If the local user had root access then admins are no longer in control over those controls. That's the basic premise.
Yes, there are tons of reasons why root is needed to do bad things or to turn the machine into a malicious node and all those are good reasons not to provide root access. And yes, there are lots of ways around those limitations and lots of ways that the local user could do bad things. But ultimately, the local user and the Risk Owner cannot be competing for control or responsibility over the machine.
2
The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
â JoL
4 hours ago
add a comment |Â
up vote
28
down vote
up vote
28
down vote
Security administrators are responsible for your machine and what happens on your machine. This responsibility violates the basic security model for a single-user Unix machine because the admin (an absent party) is root on your machine, you are not. Unix isn't really set up for this model.
Admins need to be able to install security controls on your machine in order to protect the company, not just the data and the network and the other nodes. If the local user had root access then admins are no longer in control over those controls. That's the basic premise.
Yes, there are tons of reasons why root is needed to do bad things or to turn the machine into a malicious node and all those are good reasons not to provide root access. And yes, there are lots of ways around those limitations and lots of ways that the local user could do bad things. But ultimately, the local user and the Risk Owner cannot be competing for control or responsibility over the machine.
Security administrators are responsible for your machine and what happens on your machine. This responsibility violates the basic security model for a single-user Unix machine because the admin (an absent party) is root on your machine, you are not. Unix isn't really set up for this model.
Admins need to be able to install security controls on your machine in order to protect the company, not just the data and the network and the other nodes. If the local user had root access then admins are no longer in control over those controls. That's the basic premise.
Yes, there are tons of reasons why root is needed to do bad things or to turn the machine into a malicious node and all those are good reasons not to provide root access. And yes, there are lots of ways around those limitations and lots of ways that the local user could do bad things. But ultimately, the local user and the Risk Owner cannot be competing for control or responsibility over the machine.
edited 13 hours ago
answered 19 hours ago
schroederâ¦
67.8k25143181
67.8k25143181
2
The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
â JoL
4 hours ago
add a comment |Â
2
The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
â JoL
4 hours ago
2
2
The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
â JoL
4 hours ago
The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
â JoL
4 hours ago
add a comment |Â
up vote
14
down vote
A few reasons off the top of my head:
ARP poisoning or network flooding attacks on the network would generally require root access to a machine on the network.
Being able to install unauthorised programs might open the company up to legal liability if those programs are themselves illegal (e.g. because they're pirated or not licensed for for-profit use or whatever).
If the company has any sort of remote monitoring of employees (or wants the ability to have such monitoring even if it's not in place yet), giving users root access would allow them to bypass that.
Not having root access means you can't
rm -rf /bin
, or any number of other destructive things, and nor can anyone who gains access to your login details, so there's no chance your company will need to help you recover from that situation.If your company might redeploy your machine if you leave, they might feel more comfortable doing so without doing a complete wipe-and-reinstall if you've never had root access to it.
Giving people root access is easy, if it becomes necessary; taking root access away comprehensively is difficult if it becomes necessary.
The general principle of least privilege is that you shouldn't give anyone/anything access they don't actively need.
Simply not having moved on from the days of shared servers because it's a process that's worked and nothing has broken the inertia (the hypothetical monkeys and ladders problem).
3
The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
â Ben Millwood
10 hours ago
It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
â thomasrutter
4 hours ago
add a comment |Â
up vote
14
down vote
A few reasons off the top of my head:
ARP poisoning or network flooding attacks on the network would generally require root access to a machine on the network.
Being able to install unauthorised programs might open the company up to legal liability if those programs are themselves illegal (e.g. because they're pirated or not licensed for for-profit use or whatever).
If the company has any sort of remote monitoring of employees (or wants the ability to have such monitoring even if it's not in place yet), giving users root access would allow them to bypass that.
Not having root access means you can't
rm -rf /bin
, or any number of other destructive things, and nor can anyone who gains access to your login details, so there's no chance your company will need to help you recover from that situation.If your company might redeploy your machine if you leave, they might feel more comfortable doing so without doing a complete wipe-and-reinstall if you've never had root access to it.
Giving people root access is easy, if it becomes necessary; taking root access away comprehensively is difficult if it becomes necessary.
The general principle of least privilege is that you shouldn't give anyone/anything access they don't actively need.
Simply not having moved on from the days of shared servers because it's a process that's worked and nothing has broken the inertia (the hypothetical monkeys and ladders problem).
3
The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
â Ben Millwood
10 hours ago
It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
â thomasrutter
4 hours ago
add a comment |Â
up vote
14
down vote
up vote
14
down vote
A few reasons off the top of my head:
ARP poisoning or network flooding attacks on the network would generally require root access to a machine on the network.
Being able to install unauthorised programs might open the company up to legal liability if those programs are themselves illegal (e.g. because they're pirated or not licensed for for-profit use or whatever).
If the company has any sort of remote monitoring of employees (or wants the ability to have such monitoring even if it's not in place yet), giving users root access would allow them to bypass that.
Not having root access means you can't
rm -rf /bin
, or any number of other destructive things, and nor can anyone who gains access to your login details, so there's no chance your company will need to help you recover from that situation.If your company might redeploy your machine if you leave, they might feel more comfortable doing so without doing a complete wipe-and-reinstall if you've never had root access to it.
Giving people root access is easy, if it becomes necessary; taking root access away comprehensively is difficult if it becomes necessary.
The general principle of least privilege is that you shouldn't give anyone/anything access they don't actively need.
Simply not having moved on from the days of shared servers because it's a process that's worked and nothing has broken the inertia (the hypothetical monkeys and ladders problem).
A few reasons off the top of my head:
ARP poisoning or network flooding attacks on the network would generally require root access to a machine on the network.
Being able to install unauthorised programs might open the company up to legal liability if those programs are themselves illegal (e.g. because they're pirated or not licensed for for-profit use or whatever).
If the company has any sort of remote monitoring of employees (or wants the ability to have such monitoring even if it's not in place yet), giving users root access would allow them to bypass that.
Not having root access means you can't
rm -rf /bin
, or any number of other destructive things, and nor can anyone who gains access to your login details, so there's no chance your company will need to help you recover from that situation.If your company might redeploy your machine if you leave, they might feel more comfortable doing so without doing a complete wipe-and-reinstall if you've never had root access to it.
Giving people root access is easy, if it becomes necessary; taking root access away comprehensively is difficult if it becomes necessary.
The general principle of least privilege is that you shouldn't give anyone/anything access they don't actively need.
Simply not having moved on from the days of shared servers because it's a process that's worked and nothing has broken the inertia (the hypothetical monkeys and ladders problem).
answered 19 hours ago
me_and
30717
30717
3
The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
â Ben Millwood
10 hours ago
It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
â thomasrutter
4 hours ago
add a comment |Â
3
The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
â Ben Millwood
10 hours ago
It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
â thomasrutter
4 hours ago
3
3
The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
â Ben Millwood
10 hours ago
The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
â Ben Millwood
10 hours ago
It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
â thomasrutter
4 hours ago
It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
â thomasrutter
4 hours ago
add a comment |Â
up vote
2
down vote
This answer is not meant to contradict the existing answers, but rather supplement them because it's too long for a comment.
Part of the reason is (as others have alluded to) that users can't be trusted to do foolish/malicious things. But another part is whose responsibility is it to fix things when that happens?
I'm a full-stack developer and part time devops with root access not only to my own development machines but a number of our production servers and at least some level of access to the hypervisor they're deployed on. But if I mess up, I am the party (or at least a party) with the skills, expertise, and responsibility to fix it. Not so of the typical end user: if Bobby the user borks his/her Windows install that happened to have mission-critical data and/or be used for mission critical work then Bobby isn't the one who has to come in on his/her day off or work unpaid overtime to fix it. Not to mention answer to the brass how Bobby managed to almost single-handedly sink the ship.
So part of the reason IT departments limit end user privileges is that it reduces their own risk exposure.
How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
â Bananach
8 hours ago
@Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
â Jared Smith
7 hours ago
add a comment |Â
up vote
2
down vote
This answer is not meant to contradict the existing answers, but rather supplement them because it's too long for a comment.
Part of the reason is (as others have alluded to) that users can't be trusted to do foolish/malicious things. But another part is whose responsibility is it to fix things when that happens?
I'm a full-stack developer and part time devops with root access not only to my own development machines but a number of our production servers and at least some level of access to the hypervisor they're deployed on. But if I mess up, I am the party (or at least a party) with the skills, expertise, and responsibility to fix it. Not so of the typical end user: if Bobby the user borks his/her Windows install that happened to have mission-critical data and/or be used for mission critical work then Bobby isn't the one who has to come in on his/her day off or work unpaid overtime to fix it. Not to mention answer to the brass how Bobby managed to almost single-handedly sink the ship.
So part of the reason IT departments limit end user privileges is that it reduces their own risk exposure.
How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
â Bananach
8 hours ago
@Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
â Jared Smith
7 hours ago
add a comment |Â
up vote
2
down vote
up vote
2
down vote
This answer is not meant to contradict the existing answers, but rather supplement them because it's too long for a comment.
Part of the reason is (as others have alluded to) that users can't be trusted to do foolish/malicious things. But another part is whose responsibility is it to fix things when that happens?
I'm a full-stack developer and part time devops with root access not only to my own development machines but a number of our production servers and at least some level of access to the hypervisor they're deployed on. But if I mess up, I am the party (or at least a party) with the skills, expertise, and responsibility to fix it. Not so of the typical end user: if Bobby the user borks his/her Windows install that happened to have mission-critical data and/or be used for mission critical work then Bobby isn't the one who has to come in on his/her day off or work unpaid overtime to fix it. Not to mention answer to the brass how Bobby managed to almost single-handedly sink the ship.
So part of the reason IT departments limit end user privileges is that it reduces their own risk exposure.
This answer is not meant to contradict the existing answers, but rather supplement them because it's too long for a comment.
Part of the reason is (as others have alluded to) that users can't be trusted to do foolish/malicious things. But another part is whose responsibility is it to fix things when that happens?
I'm a full-stack developer and part time devops with root access not only to my own development machines but a number of our production servers and at least some level of access to the hypervisor they're deployed on. But if I mess up, I am the party (or at least a party) with the skills, expertise, and responsibility to fix it. Not so of the typical end user: if Bobby the user borks his/her Windows install that happened to have mission-critical data and/or be used for mission critical work then Bobby isn't the one who has to come in on his/her day off or work unpaid overtime to fix it. Not to mention answer to the brass how Bobby managed to almost single-handedly sink the ship.
So part of the reason IT departments limit end user privileges is that it reduces their own risk exposure.
answered 10 hours ago
Jared Smith
1,7501411
1,7501411
How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
â Bananach
8 hours ago
@Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
â Jared Smith
7 hours ago
add a comment |Â
How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
â Bananach
8 hours ago
@Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
â Jared Smith
7 hours ago
How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
â Bananach
8 hours ago
How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
â Bananach
8 hours ago
@Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
â Jared Smith
7 hours ago
@Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
â Jared Smith
7 hours ago
add a comment |Â
Bananach is a new contributor. Be nice, and check out our Code of Conduct.
Bananach is a new contributor. Be nice, and check out our Code of Conduct.
Bananach is a new contributor. Be nice, and check out our Code of Conduct.
Bananach is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196350%2fwhy-do-companies-not-give-root-access-to-employees-on-their-desktop-machines%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
3
What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
â schroederâ¦
19 hours ago
13
What make you say that is typical? I have had root access on my local machine in every job I have had.
â kasperd
13 hours ago
3
This question would be a lot easier to answer if you had a use case for why you think you should have it.
â Joshua
13 hours ago
3
Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
â Jon of All Trades
10 hours ago
2
I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
â Bergi
10 hours ago