Symfony Profiler

Security

Token

There is no security token.

Firewall

main Name

Security enabled

Stateless

Configuration

Key	Value
provider	security.user.provider.concrete.app_user_provider
context	main
entry_point	App\Security\KbinAuthenticator
user_checker	App\Security\UserChecker
access_denied_handler	(none)
access_denied_url	(none)
authenticators	[`"two_factor" "remember_me" "App\Security\KbinAuthenticator" "App\Security\FacebookAuthenticator" "App\Security\GoogleAuthenticator" "App\Security\GithubAuthenticator" "App\Security\KeycloakAuthenticator"`]

Listeners

Listener	Duration	Response
Symfony\Component\Security\Http\Firewall\ChannelListener {#723`-map: Symfony\Component\Security\Http\AccessMap {#722 …} -logger: Monolog\Logger {#783 …} -httpPort: 80 -httpsPort: 443`}	0.00 ms	(none)
Symfony\Component\Security\Http\Firewall\ContextListener {#706-tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage {#1017 …} -sessionKey: "_security_main" -logger: Monolog\Logger {#783 …} -userProviders: Symfony\Component\DependencyInjection\Argument\RewindableGenerator {#705 …} -dispatcher: Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher {#747 …} -registered: false -trustResolver: Scheb\TwoFactorBundle\Security\Authentication\AuthenticationTrustResolver {#780 …} -sessionTrackerEnabler: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage::enableUsageTracking(): void {#703 …}}	93.71 ms	(none)
Symfony\Component\Security\Http\Firewall\AuthenticatorManagerListener {#584`-authenticatorManager: Symfony\Component\Security\Http\Authentication\AuthenticatorManager {#595 …}`}	0.00 ms	(none)
Scheb\TwoFactorBundle\Security\Http\Firewall\TwoFactorAccessListener {#582`-twoFactorFirewallConfig: Scheb\TwoFactorBundle\Security\TwoFactor\TwoFactorFirewallConfig {#842 …} -tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage {#1018 …} -twoFactorAccessDecider: Scheb\TwoFactorBundle\Security\Authorization\TwoFactorAccessDecider {#581 …}`}	0.05 ms	(none)
Symfony\Component\Security\Http\Firewall\AccessListener {#579`-tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage {#1018 …} -accessDecisionManager: Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager {#937 …} -map: Symfony\Component\Security\Http\AccessMap {#722 …}`}	0.00 ms	(none)
Symfony\Component\Security\Http\Firewall\LogoutListener {#786`-tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage {#1018 …} -options: [ "csrf_parameter" => "_csrf_token" "csrf_token_id" => "logout" "logout_path" => "app_logout" ] -httpUtils: Symfony\Component\Security\Http\HttpUtils {#841 …} -csrfTokenManager: Symfony\Component\Security\Csrf\CsrfTokenManager {#1015 …} -eventDispatcher: Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher {#747 …}`}	0.00 ms	(none)

Authenticators

No authenticators have been recorded. Check previous profiles on your authentication endpoint.

Access Decision

affirmative Strategy


"Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter"
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
"Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter"
"App\Security\Voter\EntryCommentVoter"
"App\Security\Voter\EntryVoter"
"App\Security\Voter\MagazineVoter"
"App\Security\Voter\MessageThreadVoter"
"App\Security\Voter\MessageVoter"
"App\Security\Voter\NotificationVoter"
"App\Security\Voter\OAuth2UserConsentVoter"
"App\Security\Voter\PostCommentVoter"
"App\Security\Voter\PostVoter"
"App\Security\Voter\UserVoter"

#	Voter class
1	"Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter"
2	"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
3	"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
4	"Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter"
5	"App\Security\Voter\EntryCommentVoter"
6	"App\Security\Voter\EntryVoter"
7	"App\Security\Voter\MagazineVoter"
8	"App\Security\Voter\MessageThreadVoter"
9	"App\Security\Voter\MessageVoter"
10	"App\Security\Voter\NotificationVoter"
11	"App\Security\Voter\OAuth2UserConsentVoter"
12	"App\Security\Voter\PostCommentVoter"
13	"App\Security\Voter\PostVoter"
14	"App\Security\Voter\UserVoter"

Access decision log


null
"App\Security\Voter\UserVoter"
App\Entity\Entry {#2400
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +magazine: App\Entity\Magazine {#265
    +icon: Proxies\__CG__\App\Entity\Image {#246 …}
    +name: "linux@lemmy.ml"
    +title: "linux"
    +description: """
      From Wikipedia, the free encyclopedia\n
      \n
      Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
      \n
      Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
      \n
      ### Rules\n
      \n
      - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
      - No misinformation\n
      - No NSFW content\n
      - No hate speech, bigotry, etc\n
      \n
      ### Related Communities\n
      \n
      - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
      - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
      - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
      - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
      \n
      Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
      """
    +rules: null
    +subscriptionsCount: 1
    +entryCount: 1406
    +entryCommentCount: 28632
    +postCount: 6
    +postCommentCount: 214
    +isAdult: false
    +customCss: null
    +lastActive: DateTime @1729583542 {#275
      date: 2024-10-22 09:52:22.0 +02:00
    }
    +markedForDeletionAt: null
    +tags: null
    +moderators: Doctrine\ORM\PersistentCollection {#237 …}
    +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
    +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
    +entries: Doctrine\ORM\PersistentCollection {#180 …}
    +posts: Doctrine\ORM\PersistentCollection {#138 …}
    +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
    +bans: Doctrine\ORM\PersistentCollection {#117 …}
    +reports: Doctrine\ORM\PersistentCollection {#103 …}
    +badges: Doctrine\ORM\PersistentCollection {#81 …}
    +logs: Doctrine\ORM\PersistentCollection {#71 …}
    +awards: Doctrine\ORM\PersistentCollection {#1346 …}
    +categories: Doctrine\ORM\PersistentCollection {#1823 …}
    -id: 73
    +apId: "linux@lemmy.ml"
    +apProfileId: "https://lemmy.ml/c/linux"
    +apPublicUrl: "https://lemmy.ml/c/linux"
    +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
    +apInboxUrl: "https://lemmy.ml/inbox"
    +apDomain: "lemmy.ml"
    +apPreferredUsername: "linux"
    +apDiscoverable: true
    +apManuallyApprovesFollowers: null
    +privateKey: null
    +publicKey: null
    +apFetchedAt: DateTime @1729583596 {#269
      date: 2024-10-22 09:53:16.0 +02:00
    }
    +apDeletedAt: null
    +apTimeoutAt: null
    +visibility: "visible             "
    +createdAt: DateTimeImmutable @1698929468 {#271
      date: 2023-11-02 13:51:08.0 +01:00
    }
  }
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
  +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
  +title: "Is it actually dangerous to run Firefox as root?"
  +url: null
  +body: """
    I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
    \n
    I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
    \n
    I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
    \n
    This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 88
  +favouriteCount: 93
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1712572029 {#2414
    date: 2024-04-08 12:27:09.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1688 …}
  +votes: Doctrine\ORM\PersistentCollection {#1966 …}
  +reports: Doctrine\ORM\PersistentCollection {#1965 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
  +badges: Doctrine\ORM\PersistentCollection {#2439 …}
  +children: []
  -id: 26893
  -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
  -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1704359289
  +visibility: "visible             "
  +apId: "https://lemmy.ml/post/10062491"
  +editedAt: DateTimeImmutable @1711170613 {#1793
    date: 2024-03-23 06:10:13.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704272889 {#2402
    date: 2024-01-03 10:08:09.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\Entry {#2400
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +magazine: App\Entity\Magazine {#265
    +icon: Proxies\__CG__\App\Entity\Image {#246 …}
    +name: "linux@lemmy.ml"
    +title: "linux"
    +description: """
      From Wikipedia, the free encyclopedia\n
      \n
      Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
      \n
      Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
      \n
      ### Rules\n
      \n
      - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
      - No misinformation\n
      - No NSFW content\n
      - No hate speech, bigotry, etc\n
      \n
      ### Related Communities\n
      \n
      - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
      - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
      - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
      - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
      \n
      Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
      """
    +rules: null
    +subscriptionsCount: 1
    +entryCount: 1406
    +entryCommentCount: 28632
    +postCount: 6
    +postCommentCount: 214
    +isAdult: false
    +customCss: null
    +lastActive: DateTime @1729583542 {#275
      date: 2024-10-22 09:52:22.0 +02:00
    }
    +markedForDeletionAt: null
    +tags: null
    +moderators: Doctrine\ORM\PersistentCollection {#237 …}
    +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
    +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
    +entries: Doctrine\ORM\PersistentCollection {#180 …}
    +posts: Doctrine\ORM\PersistentCollection {#138 …}
    +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
    +bans: Doctrine\ORM\PersistentCollection {#117 …}
    +reports: Doctrine\ORM\PersistentCollection {#103 …}
    +badges: Doctrine\ORM\PersistentCollection {#81 …}
    +logs: Doctrine\ORM\PersistentCollection {#71 …}
    +awards: Doctrine\ORM\PersistentCollection {#1346 …}
    +categories: Doctrine\ORM\PersistentCollection {#1823 …}
    -id: 73
    +apId: "linux@lemmy.ml"
    +apProfileId: "https://lemmy.ml/c/linux"
    +apPublicUrl: "https://lemmy.ml/c/linux"
    +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
    +apInboxUrl: "https://lemmy.ml/inbox"
    +apDomain: "lemmy.ml"
    +apPreferredUsername: "linux"
    +apDiscoverable: true
    +apManuallyApprovesFollowers: null
    +privateKey: null
    +publicKey: null
    +apFetchedAt: DateTime @1729583596 {#269
      date: 2024-10-22 09:53:16.0 +02:00
    }
    +apDeletedAt: null
    +apTimeoutAt: null
    +visibility: "visible             "
    +createdAt: DateTimeImmutable @1698929468 {#271
      date: 2023-11-02 13:51:08.0 +01:00
    }
  }
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
  +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
  +title: "Is it actually dangerous to run Firefox as root?"
  +url: null
  +body: """
    I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
    \n
    I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
    \n
    I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
    \n
    This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 88
  +favouriteCount: 93
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1712572029 {#2414
    date: 2024-04-08 12:27:09.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1688 …}
  +votes: Doctrine\ORM\PersistentCollection {#1966 …}
  +reports: Doctrine\ORM\PersistentCollection {#1965 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
  +badges: Doctrine\ORM\PersistentCollection {#2439 …}
  +children: []
  -id: 26893
  -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
  -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1704359289
  +visibility: "visible             "
  +apId: "https://lemmy.ml/post/10062491"
  +editedAt: DateTimeImmutable @1711170613 {#1793
    date: 2024-03-23 06:10:13.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704272889 {#2402
    date: 2024-01-03 10:08:09.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\Entry {#2400
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +magazine: App\Entity\Magazine {#265
    +icon: Proxies\__CG__\App\Entity\Image {#246 …}
    +name: "linux@lemmy.ml"
    +title: "linux"
    +description: """
      From Wikipedia, the free encyclopedia\n
      \n
      Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
      \n
      Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
      \n
      ### Rules\n
      \n
      - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
      - No misinformation\n
      - No NSFW content\n
      - No hate speech, bigotry, etc\n
      \n
      ### Related Communities\n
      \n
      - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
      - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
      - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
      - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
      \n
      Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
      """
    +rules: null
    +subscriptionsCount: 1
    +entryCount: 1406
    +entryCommentCount: 28632
    +postCount: 6
    +postCommentCount: 214
    +isAdult: false
    +customCss: null
    +lastActive: DateTime @1729583542 {#275
      date: 2024-10-22 09:52:22.0 +02:00
    }
    +markedForDeletionAt: null
    +tags: null
    +moderators: Doctrine\ORM\PersistentCollection {#237 …}
    +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
    +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
    +entries: Doctrine\ORM\PersistentCollection {#180 …}
    +posts: Doctrine\ORM\PersistentCollection {#138 …}
    +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
    +bans: Doctrine\ORM\PersistentCollection {#117 …}
    +reports: Doctrine\ORM\PersistentCollection {#103 …}
    +badges: Doctrine\ORM\PersistentCollection {#81 …}
    +logs: Doctrine\ORM\PersistentCollection {#71 …}
    +awards: Doctrine\ORM\PersistentCollection {#1346 …}
    +categories: Doctrine\ORM\PersistentCollection {#1823 …}
    -id: 73
    +apId: "linux@lemmy.ml"
    +apProfileId: "https://lemmy.ml/c/linux"
    +apPublicUrl: "https://lemmy.ml/c/linux"
    +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
    +apInboxUrl: "https://lemmy.ml/inbox"
    +apDomain: "lemmy.ml"
    +apPreferredUsername: "linux"
    +apDiscoverable: true
    +apManuallyApprovesFollowers: null
    +privateKey: null
    +publicKey: null
    +apFetchedAt: DateTime @1729583596 {#269
      date: 2024-10-22 09:53:16.0 +02:00
    }
    +apDeletedAt: null
    +apTimeoutAt: null
    +visibility: "visible             "
    +createdAt: DateTimeImmutable @1698929468 {#271
      date: 2023-11-02 13:51:08.0 +01:00
    }
  }
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
  +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
  +title: "Is it actually dangerous to run Firefox as root?"
  +url: null
  +body: """
    I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
    \n
    I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
    \n
    I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
    \n
    This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 88
  +favouriteCount: 93
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1712572029 {#2414
    date: 2024-04-08 12:27:09.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1688 …}
  +votes: Doctrine\ORM\PersistentCollection {#1966 …}
  +reports: Doctrine\ORM\PersistentCollection {#1965 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
  +badges: Doctrine\ORM\PersistentCollection {#2439 …}
  +children: []
  -id: 26893
  -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
  -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1704359289
  +visibility: "visible             "
  +apId: "https://lemmy.ml/post/10062491"
  +editedAt: DateTimeImmutable @1711170613 {#1793
    date: 2024-03-23 06:10:13.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704272889 {#2402
    date: 2024-01-03 10:08:09.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4035
  +user: App\Entity\User {#3983 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
    \n
    By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 13
  +score: 0
  +lastActive: DateTime @1711630376 {#3949
    date: 2024-03-28 13:52:56.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4033 …}
  +nested: Doctrine\ORM\PersistentCollection {#4031 …}
  +votes: Doctrine\ORM\PersistentCollection {#4029 …}
  +reports: Doctrine\ORM\PersistentCollection {#4027 …}
  +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
  +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
  -id: 276053
  -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704277159 {#3985
    date: 2024-01-03 11:19:19.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4035
  +user: App\Entity\User {#3983 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
    \n
    By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 13
  +score: 0
  +lastActive: DateTime @1711630376 {#3949
    date: 2024-03-28 13:52:56.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4033 …}
  +nested: Doctrine\ORM\PersistentCollection {#4031 …}
  +votes: Doctrine\ORM\PersistentCollection {#4029 …}
  +reports: Doctrine\ORM\PersistentCollection {#4027 …}
  +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
  +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
  -id: 276053
  -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704277159 {#3985
    date: 2024-01-03 11:19:19.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4035
  +user: App\Entity\User {#3983 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
    \n
    By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 13
  +score: 0
  +lastActive: DateTime @1711630376 {#3949
    date: 2024-03-28 13:52:56.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4033 …}
  +nested: Doctrine\ORM\PersistentCollection {#4031 …}
  +votes: Doctrine\ORM\PersistentCollection {#4029 …}
  +reports: Doctrine\ORM\PersistentCollection {#4027 …}
  +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
  +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
  -id: 276053
  -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704277159 {#3985
    date: 2024-01-03 11:19:19.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4869
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4035
    +user: App\Entity\User {#3983 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
      \n
      By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 13
    +score: 0
    +lastActive: DateTime @1711630376 {#3949
      date: 2024-03-28 13:52:56.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4033 …}
    +nested: Doctrine\ORM\PersistentCollection {#4031 …}
    +votes: Doctrine\ORM\PersistentCollection {#4029 …}
    +reports: Doctrine\ORM\PersistentCollection {#4027 …}
    +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
    +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
    -id: 276053
    -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704277159 {#3985
      date: 2024-01-03 11:19:19.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
    \n
    That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704278686 {#4867
    date: 2024-01-03 11:44:46.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4870 …}
  +nested: Doctrine\ORM\PersistentCollection {#4872 …}
  +votes: Doctrine\ORM\PersistentCollection {#4874 …}
  +reports: Doctrine\ORM\PersistentCollection {#4876 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
  -id: 276086
  -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7051439"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704278686 {#4868
    date: 2024-01-03 11:44:46.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4869
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4035
    +user: App\Entity\User {#3983 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
      \n
      By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 13
    +score: 0
    +lastActive: DateTime @1711630376 {#3949
      date: 2024-03-28 13:52:56.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4033 …}
    +nested: Doctrine\ORM\PersistentCollection {#4031 …}
    +votes: Doctrine\ORM\PersistentCollection {#4029 …}
    +reports: Doctrine\ORM\PersistentCollection {#4027 …}
    +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
    +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
    -id: 276053
    -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704277159 {#3985
      date: 2024-01-03 11:19:19.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
    \n
    That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704278686 {#4867
    date: 2024-01-03 11:44:46.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4870 …}
  +nested: Doctrine\ORM\PersistentCollection {#4872 …}
  +votes: Doctrine\ORM\PersistentCollection {#4874 …}
  +reports: Doctrine\ORM\PersistentCollection {#4876 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
  -id: 276086
  -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7051439"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704278686 {#4868
    date: 2024-01-03 11:44:46.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4869
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4035
    +user: App\Entity\User {#3983 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
      \n
      By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 13
    +score: 0
    +lastActive: DateTime @1711630376 {#3949
      date: 2024-03-28 13:52:56.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4033 …}
    +nested: Doctrine\ORM\PersistentCollection {#4031 …}
    +votes: Doctrine\ORM\PersistentCollection {#4029 …}
    +reports: Doctrine\ORM\PersistentCollection {#4027 …}
    +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
    +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
    -id: 276053
    -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704277159 {#3985
      date: 2024-01-03 11:19:19.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
    \n
    That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704278686 {#4867
    date: 2024-01-03 11:44:46.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4870 …}
  +nested: Doctrine\ORM\PersistentCollection {#4872 …}
  +votes: Doctrine\ORM\PersistentCollection {#4874 …}
  +reports: Doctrine\ORM\PersistentCollection {#4876 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
  -id: 276086
  -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7051439"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704278686 {#4868
    date: 2024-01-03 11:44:46.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4917
  +user: Proxies\__CG__\App\Entity\User {#4921 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4869
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4035
      +user: App\Entity\User {#3983 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
        \n
        By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 13
      +score: 0
      +lastActive: DateTime @1711630376 {#3949
        date: 2024-03-28 13:52:56.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4033 …}
      +nested: Doctrine\ORM\PersistentCollection {#4031 …}
      +votes: Doctrine\ORM\PersistentCollection {#4029 …}
      +reports: Doctrine\ORM\PersistentCollection {#4027 …}
      +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
      +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
      -id: 276053
      -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704277159 {#3985
        date: 2024-01-03 11:19:19.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
      \n
      That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704278686 {#4867
      date: 2024-01-03 11:44:46.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4870 …}
    +nested: Doctrine\ORM\PersistentCollection {#4872 …}
    +votes: Doctrine\ORM\PersistentCollection {#4874 …}
    +reports: Doctrine\ORM\PersistentCollection {#4876 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
    -id: 276086
    -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7051439"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704278686 {#4868
      date: 2024-01-03 11:44:46.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704283692 {#4916
    date: 2024-01-03 13:08:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4926 …}
  +nested: Doctrine\ORM\PersistentCollection {#4922 …}
  +votes: Doctrine\ORM\PersistentCollection {#4924 …}
  +reports: Doctrine\ORM\PersistentCollection {#4929 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
  -id: 276194
  -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056225"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283692 {#4913
    date: 2024-01-03 13:08:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4917
  +user: Proxies\__CG__\App\Entity\User {#4921 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4869
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4035
      +user: App\Entity\User {#3983 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
        \n
        By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 13
      +score: 0
      +lastActive: DateTime @1711630376 {#3949
        date: 2024-03-28 13:52:56.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4033 …}
      +nested: Doctrine\ORM\PersistentCollection {#4031 …}
      +votes: Doctrine\ORM\PersistentCollection {#4029 …}
      +reports: Doctrine\ORM\PersistentCollection {#4027 …}
      +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
      +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
      -id: 276053
      -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704277159 {#3985
        date: 2024-01-03 11:19:19.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
      \n
      That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704278686 {#4867
      date: 2024-01-03 11:44:46.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4870 …}
    +nested: Doctrine\ORM\PersistentCollection {#4872 …}
    +votes: Doctrine\ORM\PersistentCollection {#4874 …}
    +reports: Doctrine\ORM\PersistentCollection {#4876 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
    -id: 276086
    -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7051439"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704278686 {#4868
      date: 2024-01-03 11:44:46.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704283692 {#4916
    date: 2024-01-03 13:08:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4926 …}
  +nested: Doctrine\ORM\PersistentCollection {#4922 …}
  +votes: Doctrine\ORM\PersistentCollection {#4924 …}
  +reports: Doctrine\ORM\PersistentCollection {#4929 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
  -id: 276194
  -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056225"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283692 {#4913
    date: 2024-01-03 13:08:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4917
  +user: Proxies\__CG__\App\Entity\User {#4921 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4869
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4035
      +user: App\Entity\User {#3983 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
        \n
        By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 13
      +score: 0
      +lastActive: DateTime @1711630376 {#3949
        date: 2024-03-28 13:52:56.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4033 …}
      +nested: Doctrine\ORM\PersistentCollection {#4031 …}
      +votes: Doctrine\ORM\PersistentCollection {#4029 …}
      +reports: Doctrine\ORM\PersistentCollection {#4027 …}
      +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
      +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
      -id: 276053
      -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704277159 {#3985
        date: 2024-01-03 11:19:19.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
      \n
      That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704278686 {#4867
      date: 2024-01-03 11:44:46.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4870 …}
    +nested: Doctrine\ORM\PersistentCollection {#4872 …}
    +votes: Doctrine\ORM\PersistentCollection {#4874 …}
    +reports: Doctrine\ORM\PersistentCollection {#4876 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
    -id: 276086
    -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7051439"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704278686 {#4868
      date: 2024-01-03 11:44:46.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704283692 {#4916
    date: 2024-01-03 13:08:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4926 …}
  +nested: Doctrine\ORM\PersistentCollection {#4922 …}
  +votes: Doctrine\ORM\PersistentCollection {#4924 …}
  +reports: Doctrine\ORM\PersistentCollection {#4929 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
  -id: 276194
  -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056225"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283692 {#4913
    date: 2024-01-03 13:08:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5106
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4917
    +user: Proxies\__CG__\App\Entity\User {#4921 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4869
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4035
        +user: App\Entity\User {#3983 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
          \n
          By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 13
        +score: 0
        +lastActive: DateTime @1711630376 {#3949
          date: 2024-03-28 13:52:56.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4033 …}
        +nested: Doctrine\ORM\PersistentCollection {#4031 …}
        +votes: Doctrine\ORM\PersistentCollection {#4029 …}
        +reports: Doctrine\ORM\PersistentCollection {#4027 …}
        +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
        +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
        -id: 276053
        -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704277159 {#3985
          date: 2024-01-03 11:19:19.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
        \n
        That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704278686 {#4867
        date: 2024-01-03 11:44:46.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4870 …}
      +nested: Doctrine\ORM\PersistentCollection {#4872 …}
      +votes: Doctrine\ORM\PersistentCollection {#4874 …}
      +reports: Doctrine\ORM\PersistentCollection {#4876 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
      -id: 276086
      -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7051439"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704278686 {#4868
        date: 2024-01-03 11:44:46.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704283692 {#4916
      date: 2024-01-03 13:08:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4926 …}
    +nested: Doctrine\ORM\PersistentCollection {#4922 …}
    +votes: Doctrine\ORM\PersistentCollection {#4924 …}
    +reports: Doctrine\ORM\PersistentCollection {#4929 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
    -id: 276194
    -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056225"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283692 {#4913
      date: 2024-01-03 13:08:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704283988 {#5107
    date: 2024-01-03 13:13:08.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5099 …}
  +nested: Doctrine\ORM\PersistentCollection {#5097 …}
  +votes: Doctrine\ORM\PersistentCollection {#5095 …}
  +reports: Doctrine\ORM\PersistentCollection {#5108 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
  -id: 276202
  -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056271"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283988 {#5104
    date: 2024-01-03 13:13:08.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5106
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4917
    +user: Proxies\__CG__\App\Entity\User {#4921 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4869
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4035
        +user: App\Entity\User {#3983 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
          \n
          By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 13
        +score: 0
        +lastActive: DateTime @1711630376 {#3949
          date: 2024-03-28 13:52:56.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4033 …}
        +nested: Doctrine\ORM\PersistentCollection {#4031 …}
        +votes: Doctrine\ORM\PersistentCollection {#4029 …}
        +reports: Doctrine\ORM\PersistentCollection {#4027 …}
        +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
        +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
        -id: 276053
        -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704277159 {#3985
          date: 2024-01-03 11:19:19.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
        \n
        That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704278686 {#4867
        date: 2024-01-03 11:44:46.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4870 …}
      +nested: Doctrine\ORM\PersistentCollection {#4872 …}
      +votes: Doctrine\ORM\PersistentCollection {#4874 …}
      +reports: Doctrine\ORM\PersistentCollection {#4876 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
      -id: 276086
      -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7051439"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704278686 {#4868
        date: 2024-01-03 11:44:46.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704283692 {#4916
      date: 2024-01-03 13:08:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4926 …}
    +nested: Doctrine\ORM\PersistentCollection {#4922 …}
    +votes: Doctrine\ORM\PersistentCollection {#4924 …}
    +reports: Doctrine\ORM\PersistentCollection {#4929 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
    -id: 276194
    -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056225"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283692 {#4913
      date: 2024-01-03 13:08:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704283988 {#5107
    date: 2024-01-03 13:13:08.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5099 …}
  +nested: Doctrine\ORM\PersistentCollection {#5097 …}
  +votes: Doctrine\ORM\PersistentCollection {#5095 …}
  +reports: Doctrine\ORM\PersistentCollection {#5108 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
  -id: 276202
  -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056271"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283988 {#5104
    date: 2024-01-03 13:13:08.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5106
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4917
    +user: Proxies\__CG__\App\Entity\User {#4921 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4869
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4035
        +user: App\Entity\User {#3983 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
          \n
          By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 13
        +score: 0
        +lastActive: DateTime @1711630376 {#3949
          date: 2024-03-28 13:52:56.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4033 …}
        +nested: Doctrine\ORM\PersistentCollection {#4031 …}
        +votes: Doctrine\ORM\PersistentCollection {#4029 …}
        +reports: Doctrine\ORM\PersistentCollection {#4027 …}
        +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
        +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
        -id: 276053
        -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704277159 {#3985
          date: 2024-01-03 11:19:19.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
        \n
        That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704278686 {#4867
        date: 2024-01-03 11:44:46.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4870 …}
      +nested: Doctrine\ORM\PersistentCollection {#4872 …}
      +votes: Doctrine\ORM\PersistentCollection {#4874 …}
      +reports: Doctrine\ORM\PersistentCollection {#4876 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
      -id: 276086
      -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7051439"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704278686 {#4868
        date: 2024-01-03 11:44:46.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704283692 {#4916
      date: 2024-01-03 13:08:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4926 …}
    +nested: Doctrine\ORM\PersistentCollection {#4922 …}
    +votes: Doctrine\ORM\PersistentCollection {#4924 …}
    +reports: Doctrine\ORM\PersistentCollection {#4929 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
    -id: 276194
    -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056225"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283692 {#4913
      date: 2024-01-03 13:08:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704283988 {#5107
    date: 2024-01-03 13:13:08.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5099 …}
  +nested: Doctrine\ORM\PersistentCollection {#5097 …}
  +votes: Doctrine\ORM\PersistentCollection {#5095 …}
  +reports: Doctrine\ORM\PersistentCollection {#5108 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
  -id: 276202
  -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056271"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283988 {#5104
    date: 2024-01-03 13:13:08.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5198
  +user: Proxies\__CG__\App\Entity\User {#4921 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5106
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4917
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704283692 {#4916
        date: 2024-01-03 13:08:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4926 …}
      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
      -id: 276194
      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056225"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283692 {#4913
        date: 2024-01-03 13:08:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704283988 {#5107
      date: 2024-01-03 13:13:08.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5099 …}
    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
    -id: 276202
    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056271"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283988 {#5104
      date: 2024-01-03 13:13:08.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704285364 {#5197
    date: 2024-01-03 13:36:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5202 …}
  +nested: Doctrine\ORM\PersistentCollection {#5208 …}
  +votes: Doctrine\ORM\PersistentCollection {#5204 …}
  +reports: Doctrine\ORM\PersistentCollection {#5209 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
  -id: 276246
  -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056533"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285364 {#5194
    date: 2024-01-03 13:36:04.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5198
  +user: Proxies\__CG__\App\Entity\User {#4921 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5106
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4917
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704283692 {#4916
        date: 2024-01-03 13:08:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4926 …}
      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
      -id: 276194
      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056225"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283692 {#4913
        date: 2024-01-03 13:08:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704283988 {#5107
      date: 2024-01-03 13:13:08.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5099 …}
    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
    -id: 276202
    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056271"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283988 {#5104
      date: 2024-01-03 13:13:08.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704285364 {#5197
    date: 2024-01-03 13:36:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5202 …}
  +nested: Doctrine\ORM\PersistentCollection {#5208 …}
  +votes: Doctrine\ORM\PersistentCollection {#5204 …}
  +reports: Doctrine\ORM\PersistentCollection {#5209 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
  -id: 276246
  -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056533"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285364 {#5194
    date: 2024-01-03 13:36:04.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5198
  +user: Proxies\__CG__\App\Entity\User {#4921 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5106
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4917
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704283692 {#4916
        date: 2024-01-03 13:08:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4926 …}
      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
      -id: 276194
      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056225"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283692 {#4913
        date: 2024-01-03 13:08:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704283988 {#5107
      date: 2024-01-03 13:13:08.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5099 …}
    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
    -id: 276202
    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056271"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283988 {#5104
      date: 2024-01-03 13:13:08.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704285364 {#5197
    date: 2024-01-03 13:36:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5202 …}
  +nested: Doctrine\ORM\PersistentCollection {#5208 …}
  +votes: Doctrine\ORM\PersistentCollection {#5204 …}
  +reports: Doctrine\ORM\PersistentCollection {#5209 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
  -id: 276246
  -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056533"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285364 {#5194
    date: 2024-01-03 13:36:04.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5352
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5198
    +user: Proxies\__CG__\App\Entity\User {#4921 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5106
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4917
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704283692 {#4916
          date: 2024-01-03 13:08:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4926 …}
        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
        -id: 276194
        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056225"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283692 {#4913
          date: 2024-01-03 13:08:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704283988 {#5107
        date: 2024-01-03 13:13:08.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5099 …}
      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
      -id: 276202
      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056271"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283988 {#5104
        date: 2024-01-03 13:13:08.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704285364 {#5197
      date: 2024-01-03 13:36:04.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5202 …}
    +nested: Doctrine\ORM\PersistentCollection {#5208 …}
    +votes: Doctrine\ORM\PersistentCollection {#5204 …}
    +reports: Doctrine\ORM\PersistentCollection {#5209 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
    -id: 276246
    -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056533"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285364 {#5194
      date: 2024-01-03 13:36:04.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704285542 {#5353
    date: 2024-01-03 13:39:02.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5346 …}
  +nested: Doctrine\ORM\PersistentCollection {#5345 …}
  +votes: Doctrine\ORM\PersistentCollection {#5343 …}
  +reports: Doctrine\ORM\PersistentCollection {#5355 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
  -id: 276251
  -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056563"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285542 {#5350
    date: 2024-01-03 13:39:02.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5352
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5198
    +user: Proxies\__CG__\App\Entity\User {#4921 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5106
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4917
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704283692 {#4916
          date: 2024-01-03 13:08:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4926 …}
        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
        -id: 276194
        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056225"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283692 {#4913
          date: 2024-01-03 13:08:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704283988 {#5107
        date: 2024-01-03 13:13:08.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5099 …}
      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
      -id: 276202
      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056271"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283988 {#5104
        date: 2024-01-03 13:13:08.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704285364 {#5197
      date: 2024-01-03 13:36:04.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5202 …}
    +nested: Doctrine\ORM\PersistentCollection {#5208 …}
    +votes: Doctrine\ORM\PersistentCollection {#5204 …}
    +reports: Doctrine\ORM\PersistentCollection {#5209 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
    -id: 276246
    -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056533"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285364 {#5194
      date: 2024-01-03 13:36:04.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704285542 {#5353
    date: 2024-01-03 13:39:02.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5346 …}
  +nested: Doctrine\ORM\PersistentCollection {#5345 …}
  +votes: Doctrine\ORM\PersistentCollection {#5343 …}
  +reports: Doctrine\ORM\PersistentCollection {#5355 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
  -id: 276251
  -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056563"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285542 {#5350
    date: 2024-01-03 13:39:02.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5352
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5198
    +user: Proxies\__CG__\App\Entity\User {#4921 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5106
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4917
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704283692 {#4916
          date: 2024-01-03 13:08:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4926 …}
        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
        -id: 276194
        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056225"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283692 {#4913
          date: 2024-01-03 13:08:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704283988 {#5107
        date: 2024-01-03 13:13:08.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5099 …}
      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
      -id: 276202
      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056271"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283988 {#5104
        date: 2024-01-03 13:13:08.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704285364 {#5197
      date: 2024-01-03 13:36:04.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5202 …}
    +nested: Doctrine\ORM\PersistentCollection {#5208 …}
    +votes: Doctrine\ORM\PersistentCollection {#5204 …}
    +reports: Doctrine\ORM\PersistentCollection {#5209 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
    -id: 276246
    -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056533"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285364 {#5194
      date: 2024-01-03 13:36:04.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704285542 {#5353
    date: 2024-01-03 13:39:02.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5346 …}
  +nested: Doctrine\ORM\PersistentCollection {#5345 …}
  +votes: Doctrine\ORM\PersistentCollection {#5343 …}
  +reports: Doctrine\ORM\PersistentCollection {#5355 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
  -id: 276251
  -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056563"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285542 {#5350
    date: 2024-01-03 13:39:02.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5441
  +user: Proxies\__CG__\App\Entity\User {#4921 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5352
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5198
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5106
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4917
          +user: Proxies\__CG__\App\Entity\User {#4921 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4869
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4035
              +user: App\Entity\User {#3983 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: null
              +root: null
              +body: """
                As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                \n
                By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                """
              +lang: "en"
              +isAdult: false
              +favouriteCount: 13
              +score: 0
              +lastActive: DateTime @1711630376 {#3949
                date: 2024-03-28 13:52:56.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4033 …}
              +nested: Doctrine\ORM\PersistentCollection {#4031 …}
              +votes: Doctrine\ORM\PersistentCollection {#4029 …}
              +reports: Doctrine\ORM\PersistentCollection {#4027 …}
              +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
              +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
              -id: 276053
              -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704277159 {#3985
                date: 2024-01-03 11:19:19.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: """
              > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
              \n
              That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 1
            +score: 0
            +lastActive: DateTime @1704278686 {#4867
              date: 2024-01-03 11:44:46.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4870 …}
            +nested: Doctrine\ORM\PersistentCollection {#4872 …}
            +votes: Doctrine\ORM\PersistentCollection {#4874 …}
            +reports: Doctrine\ORM\PersistentCollection {#4876 …}
            +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
            +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
            -id: 276086
            -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7051439"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704278686 {#4868
              date: 2024-01-03 11:44:46.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
          +lang: "en"
          +isAdult: false
          +favouriteCount: 5
          +score: 0
          +lastActive: DateTime @1704283692 {#4916
            date: 2024-01-03 13:08:12.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4926 …}
          +nested: Doctrine\ORM\PersistentCollection {#4922 …}
          +votes: Doctrine\ORM\PersistentCollection {#4924 …}
          +reports: Doctrine\ORM\PersistentCollection {#4929 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
          -id: 276194
          -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056225"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704283692 {#4913
            date: 2024-01-03 13:08:12.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704283988 {#5107
          date: 2024-01-03 13:13:08.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5099 …}
        +nested: Doctrine\ORM\PersistentCollection {#5097 …}
        +votes: Doctrine\ORM\PersistentCollection {#5095 …}
        +reports: Doctrine\ORM\PersistentCollection {#5108 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
        -id: 276202
        -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056271"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283988 {#5104
          date: 2024-01-03 13:13:08.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704285364 {#5197
        date: 2024-01-03 13:36:04.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5202 …}
      +nested: Doctrine\ORM\PersistentCollection {#5208 …}
      +votes: Doctrine\ORM\PersistentCollection {#5204 …}
      +reports: Doctrine\ORM\PersistentCollection {#5209 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
      -id: 276246
      -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056533"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285364 {#5194
        date: 2024-01-03 13:36:04.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704285542 {#5353
      date: 2024-01-03 13:39:02.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5346 …}
    +nested: Doctrine\ORM\PersistentCollection {#5345 …}
    +votes: Doctrine\ORM\PersistentCollection {#5343 …}
    +reports: Doctrine\ORM\PersistentCollection {#5355 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
    -id: 276251
    -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056563"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285542 {#5350
      date: 2024-01-03 13:39:02.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704287608 {#5440
    date: 2024-01-03 14:13:28.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5445 …}
  +nested: Doctrine\ORM\PersistentCollection {#5451 …}
  +votes: Doctrine\ORM\PersistentCollection {#5447 …}
  +reports: Doctrine\ORM\PersistentCollection {#5452 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
  -id: 276319
  -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7057026"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704287608 {#5437
    date: 2024-01-03 14:13:28.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5441
  +user: Proxies\__CG__\App\Entity\User {#4921 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5352
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5198
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5106
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4917
          +user: Proxies\__CG__\App\Entity\User {#4921 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4869
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4035
              +user: App\Entity\User {#3983 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: null
              +root: null
              +body: """
                As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                \n
                By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                """
              +lang: "en"
              +isAdult: false
              +favouriteCount: 13
              +score: 0
              +lastActive: DateTime @1711630376 {#3949
                date: 2024-03-28 13:52:56.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4033 …}
              +nested: Doctrine\ORM\PersistentCollection {#4031 …}
              +votes: Doctrine\ORM\PersistentCollection {#4029 …}
              +reports: Doctrine\ORM\PersistentCollection {#4027 …}
              +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
              +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
              -id: 276053
              -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704277159 {#3985
                date: 2024-01-03 11:19:19.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: """
              > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
              \n
              That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 1
            +score: 0
            +lastActive: DateTime @1704278686 {#4867
              date: 2024-01-03 11:44:46.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4870 …}
            +nested: Doctrine\ORM\PersistentCollection {#4872 …}
            +votes: Doctrine\ORM\PersistentCollection {#4874 …}
            +reports: Doctrine\ORM\PersistentCollection {#4876 …}
            +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
            +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
            -id: 276086
            -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7051439"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704278686 {#4868
              date: 2024-01-03 11:44:46.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
          +lang: "en"
          +isAdult: false
          +favouriteCount: 5
          +score: 0
          +lastActive: DateTime @1704283692 {#4916
            date: 2024-01-03 13:08:12.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4926 …}
          +nested: Doctrine\ORM\PersistentCollection {#4922 …}
          +votes: Doctrine\ORM\PersistentCollection {#4924 …}
          +reports: Doctrine\ORM\PersistentCollection {#4929 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
          -id: 276194
          -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056225"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704283692 {#4913
            date: 2024-01-03 13:08:12.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704283988 {#5107
          date: 2024-01-03 13:13:08.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5099 …}
        +nested: Doctrine\ORM\PersistentCollection {#5097 …}
        +votes: Doctrine\ORM\PersistentCollection {#5095 …}
        +reports: Doctrine\ORM\PersistentCollection {#5108 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
        -id: 276202
        -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056271"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283988 {#5104
          date: 2024-01-03 13:13:08.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704285364 {#5197
        date: 2024-01-03 13:36:04.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5202 …}
      +nested: Doctrine\ORM\PersistentCollection {#5208 …}
      +votes: Doctrine\ORM\PersistentCollection {#5204 …}
      +reports: Doctrine\ORM\PersistentCollection {#5209 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
      -id: 276246
      -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056533"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285364 {#5194
        date: 2024-01-03 13:36:04.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704285542 {#5353
      date: 2024-01-03 13:39:02.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5346 …}
    +nested: Doctrine\ORM\PersistentCollection {#5345 …}
    +votes: Doctrine\ORM\PersistentCollection {#5343 …}
    +reports: Doctrine\ORM\PersistentCollection {#5355 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
    -id: 276251
    -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056563"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285542 {#5350
      date: 2024-01-03 13:39:02.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704287608 {#5440
    date: 2024-01-03 14:13:28.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5445 …}
  +nested: Doctrine\ORM\PersistentCollection {#5451 …}
  +votes: Doctrine\ORM\PersistentCollection {#5447 …}
  +reports: Doctrine\ORM\PersistentCollection {#5452 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
  -id: 276319
  -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7057026"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704287608 {#5437
    date: 2024-01-03 14:13:28.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5441
  +user: Proxies\__CG__\App\Entity\User {#4921 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5352
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5198
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5106
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4917
          +user: Proxies\__CG__\App\Entity\User {#4921 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4869
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4035
              +user: App\Entity\User {#3983 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: null
              +root: null
              +body: """
                As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                \n
                By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                """
              +lang: "en"
              +isAdult: false
              +favouriteCount: 13
              +score: 0
              +lastActive: DateTime @1711630376 {#3949
                date: 2024-03-28 13:52:56.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4033 …}
              +nested: Doctrine\ORM\PersistentCollection {#4031 …}
              +votes: Doctrine\ORM\PersistentCollection {#4029 …}
              +reports: Doctrine\ORM\PersistentCollection {#4027 …}
              +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
              +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
              -id: 276053
              -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704277159 {#3985
                date: 2024-01-03 11:19:19.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: """
              > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
              \n
              That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 1
            +score: 0
            +lastActive: DateTime @1704278686 {#4867
              date: 2024-01-03 11:44:46.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4870 …}
            +nested: Doctrine\ORM\PersistentCollection {#4872 …}
            +votes: Doctrine\ORM\PersistentCollection {#4874 …}
            +reports: Doctrine\ORM\PersistentCollection {#4876 …}
            +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
            +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
            -id: 276086
            -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7051439"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704278686 {#4868
              date: 2024-01-03 11:44:46.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
          +lang: "en"
          +isAdult: false
          +favouriteCount: 5
          +score: 0
          +lastActive: DateTime @1704283692 {#4916
            date: 2024-01-03 13:08:12.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4926 …}
          +nested: Doctrine\ORM\PersistentCollection {#4922 …}
          +votes: Doctrine\ORM\PersistentCollection {#4924 …}
          +reports: Doctrine\ORM\PersistentCollection {#4929 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
          -id: 276194
          -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056225"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704283692 {#4913
            date: 2024-01-03 13:08:12.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704283988 {#5107
          date: 2024-01-03 13:13:08.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5099 …}
        +nested: Doctrine\ORM\PersistentCollection {#5097 …}
        +votes: Doctrine\ORM\PersistentCollection {#5095 …}
        +reports: Doctrine\ORM\PersistentCollection {#5108 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
        -id: 276202
        -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056271"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283988 {#5104
          date: 2024-01-03 13:13:08.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704285364 {#5197
        date: 2024-01-03 13:36:04.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5202 …}
      +nested: Doctrine\ORM\PersistentCollection {#5208 …}
      +votes: Doctrine\ORM\PersistentCollection {#5204 …}
      +reports: Doctrine\ORM\PersistentCollection {#5209 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
      -id: 276246
      -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056533"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285364 {#5194
        date: 2024-01-03 13:36:04.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704285542 {#5353
      date: 2024-01-03 13:39:02.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5346 …}
    +nested: Doctrine\ORM\PersistentCollection {#5345 …}
    +votes: Doctrine\ORM\PersistentCollection {#5343 …}
    +reports: Doctrine\ORM\PersistentCollection {#5355 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
    -id: 276251
    -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056563"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285542 {#5350
      date: 2024-01-03 13:39:02.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704287608 {#5440
    date: 2024-01-03 14:13:28.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5445 …}
  +nested: Doctrine\ORM\PersistentCollection {#5451 …}
  +votes: Doctrine\ORM\PersistentCollection {#5447 …}
  +reports: Doctrine\ORM\PersistentCollection {#5452 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
  -id: 276319
  -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7057026"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704287608 {#5437
    date: 2024-01-03 14:13:28.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5475
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5441
    +user: Proxies\__CG__\App\Entity\User {#4921 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5352
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5198
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5106
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4917
            +user: Proxies\__CG__\App\Entity\User {#4921 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4869
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#4035
                +user: App\Entity\User {#3983 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: null
                +root: null
                +body: """
                  As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                  \n
                  By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                  """
                +lang: "en"
                +isAdult: false
                +favouriteCount: 13
                +score: 0
                +lastActive: DateTime @1711630376 {#3949
                  date: 2024-03-28 13:52:56.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                ]
                +children: Doctrine\ORM\PersistentCollection {#4033 …}
                +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                -id: 276053
                -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704277159 {#3985
                  date: 2024-01-03 11:19:19.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: """
                > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                \n
                That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                """
              +lang: "en"
              +isAdult: false
              +favouriteCount: 1
              +score: 0
              +lastActive: DateTime @1704278686 {#4867
                date: 2024-01-03 11:44:46.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4870 …}
              +nested: Doctrine\ORM\PersistentCollection {#4872 …}
              +votes: Doctrine\ORM\PersistentCollection {#4874 …}
              +reports: Doctrine\ORM\PersistentCollection {#4876 …}
              +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
              +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
              -id: 276086
              -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7051439"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704278686 {#4868
                date: 2024-01-03 11:44:46.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
            +lang: "en"
            +isAdult: false
            +favouriteCount: 5
            +score: 0
            +lastActive: DateTime @1704283692 {#4916
              date: 2024-01-03 13:08:12.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4926 …}
            +nested: Doctrine\ORM\PersistentCollection {#4922 …}
            +votes: Doctrine\ORM\PersistentCollection {#4924 …}
            +reports: Doctrine\ORM\PersistentCollection {#4929 …}
            +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
            +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
            -id: 276194
            -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056225"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704283692 {#4913
              date: 2024-01-03 13:08:12.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 0
          +score: 0
          +lastActive: DateTime @1704283988 {#5107
            date: 2024-01-03 13:13:08.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5099 …}
          +nested: Doctrine\ORM\PersistentCollection {#5097 …}
          +votes: Doctrine\ORM\PersistentCollection {#5095 …}
          +reports: Doctrine\ORM\PersistentCollection {#5108 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
          -id: 276202
          -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056271"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704283988 {#5104
            date: 2024-01-03 13:13:08.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704285364 {#5197
          date: 2024-01-03 13:36:04.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5202 …}
        +nested: Doctrine\ORM\PersistentCollection {#5208 …}
        +votes: Doctrine\ORM\PersistentCollection {#5204 …}
        +reports: Doctrine\ORM\PersistentCollection {#5209 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
        -id: 276246
        -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056533"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285364 {#5194
          date: 2024-01-03 13:36:04.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704285542 {#5353
        date: 2024-01-03 13:39:02.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5346 …}
      +nested: Doctrine\ORM\PersistentCollection {#5345 …}
      +votes: Doctrine\ORM\PersistentCollection {#5343 …}
      +reports: Doctrine\ORM\PersistentCollection {#5355 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
      -id: 276251
      -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056563"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285542 {#5350
        date: 2024-01-03 13:39:02.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704287608 {#5440
      date: 2024-01-03 14:13:28.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5445 …}
    +nested: Doctrine\ORM\PersistentCollection {#5451 …}
    +votes: Doctrine\ORM\PersistentCollection {#5447 …}
    +reports: Doctrine\ORM\PersistentCollection {#5452 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
    -id: 276319
    -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7057026"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704287608 {#5437
      date: 2024-01-03 14:13:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704288222 {#5480
    date: 2024-01-03 14:23:42.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5483 …}
  +nested: Doctrine\ORM\PersistentCollection {#5487 …}
  +votes: Doctrine\ORM\PersistentCollection {#5489 …}
  +reports: Doctrine\ORM\PersistentCollection {#5490 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
  -id: 276343
  -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7057314"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704288222 {#5477
    date: 2024-01-03 14:23:42.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5475
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5441
    +user: Proxies\__CG__\App\Entity\User {#4921 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5352
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5198
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5106
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4917
            +user: Proxies\__CG__\App\Entity\User {#4921 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4869
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#4035
                +user: App\Entity\User {#3983 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: null
                +root: null
                +body: """
                  As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                  \n
                  By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                  """
                +lang: "en"
                +isAdult: false
                +favouriteCount: 13
                +score: 0
                +lastActive: DateTime @1711630376 {#3949
                  date: 2024-03-28 13:52:56.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                ]
                +children: Doctrine\ORM\PersistentCollection {#4033 …}
                +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                -id: 276053
                -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704277159 {#3985
                  date: 2024-01-03 11:19:19.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: """
                > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                \n
                That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                """
              +lang: "en"
              +isAdult: false
              +favouriteCount: 1
              +score: 0
              +lastActive: DateTime @1704278686 {#4867
                date: 2024-01-03 11:44:46.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4870 …}
              +nested: Doctrine\ORM\PersistentCollection {#4872 …}
              +votes: Doctrine\ORM\PersistentCollection {#4874 …}
              +reports: Doctrine\ORM\PersistentCollection {#4876 …}
              +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
              +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
              -id: 276086
              -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7051439"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704278686 {#4868
                date: 2024-01-03 11:44:46.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
            +lang: "en"
            +isAdult: false
            +favouriteCount: 5
            +score: 0
            +lastActive: DateTime @1704283692 {#4916
              date: 2024-01-03 13:08:12.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4926 …}
            +nested: Doctrine\ORM\PersistentCollection {#4922 …}
            +votes: Doctrine\ORM\PersistentCollection {#4924 …}
            +reports: Doctrine\ORM\PersistentCollection {#4929 …}
            +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
            +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
            -id: 276194
            -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056225"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704283692 {#4913
              date: 2024-01-03 13:08:12.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 0
          +score: 0
          +lastActive: DateTime @1704283988 {#5107
            date: 2024-01-03 13:13:08.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5099 …}
          +nested: Doctrine\ORM\PersistentCollection {#5097 …}
          +votes: Doctrine\ORM\PersistentCollection {#5095 …}
          +reports: Doctrine\ORM\PersistentCollection {#5108 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
          -id: 276202
          -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056271"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704283988 {#5104
            date: 2024-01-03 13:13:08.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704285364 {#5197
          date: 2024-01-03 13:36:04.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5202 …}
        +nested: Doctrine\ORM\PersistentCollection {#5208 …}
        +votes: Doctrine\ORM\PersistentCollection {#5204 …}
        +reports: Doctrine\ORM\PersistentCollection {#5209 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
        -id: 276246
        -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056533"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285364 {#5194
          date: 2024-01-03 13:36:04.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704285542 {#5353
        date: 2024-01-03 13:39:02.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5346 …}
      +nested: Doctrine\ORM\PersistentCollection {#5345 …}
      +votes: Doctrine\ORM\PersistentCollection {#5343 …}
      +reports: Doctrine\ORM\PersistentCollection {#5355 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
      -id: 276251
      -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056563"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285542 {#5350
        date: 2024-01-03 13:39:02.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704287608 {#5440
      date: 2024-01-03 14:13:28.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5445 …}
    +nested: Doctrine\ORM\PersistentCollection {#5451 …}
    +votes: Doctrine\ORM\PersistentCollection {#5447 …}
    +reports: Doctrine\ORM\PersistentCollection {#5452 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
    -id: 276319
    -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7057026"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704287608 {#5437
      date: 2024-01-03 14:13:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704288222 {#5480
    date: 2024-01-03 14:23:42.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5483 …}
  +nested: Doctrine\ORM\PersistentCollection {#5487 …}
  +votes: Doctrine\ORM\PersistentCollection {#5489 …}
  +reports: Doctrine\ORM\PersistentCollection {#5490 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
  -id: 276343
  -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7057314"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704288222 {#5477
    date: 2024-01-03 14:23:42.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5475
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5441
    +user: Proxies\__CG__\App\Entity\User {#4921 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5352
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5198
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5106
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4917
            +user: Proxies\__CG__\App\Entity\User {#4921 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4869
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#4035
                +user: App\Entity\User {#3983 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: null
                +root: null
                +body: """
                  As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                  \n
                  By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                  """
                +lang: "en"
                +isAdult: false
                +favouriteCount: 13
                +score: 0
                +lastActive: DateTime @1711630376 {#3949
                  date: 2024-03-28 13:52:56.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                ]
                +children: Doctrine\ORM\PersistentCollection {#4033 …}
                +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                -id: 276053
                -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704277159 {#3985
                  date: 2024-01-03 11:19:19.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: """
                > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                \n
                That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                """
              +lang: "en"
              +isAdult: false
              +favouriteCount: 1
              +score: 0
              +lastActive: DateTime @1704278686 {#4867
                date: 2024-01-03 11:44:46.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4870 …}
              +nested: Doctrine\ORM\PersistentCollection {#4872 …}
              +votes: Doctrine\ORM\PersistentCollection {#4874 …}
              +reports: Doctrine\ORM\PersistentCollection {#4876 …}
              +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
              +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
              -id: 276086
              -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7051439"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704278686 {#4868
                date: 2024-01-03 11:44:46.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
            +lang: "en"
            +isAdult: false
            +favouriteCount: 5
            +score: 0
            +lastActive: DateTime @1704283692 {#4916
              date: 2024-01-03 13:08:12.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4926 …}
            +nested: Doctrine\ORM\PersistentCollection {#4922 …}
            +votes: Doctrine\ORM\PersistentCollection {#4924 …}
            +reports: Doctrine\ORM\PersistentCollection {#4929 …}
            +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
            +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
            -id: 276194
            -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056225"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704283692 {#4913
              date: 2024-01-03 13:08:12.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 0
          +score: 0
          +lastActive: DateTime @1704283988 {#5107
            date: 2024-01-03 13:13:08.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5099 …}
          +nested: Doctrine\ORM\PersistentCollection {#5097 …}
          +votes: Doctrine\ORM\PersistentCollection {#5095 …}
          +reports: Doctrine\ORM\PersistentCollection {#5108 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
          -id: 276202
          -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056271"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704283988 {#5104
            date: 2024-01-03 13:13:08.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704285364 {#5197
          date: 2024-01-03 13:36:04.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5202 …}
        +nested: Doctrine\ORM\PersistentCollection {#5208 …}
        +votes: Doctrine\ORM\PersistentCollection {#5204 …}
        +reports: Doctrine\ORM\PersistentCollection {#5209 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
        -id: 276246
        -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056533"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285364 {#5194
          date: 2024-01-03 13:36:04.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704285542 {#5353
        date: 2024-01-03 13:39:02.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5346 …}
      +nested: Doctrine\ORM\PersistentCollection {#5345 …}
      +votes: Doctrine\ORM\PersistentCollection {#5343 …}
      +reports: Doctrine\ORM\PersistentCollection {#5355 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
      -id: 276251
      -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056563"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285542 {#5350
        date: 2024-01-03 13:39:02.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704287608 {#5440
      date: 2024-01-03 14:13:28.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5445 …}
    +nested: Doctrine\ORM\PersistentCollection {#5451 …}
    +votes: Doctrine\ORM\PersistentCollection {#5447 …}
    +reports: Doctrine\ORM\PersistentCollection {#5452 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
    -id: 276319
    -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7057026"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704287608 {#5437
      date: 2024-01-03 14:13:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704288222 {#5480
    date: 2024-01-03 14:23:42.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5483 …}
  +nested: Doctrine\ORM\PersistentCollection {#5487 …}
  +votes: Doctrine\ORM\PersistentCollection {#5489 …}
  +reports: Doctrine\ORM\PersistentCollection {#5490 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
  -id: 276343
  -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7057314"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704288222 {#5477
    date: 2024-01-03 14:23:42.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5511
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5475
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5441
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5352
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5198
          +user: Proxies\__CG__\App\Entity\User {#4921 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5106
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4917
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#4869
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#4035
                  +user: App\Entity\User {#3983 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: null
                  +root: null
                  +body: """
                    As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                    \n
                    By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                    """
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 13
                  +score: 0
                  +lastActive: DateTime @1711630376 {#3949
                    date: 2024-03-28 13:52:56.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#4033 …}
                  +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                  +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                  +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                  -id: 276053
                  -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704277159 {#3985
                    date: 2024-01-03 11:19:19.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: """
                  > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                  \n
                  That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                  """
                +lang: "en"
                +isAdult: false
                +favouriteCount: 1
                +score: 0
                +lastActive: DateTime @1704278686 {#4867
                  date: 2024-01-03 11:44:46.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                ]
                +children: Doctrine\ORM\PersistentCollection {#4870 …}
                +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                -id: 276086
                -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7051439"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704278686 {#4868
                  date: 2024-01-03 11:44:46.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
              +lang: "en"
              +isAdult: false
              +favouriteCount: 5
              +score: 0
              +lastActive: DateTime @1704283692 {#4916
                date: 2024-01-03 13:08:12.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4926 …}
              +nested: Doctrine\ORM\PersistentCollection {#4922 …}
              +votes: Doctrine\ORM\PersistentCollection {#4924 …}
              +reports: Doctrine\ORM\PersistentCollection {#4929 …}
              +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
              +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
              -id: 276194
              -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056225"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704283692 {#4913
                date: 2024-01-03 13:08:12.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 0
            +score: 0
            +lastActive: DateTime @1704283988 {#5107
              date: 2024-01-03 13:13:08.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5099 …}
            +nested: Doctrine\ORM\PersistentCollection {#5097 …}
            +votes: Doctrine\ORM\PersistentCollection {#5095 …}
            +reports: Doctrine\ORM\PersistentCollection {#5108 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
            -id: 276202
            -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056271"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704283988 {#5104
              date: 2024-01-03 13:13:08.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 5
          +score: 0
          +lastActive: DateTime @1704285364 {#5197
            date: 2024-01-03 13:36:04.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5202 …}
          +nested: Doctrine\ORM\PersistentCollection {#5208 …}
          +votes: Doctrine\ORM\PersistentCollection {#5204 …}
          +reports: Doctrine\ORM\PersistentCollection {#5209 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
          -id: 276246
          -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056533"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704285364 {#5194
            date: 2024-01-03 13:36:04.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704285542 {#5353
          date: 2024-01-03 13:39:02.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5346 …}
        +nested: Doctrine\ORM\PersistentCollection {#5345 …}
        +votes: Doctrine\ORM\PersistentCollection {#5343 …}
        +reports: Doctrine\ORM\PersistentCollection {#5355 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
        -id: 276251
        -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056563"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285542 {#5350
          date: 2024-01-03 13:39:02.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704287608 {#5440
        date: 2024-01-03 14:13:28.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5445 …}
      +nested: Doctrine\ORM\PersistentCollection {#5451 …}
      +votes: Doctrine\ORM\PersistentCollection {#5447 …}
      +reports: Doctrine\ORM\PersistentCollection {#5452 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
      -id: 276319
      -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7057026"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704287608 {#5437
        date: 2024-01-03 14:13:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704288222 {#5480
      date: 2024-01-03 14:23:42.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5483 …}
    +nested: Doctrine\ORM\PersistentCollection {#5487 …}
    +votes: Doctrine\ORM\PersistentCollection {#5489 …}
    +reports: Doctrine\ORM\PersistentCollection {#5490 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
    -id: 276343
    -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7057314"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704288222 {#5477
      date: 2024-01-03 14:23:42.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704294264 {#5506
    date: 2024-01-03 16:04:24.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5503 …}
  +nested: Doctrine\ORM\PersistentCollection {#5500 …}
  +votes: Doctrine\ORM\PersistentCollection {#5498 …}
  +reports: Doctrine\ORM\PersistentCollection {#5512 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
  -id: 276604
  -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6381642"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704294264 {#5509
    date: 2024-01-03 16:04:24.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5511
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5475
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5441
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5352
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5198
          +user: Proxies\__CG__\App\Entity\User {#4921 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5106
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4917
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#4869
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#4035
                  +user: App\Entity\User {#3983 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: null
                  +root: null
                  +body: """
                    As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                    \n
                    By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                    """
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 13
                  +score: 0
                  +lastActive: DateTime @1711630376 {#3949
                    date: 2024-03-28 13:52:56.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#4033 …}
                  +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                  +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                  +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                  -id: 276053
                  -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704277159 {#3985
                    date: 2024-01-03 11:19:19.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: """
                  > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                  \n
                  That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                  """
                +lang: "en"
                +isAdult: false
                +favouriteCount: 1
                +score: 0
                +lastActive: DateTime @1704278686 {#4867
                  date: 2024-01-03 11:44:46.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                ]
                +children: Doctrine\ORM\PersistentCollection {#4870 …}
                +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                -id: 276086
                -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7051439"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704278686 {#4868
                  date: 2024-01-03 11:44:46.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
              +lang: "en"
              +isAdult: false
              +favouriteCount: 5
              +score: 0
              +lastActive: DateTime @1704283692 {#4916
                date: 2024-01-03 13:08:12.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4926 …}
              +nested: Doctrine\ORM\PersistentCollection {#4922 …}
              +votes: Doctrine\ORM\PersistentCollection {#4924 …}
              +reports: Doctrine\ORM\PersistentCollection {#4929 …}
              +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
              +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
              -id: 276194
              -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056225"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704283692 {#4913
                date: 2024-01-03 13:08:12.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 0
            +score: 0
            +lastActive: DateTime @1704283988 {#5107
              date: 2024-01-03 13:13:08.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5099 …}
            +nested: Doctrine\ORM\PersistentCollection {#5097 …}
            +votes: Doctrine\ORM\PersistentCollection {#5095 …}
            +reports: Doctrine\ORM\PersistentCollection {#5108 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
            -id: 276202
            -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056271"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704283988 {#5104
              date: 2024-01-03 13:13:08.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 5
          +score: 0
          +lastActive: DateTime @1704285364 {#5197
            date: 2024-01-03 13:36:04.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5202 …}
          +nested: Doctrine\ORM\PersistentCollection {#5208 …}
          +votes: Doctrine\ORM\PersistentCollection {#5204 …}
          +reports: Doctrine\ORM\PersistentCollection {#5209 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
          -id: 276246
          -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056533"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704285364 {#5194
            date: 2024-01-03 13:36:04.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704285542 {#5353
          date: 2024-01-03 13:39:02.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5346 …}
        +nested: Doctrine\ORM\PersistentCollection {#5345 …}
        +votes: Doctrine\ORM\PersistentCollection {#5343 …}
        +reports: Doctrine\ORM\PersistentCollection {#5355 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
        -id: 276251
        -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056563"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285542 {#5350
          date: 2024-01-03 13:39:02.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704287608 {#5440
        date: 2024-01-03 14:13:28.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5445 …}
      +nested: Doctrine\ORM\PersistentCollection {#5451 …}
      +votes: Doctrine\ORM\PersistentCollection {#5447 …}
      +reports: Doctrine\ORM\PersistentCollection {#5452 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
      -id: 276319
      -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7057026"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704287608 {#5437
        date: 2024-01-03 14:13:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704288222 {#5480
      date: 2024-01-03 14:23:42.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5483 …}
    +nested: Doctrine\ORM\PersistentCollection {#5487 …}
    +votes: Doctrine\ORM\PersistentCollection {#5489 …}
    +reports: Doctrine\ORM\PersistentCollection {#5490 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
    -id: 276343
    -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7057314"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704288222 {#5477
      date: 2024-01-03 14:23:42.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704294264 {#5506
    date: 2024-01-03 16:04:24.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5503 …}
  +nested: Doctrine\ORM\PersistentCollection {#5500 …}
  +votes: Doctrine\ORM\PersistentCollection {#5498 …}
  +reports: Doctrine\ORM\PersistentCollection {#5512 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
  -id: 276604
  -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6381642"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704294264 {#5509
    date: 2024-01-03 16:04:24.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5511
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5475
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5441
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5352
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5198
          +user: Proxies\__CG__\App\Entity\User {#4921 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5106
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4917
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#4869
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#4035
                  +user: App\Entity\User {#3983 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: null
                  +root: null
                  +body: """
                    As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                    \n
                    By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                    """
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 13
                  +score: 0
                  +lastActive: DateTime @1711630376 {#3949
                    date: 2024-03-28 13:52:56.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#4033 …}
                  +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                  +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                  +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                  -id: 276053
                  -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704277159 {#3985
                    date: 2024-01-03 11:19:19.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: """
                  > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                  \n
                  That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                  """
                +lang: "en"
                +isAdult: false
                +favouriteCount: 1
                +score: 0
                +lastActive: DateTime @1704278686 {#4867
                  date: 2024-01-03 11:44:46.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                ]
                +children: Doctrine\ORM\PersistentCollection {#4870 …}
                +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                -id: 276086
                -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7051439"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704278686 {#4868
                  date: 2024-01-03 11:44:46.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
              +lang: "en"
              +isAdult: false
              +favouriteCount: 5
              +score: 0
              +lastActive: DateTime @1704283692 {#4916
                date: 2024-01-03 13:08:12.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4926 …}
              +nested: Doctrine\ORM\PersistentCollection {#4922 …}
              +votes: Doctrine\ORM\PersistentCollection {#4924 …}
              +reports: Doctrine\ORM\PersistentCollection {#4929 …}
              +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
              +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
              -id: 276194
              -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056225"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704283692 {#4913
                date: 2024-01-03 13:08:12.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 0
            +score: 0
            +lastActive: DateTime @1704283988 {#5107
              date: 2024-01-03 13:13:08.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5099 …}
            +nested: Doctrine\ORM\PersistentCollection {#5097 …}
            +votes: Doctrine\ORM\PersistentCollection {#5095 …}
            +reports: Doctrine\ORM\PersistentCollection {#5108 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
            -id: 276202
            -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056271"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704283988 {#5104
              date: 2024-01-03 13:13:08.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 5
          +score: 0
          +lastActive: DateTime @1704285364 {#5197
            date: 2024-01-03 13:36:04.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5202 …}
          +nested: Doctrine\ORM\PersistentCollection {#5208 …}
          +votes: Doctrine\ORM\PersistentCollection {#5204 …}
          +reports: Doctrine\ORM\PersistentCollection {#5209 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
          -id: 276246
          -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056533"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704285364 {#5194
            date: 2024-01-03 13:36:04.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704285542 {#5353
          date: 2024-01-03 13:39:02.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5346 …}
        +nested: Doctrine\ORM\PersistentCollection {#5345 …}
        +votes: Doctrine\ORM\PersistentCollection {#5343 …}
        +reports: Doctrine\ORM\PersistentCollection {#5355 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
        -id: 276251
        -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056563"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285542 {#5350
          date: 2024-01-03 13:39:02.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704287608 {#5440
        date: 2024-01-03 14:13:28.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5445 …}
      +nested: Doctrine\ORM\PersistentCollection {#5451 …}
      +votes: Doctrine\ORM\PersistentCollection {#5447 …}
      +reports: Doctrine\ORM\PersistentCollection {#5452 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
      -id: 276319
      -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7057026"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704287608 {#5437
        date: 2024-01-03 14:13:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704288222 {#5480
      date: 2024-01-03 14:23:42.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5483 …}
    +nested: Doctrine\ORM\PersistentCollection {#5487 …}
    +votes: Doctrine\ORM\PersistentCollection {#5489 …}
    +reports: Doctrine\ORM\PersistentCollection {#5490 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
    -id: 276343
    -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7057314"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704288222 {#5477
      date: 2024-01-03 14:23:42.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704294264 {#5506
    date: 2024-01-03 16:04:24.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5503 …}
  +nested: Doctrine\ORM\PersistentCollection {#5500 …}
  +votes: Doctrine\ORM\PersistentCollection {#5498 …}
  +reports: Doctrine\ORM\PersistentCollection {#5512 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
  -id: 276604
  -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6381642"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704294264 {#5509
    date: 2024-01-03 16:04:24.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5533
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5511
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5475
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5441
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5352
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5198
            +user: Proxies\__CG__\App\Entity\User {#4921 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5106
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#4917
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#4869
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#4035
                    +user: App\Entity\User {#3983 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: null
                    +root: null
                    +body: """
                      As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                      \n
                      By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                      """
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 13
                    +score: 0
                    +lastActive: DateTime @1711630376 {#3949
                      date: 2024-03-28 13:52:56.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#4033 …}
                    +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                    +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                    +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                    -id: 276053
                    -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704277159 {#3985
                      date: 2024-01-03 11:19:19.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: """
                    > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                    \n
                    That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                    """
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 1
                  +score: 0
                  +lastActive: DateTime @1704278686 {#4867
                    date: 2024-01-03 11:44:46.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#4870 …}
                  +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                  +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                  +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                  -id: 276086
                  -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7051439"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704278686 {#4868
                    date: 2024-01-03 11:44:46.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                +lang: "en"
                +isAdult: false
                +favouriteCount: 5
                +score: 0
                +lastActive: DateTime @1704283692 {#4916
                  date: 2024-01-03 13:08:12.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#4926 …}
                +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                -id: 276194
                -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056225"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704283692 {#4913
                  date: 2024-01-03 13:08:12.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 0
              +score: 0
              +lastActive: DateTime @1704283988 {#5107
                date: 2024-01-03 13:13:08.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5099 …}
              +nested: Doctrine\ORM\PersistentCollection {#5097 …}
              +votes: Doctrine\ORM\PersistentCollection {#5095 …}
              +reports: Doctrine\ORM\PersistentCollection {#5108 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
              -id: 276202
              -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056271"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704283988 {#5104
                date: 2024-01-03 13:13:08.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 5
            +score: 0
            +lastActive: DateTime @1704285364 {#5197
              date: 2024-01-03 13:36:04.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5202 …}
            +nested: Doctrine\ORM\PersistentCollection {#5208 …}
            +votes: Doctrine\ORM\PersistentCollection {#5204 …}
            +reports: Doctrine\ORM\PersistentCollection {#5209 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
            -id: 276246
            -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056533"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704285364 {#5194
              date: 2024-01-03 13:36:04.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 0
          +score: 0
          +lastActive: DateTime @1704285542 {#5353
            date: 2024-01-03 13:39:02.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5346 …}
          +nested: Doctrine\ORM\PersistentCollection {#5345 …}
          +votes: Doctrine\ORM\PersistentCollection {#5343 …}
          +reports: Doctrine\ORM\PersistentCollection {#5355 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
          -id: 276251
          -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056563"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704285542 {#5350
            date: 2024-01-03 13:39:02.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704287608 {#5440
          date: 2024-01-03 14:13:28.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5445 …}
        +nested: Doctrine\ORM\PersistentCollection {#5451 …}
        +votes: Doctrine\ORM\PersistentCollection {#5447 …}
        +reports: Doctrine\ORM\PersistentCollection {#5452 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
        -id: 276319
        -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7057026"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704287608 {#5437
          date: 2024-01-03 14:13:28.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704288222 {#5480
        date: 2024-01-03 14:23:42.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5483 …}
      +nested: Doctrine\ORM\PersistentCollection {#5487 …}
      +votes: Doctrine\ORM\PersistentCollection {#5489 …}
      +reports: Doctrine\ORM\PersistentCollection {#5490 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
      -id: 276343
      -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7057314"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704288222 {#5477
        date: 2024-01-03 14:23:42.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704294264 {#5506
      date: 2024-01-03 16:04:24.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5503 …}
    +nested: Doctrine\ORM\PersistentCollection {#5500 …}
    +votes: Doctrine\ORM\PersistentCollection {#5498 …}
    +reports: Doctrine\ORM\PersistentCollection {#5512 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
    -id: 276604
    -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6381642"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704294264 {#5509
      date: 2024-01-03 16:04:24.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704296473 {#5528
    date: 2024-01-03 16:41:13.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5525 …}
  +nested: Doctrine\ORM\PersistentCollection {#5522 …}
  +votes: Doctrine\ORM\PersistentCollection {#5520 …}
  +reports: Doctrine\ORM\PersistentCollection {#5534 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
  -id: 276723
  -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7060540"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704296473 {#5531
    date: 2024-01-03 16:41:13.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5533
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5511
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5475
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5441
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5352
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5198
            +user: Proxies\__CG__\App\Entity\User {#4921 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5106
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#4917
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#4869
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#4035
                    +user: App\Entity\User {#3983 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: null
                    +root: null
                    +body: """
                      As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                      \n
                      By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                      """
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 13
                    +score: 0
                    +lastActive: DateTime @1711630376 {#3949
                      date: 2024-03-28 13:52:56.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#4033 …}
                    +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                    +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                    +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                    -id: 276053
                    -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704277159 {#3985
                      date: 2024-01-03 11:19:19.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: """
                    > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                    \n
                    That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                    """
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 1
                  +score: 0
                  +lastActive: DateTime @1704278686 {#4867
                    date: 2024-01-03 11:44:46.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#4870 …}
                  +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                  +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                  +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                  -id: 276086
                  -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7051439"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704278686 {#4868
                    date: 2024-01-03 11:44:46.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                +lang: "en"
                +isAdult: false
                +favouriteCount: 5
                +score: 0
                +lastActive: DateTime @1704283692 {#4916
                  date: 2024-01-03 13:08:12.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#4926 …}
                +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                -id: 276194
                -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056225"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704283692 {#4913
                  date: 2024-01-03 13:08:12.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 0
              +score: 0
              +lastActive: DateTime @1704283988 {#5107
                date: 2024-01-03 13:13:08.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5099 …}
              +nested: Doctrine\ORM\PersistentCollection {#5097 …}
              +votes: Doctrine\ORM\PersistentCollection {#5095 …}
              +reports: Doctrine\ORM\PersistentCollection {#5108 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
              -id: 276202
              -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056271"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704283988 {#5104
                date: 2024-01-03 13:13:08.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 5
            +score: 0
            +lastActive: DateTime @1704285364 {#5197
              date: 2024-01-03 13:36:04.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5202 …}
            +nested: Doctrine\ORM\PersistentCollection {#5208 …}
            +votes: Doctrine\ORM\PersistentCollection {#5204 …}
            +reports: Doctrine\ORM\PersistentCollection {#5209 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
            -id: 276246
            -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056533"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704285364 {#5194
              date: 2024-01-03 13:36:04.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 0
          +score: 0
          +lastActive: DateTime @1704285542 {#5353
            date: 2024-01-03 13:39:02.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5346 …}
          +nested: Doctrine\ORM\PersistentCollection {#5345 …}
          +votes: Doctrine\ORM\PersistentCollection {#5343 …}
          +reports: Doctrine\ORM\PersistentCollection {#5355 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
          -id: 276251
          -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056563"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704285542 {#5350
            date: 2024-01-03 13:39:02.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704287608 {#5440
          date: 2024-01-03 14:13:28.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5445 …}
        +nested: Doctrine\ORM\PersistentCollection {#5451 …}
        +votes: Doctrine\ORM\PersistentCollection {#5447 …}
        +reports: Doctrine\ORM\PersistentCollection {#5452 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
        -id: 276319
        -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7057026"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704287608 {#5437
          date: 2024-01-03 14:13:28.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704288222 {#5480
        date: 2024-01-03 14:23:42.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5483 …}
      +nested: Doctrine\ORM\PersistentCollection {#5487 …}
      +votes: Doctrine\ORM\PersistentCollection {#5489 …}
      +reports: Doctrine\ORM\PersistentCollection {#5490 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
      -id: 276343
      -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7057314"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704288222 {#5477
        date: 2024-01-03 14:23:42.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704294264 {#5506
      date: 2024-01-03 16:04:24.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5503 …}
    +nested: Doctrine\ORM\PersistentCollection {#5500 …}
    +votes: Doctrine\ORM\PersistentCollection {#5498 …}
    +reports: Doctrine\ORM\PersistentCollection {#5512 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
    -id: 276604
    -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6381642"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704294264 {#5509
      date: 2024-01-03 16:04:24.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704296473 {#5528
    date: 2024-01-03 16:41:13.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5525 …}
  +nested: Doctrine\ORM\PersistentCollection {#5522 …}
  +votes: Doctrine\ORM\PersistentCollection {#5520 …}
  +reports: Doctrine\ORM\PersistentCollection {#5534 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
  -id: 276723
  -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7060540"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704296473 {#5531
    date: 2024-01-03 16:41:13.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5533
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5511
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5475
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5441
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5352
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5198
            +user: Proxies\__CG__\App\Entity\User {#4921 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5106
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#4917
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#4869
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#4035
                    +user: App\Entity\User {#3983 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: null
                    +root: null
                    +body: """
                      As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                      \n
                      By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                      """
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 13
                    +score: 0
                    +lastActive: DateTime @1711630376 {#3949
                      date: 2024-03-28 13:52:56.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#4033 …}
                    +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                    +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                    +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                    -id: 276053
                    -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704277159 {#3985
                      date: 2024-01-03 11:19:19.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: """
                    > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                    \n
                    That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                    """
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 1
                  +score: 0
                  +lastActive: DateTime @1704278686 {#4867
                    date: 2024-01-03 11:44:46.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#4870 …}
                  +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                  +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                  +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                  -id: 276086
                  -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7051439"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704278686 {#4868
                    date: 2024-01-03 11:44:46.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                +lang: "en"
                +isAdult: false
                +favouriteCount: 5
                +score: 0
                +lastActive: DateTime @1704283692 {#4916
                  date: 2024-01-03 13:08:12.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#4926 …}
                +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                -id: 276194
                -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056225"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704283692 {#4913
                  date: 2024-01-03 13:08:12.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 0
              +score: 0
              +lastActive: DateTime @1704283988 {#5107
                date: 2024-01-03 13:13:08.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5099 …}
              +nested: Doctrine\ORM\PersistentCollection {#5097 …}
              +votes: Doctrine\ORM\PersistentCollection {#5095 …}
              +reports: Doctrine\ORM\PersistentCollection {#5108 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
              -id: 276202
              -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056271"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704283988 {#5104
                date: 2024-01-03 13:13:08.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 5
            +score: 0
            +lastActive: DateTime @1704285364 {#5197
              date: 2024-01-03 13:36:04.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5202 …}
            +nested: Doctrine\ORM\PersistentCollection {#5208 …}
            +votes: Doctrine\ORM\PersistentCollection {#5204 …}
            +reports: Doctrine\ORM\PersistentCollection {#5209 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
            -id: 276246
            -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056533"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704285364 {#5194
              date: 2024-01-03 13:36:04.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 0
          +score: 0
          +lastActive: DateTime @1704285542 {#5353
            date: 2024-01-03 13:39:02.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5346 …}
          +nested: Doctrine\ORM\PersistentCollection {#5345 …}
          +votes: Doctrine\ORM\PersistentCollection {#5343 …}
          +reports: Doctrine\ORM\PersistentCollection {#5355 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
          -id: 276251
          -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7056563"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704285542 {#5350
            date: 2024-01-03 13:39:02.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704287608 {#5440
          date: 2024-01-03 14:13:28.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5445 …}
        +nested: Doctrine\ORM\PersistentCollection {#5451 …}
        +votes: Doctrine\ORM\PersistentCollection {#5447 …}
        +reports: Doctrine\ORM\PersistentCollection {#5452 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
        -id: 276319
        -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7057026"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704287608 {#5437
          date: 2024-01-03 14:13:28.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704288222 {#5480
        date: 2024-01-03 14:23:42.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5483 …}
      +nested: Doctrine\ORM\PersistentCollection {#5487 …}
      +votes: Doctrine\ORM\PersistentCollection {#5489 …}
      +reports: Doctrine\ORM\PersistentCollection {#5490 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
      -id: 276343
      -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7057314"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704288222 {#5477
        date: 2024-01-03 14:23:42.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704294264 {#5506
      date: 2024-01-03 16:04:24.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5503 …}
    +nested: Doctrine\ORM\PersistentCollection {#5500 …}
    +votes: Doctrine\ORM\PersistentCollection {#5498 …}
    +reports: Doctrine\ORM\PersistentCollection {#5512 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
    -id: 276604
    -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6381642"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704294264 {#5509
      date: 2024-01-03 16:04:24.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704296473 {#5528
    date: 2024-01-03 16:41:13.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5525 …}
  +nested: Doctrine\ORM\PersistentCollection {#5522 …}
  +votes: Doctrine\ORM\PersistentCollection {#5520 …}
  +reports: Doctrine\ORM\PersistentCollection {#5534 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
  -id: 276723
  -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7060540"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704296473 {#5531
    date: 2024-01-03 16:41:13.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5555
  +user: Proxies\__CG__\App\Entity\User {#5547 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5533
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5511
      +user: Proxies\__CG__\App\Entity\User {#5264 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5475
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5441
          +user: Proxies\__CG__\App\Entity\User {#4921 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5352
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5198
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5106
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#4917
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#4869
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4035
                      +user: App\Entity\User {#3983 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: null
                      +root: null
                      +body: """
                        As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                        \n
                        By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                        """
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 13
                      +score: 0
                      +lastActive: DateTime @1711630376 {#3949
                        date: 2024-03-28 13:52:56.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4033 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                      -id: 276053
                      -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704277159 {#3985
                        date: 2024-01-03 11:19:19.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: """
                      > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                      \n
                      That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                      """
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 1
                    +score: 0
                    +lastActive: DateTime @1704278686 {#4867
                      date: 2024-01-03 11:44:46.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#4870 …}
                    +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                    +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                    +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                    -id: 276086
                    -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7051439"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704278686 {#4868
                      date: 2024-01-03 11:44:46.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 5
                  +score: 0
                  +lastActive: DateTime @1704283692 {#4916
                    date: 2024-01-03 13:08:12.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#4926 …}
                  +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                  +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                  +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                  -id: 276194
                  -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056225"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704283692 {#4913
                    date: 2024-01-03 13:08:12.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 0
                +score: 0
                +lastActive: DateTime @1704283988 {#5107
                  date: 2024-01-03 13:13:08.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5099 …}
                +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                -id: 276202
                -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056271"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704283988 {#5104
                  date: 2024-01-03 13:13:08.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 5
              +score: 0
              +lastActive: DateTime @1704285364 {#5197
                date: 2024-01-03 13:36:04.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5202 …}
              +nested: Doctrine\ORM\PersistentCollection {#5208 …}
              +votes: Doctrine\ORM\PersistentCollection {#5204 …}
              +reports: Doctrine\ORM\PersistentCollection {#5209 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
              -id: 276246
              -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056533"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704285364 {#5194
                date: 2024-01-03 13:36:04.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 0
            +score: 0
            +lastActive: DateTime @1704285542 {#5353
              date: 2024-01-03 13:39:02.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5346 …}
            +nested: Doctrine\ORM\PersistentCollection {#5345 …}
            +votes: Doctrine\ORM\PersistentCollection {#5343 …}
            +reports: Doctrine\ORM\PersistentCollection {#5355 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
            -id: 276251
            -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056563"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704285542 {#5350
              date: 2024-01-03 13:39:02.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704287608 {#5440
            date: 2024-01-03 14:13:28.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5445 …}
          +nested: Doctrine\ORM\PersistentCollection {#5451 …}
          +votes: Doctrine\ORM\PersistentCollection {#5447 …}
          +reports: Doctrine\ORM\PersistentCollection {#5452 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
          -id: 276319
          -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7057026"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704287608 {#5437
            date: 2024-01-03 14:13:28.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704288222 {#5480
          date: 2024-01-03 14:23:42.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5483 …}
        +nested: Doctrine\ORM\PersistentCollection {#5487 …}
        +votes: Doctrine\ORM\PersistentCollection {#5489 …}
        +reports: Doctrine\ORM\PersistentCollection {#5490 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
        -id: 276343
        -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7057314"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704288222 {#5477
          date: 2024-01-03 14:23:42.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704294264 {#5506
        date: 2024-01-03 16:04:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5503 …}
      +nested: Doctrine\ORM\PersistentCollection {#5500 …}
      +votes: Doctrine\ORM\PersistentCollection {#5498 …}
      +reports: Doctrine\ORM\PersistentCollection {#5512 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
      -id: 276604
      -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6381642"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704294264 {#5509
        date: 2024-01-03 16:04:24.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704296473 {#5528
      date: 2024-01-03 16:41:13.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5525 …}
    +nested: Doctrine\ORM\PersistentCollection {#5522 …}
    +votes: Doctrine\ORM\PersistentCollection {#5520 …}
    +reports: Doctrine\ORM\PersistentCollection {#5534 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
    -id: 276723
    -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7060540"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704296473 {#5531
      date: 2024-01-03 16:41:13.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1704297752 {#5550
    date: 2024-01-03 17:02:32.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5545 …}
  +nested: Doctrine\ORM\PersistentCollection {#5543 …}
  +votes: Doctrine\ORM\PersistentCollection {#5541 …}
  +reports: Doctrine\ORM\PersistentCollection {#5557 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
  -id: 276799
  -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7045805"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704297752 {#5553
    date: 2024-01-03 17:02:32.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5555
  +user: Proxies\__CG__\App\Entity\User {#5547 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5533
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5511
      +user: Proxies\__CG__\App\Entity\User {#5264 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5475
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5441
          +user: Proxies\__CG__\App\Entity\User {#4921 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5352
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5198
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5106
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#4917
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#4869
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4035
                      +user: App\Entity\User {#3983 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: null
                      +root: null
                      +body: """
                        As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                        \n
                        By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                        """
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 13
                      +score: 0
                      +lastActive: DateTime @1711630376 {#3949
                        date: 2024-03-28 13:52:56.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4033 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                      -id: 276053
                      -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704277159 {#3985
                        date: 2024-01-03 11:19:19.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: """
                      > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                      \n
                      That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                      """
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 1
                    +score: 0
                    +lastActive: DateTime @1704278686 {#4867
                      date: 2024-01-03 11:44:46.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#4870 …}
                    +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                    +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                    +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                    -id: 276086
                    -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7051439"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704278686 {#4868
                      date: 2024-01-03 11:44:46.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 5
                  +score: 0
                  +lastActive: DateTime @1704283692 {#4916
                    date: 2024-01-03 13:08:12.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#4926 …}
                  +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                  +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                  +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                  -id: 276194
                  -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056225"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704283692 {#4913
                    date: 2024-01-03 13:08:12.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 0
                +score: 0
                +lastActive: DateTime @1704283988 {#5107
                  date: 2024-01-03 13:13:08.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5099 …}
                +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                -id: 276202
                -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056271"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704283988 {#5104
                  date: 2024-01-03 13:13:08.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 5
              +score: 0
              +lastActive: DateTime @1704285364 {#5197
                date: 2024-01-03 13:36:04.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5202 …}
              +nested: Doctrine\ORM\PersistentCollection {#5208 …}
              +votes: Doctrine\ORM\PersistentCollection {#5204 …}
              +reports: Doctrine\ORM\PersistentCollection {#5209 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
              -id: 276246
              -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056533"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704285364 {#5194
                date: 2024-01-03 13:36:04.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 0
            +score: 0
            +lastActive: DateTime @1704285542 {#5353
              date: 2024-01-03 13:39:02.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5346 …}
            +nested: Doctrine\ORM\PersistentCollection {#5345 …}
            +votes: Doctrine\ORM\PersistentCollection {#5343 …}
            +reports: Doctrine\ORM\PersistentCollection {#5355 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
            -id: 276251
            -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056563"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704285542 {#5350
              date: 2024-01-03 13:39:02.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704287608 {#5440
            date: 2024-01-03 14:13:28.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5445 …}
          +nested: Doctrine\ORM\PersistentCollection {#5451 …}
          +votes: Doctrine\ORM\PersistentCollection {#5447 …}
          +reports: Doctrine\ORM\PersistentCollection {#5452 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
          -id: 276319
          -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7057026"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704287608 {#5437
            date: 2024-01-03 14:13:28.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704288222 {#5480
          date: 2024-01-03 14:23:42.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5483 …}
        +nested: Doctrine\ORM\PersistentCollection {#5487 …}
        +votes: Doctrine\ORM\PersistentCollection {#5489 …}
        +reports: Doctrine\ORM\PersistentCollection {#5490 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
        -id: 276343
        -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7057314"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704288222 {#5477
          date: 2024-01-03 14:23:42.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704294264 {#5506
        date: 2024-01-03 16:04:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5503 …}
      +nested: Doctrine\ORM\PersistentCollection {#5500 …}
      +votes: Doctrine\ORM\PersistentCollection {#5498 …}
      +reports: Doctrine\ORM\PersistentCollection {#5512 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
      -id: 276604
      -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6381642"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704294264 {#5509
        date: 2024-01-03 16:04:24.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704296473 {#5528
      date: 2024-01-03 16:41:13.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5525 …}
    +nested: Doctrine\ORM\PersistentCollection {#5522 …}
    +votes: Doctrine\ORM\PersistentCollection {#5520 …}
    +reports: Doctrine\ORM\PersistentCollection {#5534 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
    -id: 276723
    -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7060540"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704296473 {#5531
      date: 2024-01-03 16:41:13.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1704297752 {#5550
    date: 2024-01-03 17:02:32.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5545 …}
  +nested: Doctrine\ORM\PersistentCollection {#5543 …}
  +votes: Doctrine\ORM\PersistentCollection {#5541 …}
  +reports: Doctrine\ORM\PersistentCollection {#5557 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
  -id: 276799
  -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7045805"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704297752 {#5553
    date: 2024-01-03 17:02:32.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5555
  +user: Proxies\__CG__\App\Entity\User {#5547 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5533
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5511
      +user: Proxies\__CG__\App\Entity\User {#5264 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5475
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5441
          +user: Proxies\__CG__\App\Entity\User {#4921 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5352
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5198
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5106
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#4917
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#4869
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4035
                      +user: App\Entity\User {#3983 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: null
                      +root: null
                      +body: """
                        As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                        \n
                        By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                        """
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 13
                      +score: 0
                      +lastActive: DateTime @1711630376 {#3949
                        date: 2024-03-28 13:52:56.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4033 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                      -id: 276053
                      -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704277159 {#3985
                        date: 2024-01-03 11:19:19.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: """
                      > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                      \n
                      That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                      """
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 1
                    +score: 0
                    +lastActive: DateTime @1704278686 {#4867
                      date: 2024-01-03 11:44:46.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#4870 …}
                    +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                    +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                    +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                    -id: 276086
                    -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7051439"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704278686 {#4868
                      date: 2024-01-03 11:44:46.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 5
                  +score: 0
                  +lastActive: DateTime @1704283692 {#4916
                    date: 2024-01-03 13:08:12.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#4926 …}
                  +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                  +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                  +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                  -id: 276194
                  -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056225"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704283692 {#4913
                    date: 2024-01-03 13:08:12.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 0
                +score: 0
                +lastActive: DateTime @1704283988 {#5107
                  date: 2024-01-03 13:13:08.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5099 …}
                +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                -id: 276202
                -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056271"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704283988 {#5104
                  date: 2024-01-03 13:13:08.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 5
              +score: 0
              +lastActive: DateTime @1704285364 {#5197
                date: 2024-01-03 13:36:04.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5202 …}
              +nested: Doctrine\ORM\PersistentCollection {#5208 …}
              +votes: Doctrine\ORM\PersistentCollection {#5204 …}
              +reports: Doctrine\ORM\PersistentCollection {#5209 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
              -id: 276246
              -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056533"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704285364 {#5194
                date: 2024-01-03 13:36:04.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 0
            +score: 0
            +lastActive: DateTime @1704285542 {#5353
              date: 2024-01-03 13:39:02.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5346 …}
            +nested: Doctrine\ORM\PersistentCollection {#5345 …}
            +votes: Doctrine\ORM\PersistentCollection {#5343 …}
            +reports: Doctrine\ORM\PersistentCollection {#5355 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
            -id: 276251
            -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7056563"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704285542 {#5350
              date: 2024-01-03 13:39:02.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704287608 {#5440
            date: 2024-01-03 14:13:28.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5445 …}
          +nested: Doctrine\ORM\PersistentCollection {#5451 …}
          +votes: Doctrine\ORM\PersistentCollection {#5447 …}
          +reports: Doctrine\ORM\PersistentCollection {#5452 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
          -id: 276319
          -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7057026"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704287608 {#5437
            date: 2024-01-03 14:13:28.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704288222 {#5480
          date: 2024-01-03 14:23:42.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5483 …}
        +nested: Doctrine\ORM\PersistentCollection {#5487 …}
        +votes: Doctrine\ORM\PersistentCollection {#5489 …}
        +reports: Doctrine\ORM\PersistentCollection {#5490 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
        -id: 276343
        -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7057314"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704288222 {#5477
          date: 2024-01-03 14:23:42.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704294264 {#5506
        date: 2024-01-03 16:04:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5503 …}
      +nested: Doctrine\ORM\PersistentCollection {#5500 …}
      +votes: Doctrine\ORM\PersistentCollection {#5498 …}
      +reports: Doctrine\ORM\PersistentCollection {#5512 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
      -id: 276604
      -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6381642"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704294264 {#5509
        date: 2024-01-03 16:04:24.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704296473 {#5528
      date: 2024-01-03 16:41:13.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5525 …}
    +nested: Doctrine\ORM\PersistentCollection {#5522 …}
    +votes: Doctrine\ORM\PersistentCollection {#5520 …}
    +reports: Doctrine\ORM\PersistentCollection {#5534 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
    -id: 276723
    -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7060540"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704296473 {#5531
      date: 2024-01-03 16:41:13.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1704297752 {#5550
    date: 2024-01-03 17:02:32.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5545 …}
  +nested: Doctrine\ORM\PersistentCollection {#5543 …}
  +votes: Doctrine\ORM\PersistentCollection {#5541 …}
  +reports: Doctrine\ORM\PersistentCollection {#5557 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
  -id: 276799
  -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7045805"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704297752 {#5553
    date: 2024-01-03 17:02:32.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5578
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5555
    +user: Proxies\__CG__\App\Entity\User {#5547 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5533
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5511
        +user: Proxies\__CG__\App\Entity\User {#5264 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5475
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5441
            +user: Proxies\__CG__\App\Entity\User {#4921 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5352
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5198
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5106
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#4917
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4869
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4035
                        +user: App\Entity\User {#3983 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: null
                        +root: null
                        +body: """
                          As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                          \n
                          By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                          """
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 13
                        +score: 0
                        +lastActive: DateTime @1711630376 {#3949
                          date: 2024-03-28 13:52:56.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4033 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                        -id: 276053
                        -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704277159 {#3985
                          date: 2024-01-03 11:19:19.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: """
                        > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                        \n
                        That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                        """
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 1
                      +score: 0
                      +lastActive: DateTime @1704278686 {#4867
                        date: 2024-01-03 11:44:46.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4870 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                      -id: 276086
                      -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7051439"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704278686 {#4868
                        date: 2024-01-03 11:44:46.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 5
                    +score: 0
                    +lastActive: DateTime @1704283692 {#4916
                      date: 2024-01-03 13:08:12.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#4926 …}
                    +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                    +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                    +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                    -id: 276194
                    -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056225"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704283692 {#4913
                      date: 2024-01-03 13:08:12.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 0
                  +score: 0
                  +lastActive: DateTime @1704283988 {#5107
                    date: 2024-01-03 13:13:08.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5099 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                  -id: 276202
                  -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056271"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704283988 {#5104
                    date: 2024-01-03 13:13:08.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 5
                +score: 0
                +lastActive: DateTime @1704285364 {#5197
                  date: 2024-01-03 13:36:04.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5202 …}
                +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                -id: 276246
                -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056533"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704285364 {#5194
                  date: 2024-01-03 13:36:04.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 0
              +score: 0
              +lastActive: DateTime @1704285542 {#5353
                date: 2024-01-03 13:39:02.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5346 …}
              +nested: Doctrine\ORM\PersistentCollection {#5345 …}
              +votes: Doctrine\ORM\PersistentCollection {#5343 …}
              +reports: Doctrine\ORM\PersistentCollection {#5355 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
              -id: 276251
              -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056563"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704285542 {#5350
                date: 2024-01-03 13:39:02.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704287608 {#5440
              date: 2024-01-03 14:13:28.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5445 …}
            +nested: Doctrine\ORM\PersistentCollection {#5451 …}
            +votes: Doctrine\ORM\PersistentCollection {#5447 …}
            +reports: Doctrine\ORM\PersistentCollection {#5452 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
            -id: 276319
            -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7057026"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704287608 {#5437
              date: 2024-01-03 14:13:28.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704288222 {#5480
            date: 2024-01-03 14:23:42.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5483 …}
          +nested: Doctrine\ORM\PersistentCollection {#5487 …}
          +votes: Doctrine\ORM\PersistentCollection {#5489 …}
          +reports: Doctrine\ORM\PersistentCollection {#5490 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
          -id: 276343
          -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7057314"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704288222 {#5477
            date: 2024-01-03 14:23:42.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704294264 {#5506
          date: 2024-01-03 16:04:24.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5503 …}
        +nested: Doctrine\ORM\PersistentCollection {#5500 …}
        +votes: Doctrine\ORM\PersistentCollection {#5498 …}
        +reports: Doctrine\ORM\PersistentCollection {#5512 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
        -id: 276604
        -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/6381642"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704294264 {#5509
          date: 2024-01-03 16:04:24.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704296473 {#5528
        date: 2024-01-03 16:41:13.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5525 …}
      +nested: Doctrine\ORM\PersistentCollection {#5522 …}
      +votes: Doctrine\ORM\PersistentCollection {#5520 …}
      +reports: Doctrine\ORM\PersistentCollection {#5534 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
      -id: 276723
      -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7060540"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704296473 {#5531
        date: 2024-01-03 16:41:13.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 4
    +score: 0
    +lastActive: DateTime @1704297752 {#5550
      date: 2024-01-03 17:02:32.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5545 …}
    +nested: Doctrine\ORM\PersistentCollection {#5543 …}
    +votes: Doctrine\ORM\PersistentCollection {#5541 …}
    +reports: Doctrine\ORM\PersistentCollection {#5557 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
    -id: 276799
    -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7045805"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704297752 {#5553
      date: 2024-01-03 17:02:32.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "That is only really true of you use sudo with a zero second password caching timeout."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704304064 {#5573
    date: 2024-01-03 18:47:44.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5570 …}
  +nested: Doctrine\ORM\PersistentCollection {#5567 …}
  +votes: Doctrine\ORM\PersistentCollection {#5565 …}
  +reports: Doctrine\ORM\PersistentCollection {#5579 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
  -id: 277056
  -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7063638"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704304064 {#5576
    date: 2024-01-03 18:47:44.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5578
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5555
    +user: Proxies\__CG__\App\Entity\User {#5547 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5533
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5511
        +user: Proxies\__CG__\App\Entity\User {#5264 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5475
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5441
            +user: Proxies\__CG__\App\Entity\User {#4921 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5352
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5198
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5106
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#4917
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4869
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4035
                        +user: App\Entity\User {#3983 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: null
                        +root: null
                        +body: """
                          As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                          \n
                          By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                          """
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 13
                        +score: 0
                        +lastActive: DateTime @1711630376 {#3949
                          date: 2024-03-28 13:52:56.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4033 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                        -id: 276053
                        -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704277159 {#3985
                          date: 2024-01-03 11:19:19.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: """
                        > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                        \n
                        That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                        """
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 1
                      +score: 0
                      +lastActive: DateTime @1704278686 {#4867
                        date: 2024-01-03 11:44:46.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4870 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                      -id: 276086
                      -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7051439"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704278686 {#4868
                        date: 2024-01-03 11:44:46.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 5
                    +score: 0
                    +lastActive: DateTime @1704283692 {#4916
                      date: 2024-01-03 13:08:12.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#4926 …}
                    +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                    +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                    +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                    -id: 276194
                    -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056225"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704283692 {#4913
                      date: 2024-01-03 13:08:12.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 0
                  +score: 0
                  +lastActive: DateTime @1704283988 {#5107
                    date: 2024-01-03 13:13:08.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5099 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                  -id: 276202
                  -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056271"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704283988 {#5104
                    date: 2024-01-03 13:13:08.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 5
                +score: 0
                +lastActive: DateTime @1704285364 {#5197
                  date: 2024-01-03 13:36:04.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5202 …}
                +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                -id: 276246
                -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056533"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704285364 {#5194
                  date: 2024-01-03 13:36:04.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 0
              +score: 0
              +lastActive: DateTime @1704285542 {#5353
                date: 2024-01-03 13:39:02.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5346 …}
              +nested: Doctrine\ORM\PersistentCollection {#5345 …}
              +votes: Doctrine\ORM\PersistentCollection {#5343 …}
              +reports: Doctrine\ORM\PersistentCollection {#5355 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
              -id: 276251
              -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056563"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704285542 {#5350
                date: 2024-01-03 13:39:02.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704287608 {#5440
              date: 2024-01-03 14:13:28.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5445 …}
            +nested: Doctrine\ORM\PersistentCollection {#5451 …}
            +votes: Doctrine\ORM\PersistentCollection {#5447 …}
            +reports: Doctrine\ORM\PersistentCollection {#5452 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
            -id: 276319
            -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7057026"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704287608 {#5437
              date: 2024-01-03 14:13:28.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704288222 {#5480
            date: 2024-01-03 14:23:42.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5483 …}
          +nested: Doctrine\ORM\PersistentCollection {#5487 …}
          +votes: Doctrine\ORM\PersistentCollection {#5489 …}
          +reports: Doctrine\ORM\PersistentCollection {#5490 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
          -id: 276343
          -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7057314"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704288222 {#5477
            date: 2024-01-03 14:23:42.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704294264 {#5506
          date: 2024-01-03 16:04:24.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5503 …}
        +nested: Doctrine\ORM\PersistentCollection {#5500 …}
        +votes: Doctrine\ORM\PersistentCollection {#5498 …}
        +reports: Doctrine\ORM\PersistentCollection {#5512 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
        -id: 276604
        -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/6381642"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704294264 {#5509
          date: 2024-01-03 16:04:24.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704296473 {#5528
        date: 2024-01-03 16:41:13.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5525 …}
      +nested: Doctrine\ORM\PersistentCollection {#5522 …}
      +votes: Doctrine\ORM\PersistentCollection {#5520 …}
      +reports: Doctrine\ORM\PersistentCollection {#5534 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
      -id: 276723
      -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7060540"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704296473 {#5531
        date: 2024-01-03 16:41:13.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 4
    +score: 0
    +lastActive: DateTime @1704297752 {#5550
      date: 2024-01-03 17:02:32.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5545 …}
    +nested: Doctrine\ORM\PersistentCollection {#5543 …}
    +votes: Doctrine\ORM\PersistentCollection {#5541 …}
    +reports: Doctrine\ORM\PersistentCollection {#5557 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
    -id: 276799
    -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7045805"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704297752 {#5553
      date: 2024-01-03 17:02:32.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "That is only really true of you use sudo with a zero second password caching timeout."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704304064 {#5573
    date: 2024-01-03 18:47:44.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5570 …}
  +nested: Doctrine\ORM\PersistentCollection {#5567 …}
  +votes: Doctrine\ORM\PersistentCollection {#5565 …}
  +reports: Doctrine\ORM\PersistentCollection {#5579 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
  -id: 277056
  -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7063638"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704304064 {#5576
    date: 2024-01-03 18:47:44.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5578
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5555
    +user: Proxies\__CG__\App\Entity\User {#5547 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5533
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5511
        +user: Proxies\__CG__\App\Entity\User {#5264 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5475
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5441
            +user: Proxies\__CG__\App\Entity\User {#4921 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5352
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5198
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5106
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#4917
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4869
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4035
                        +user: App\Entity\User {#3983 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: null
                        +root: null
                        +body: """
                          As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                          \n
                          By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                          """
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 13
                        +score: 0
                        +lastActive: DateTime @1711630376 {#3949
                          date: 2024-03-28 13:52:56.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4033 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                        -id: 276053
                        -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704277159 {#3985
                          date: 2024-01-03 11:19:19.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: """
                        > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                        \n
                        That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                        """
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 1
                      +score: 0
                      +lastActive: DateTime @1704278686 {#4867
                        date: 2024-01-03 11:44:46.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4870 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                      -id: 276086
                      -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7051439"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704278686 {#4868
                        date: 2024-01-03 11:44:46.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 5
                    +score: 0
                    +lastActive: DateTime @1704283692 {#4916
                      date: 2024-01-03 13:08:12.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#4926 …}
                    +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                    +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                    +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                    -id: 276194
                    -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056225"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704283692 {#4913
                      date: 2024-01-03 13:08:12.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 0
                  +score: 0
                  +lastActive: DateTime @1704283988 {#5107
                    date: 2024-01-03 13:13:08.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5099 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                  -id: 276202
                  -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056271"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704283988 {#5104
                    date: 2024-01-03 13:13:08.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 5
                +score: 0
                +lastActive: DateTime @1704285364 {#5197
                  date: 2024-01-03 13:36:04.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5202 …}
                +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                -id: 276246
                -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056533"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704285364 {#5194
                  date: 2024-01-03 13:36:04.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 0
              +score: 0
              +lastActive: DateTime @1704285542 {#5353
                date: 2024-01-03 13:39:02.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5346 …}
              +nested: Doctrine\ORM\PersistentCollection {#5345 …}
              +votes: Doctrine\ORM\PersistentCollection {#5343 …}
              +reports: Doctrine\ORM\PersistentCollection {#5355 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
              -id: 276251
              -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7056563"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704285542 {#5350
                date: 2024-01-03 13:39:02.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704287608 {#5440
              date: 2024-01-03 14:13:28.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5445 …}
            +nested: Doctrine\ORM\PersistentCollection {#5451 …}
            +votes: Doctrine\ORM\PersistentCollection {#5447 …}
            +reports: Doctrine\ORM\PersistentCollection {#5452 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
            -id: 276319
            -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7057026"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704287608 {#5437
              date: 2024-01-03 14:13:28.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704288222 {#5480
            date: 2024-01-03 14:23:42.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5483 …}
          +nested: Doctrine\ORM\PersistentCollection {#5487 …}
          +votes: Doctrine\ORM\PersistentCollection {#5489 …}
          +reports: Doctrine\ORM\PersistentCollection {#5490 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
          -id: 276343
          -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7057314"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704288222 {#5477
            date: 2024-01-03 14:23:42.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704294264 {#5506
          date: 2024-01-03 16:04:24.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5503 …}
        +nested: Doctrine\ORM\PersistentCollection {#5500 …}
        +votes: Doctrine\ORM\PersistentCollection {#5498 …}
        +reports: Doctrine\ORM\PersistentCollection {#5512 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
        -id: 276604
        -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/6381642"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704294264 {#5509
          date: 2024-01-03 16:04:24.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704296473 {#5528
        date: 2024-01-03 16:41:13.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5525 …}
      +nested: Doctrine\ORM\PersistentCollection {#5522 …}
      +votes: Doctrine\ORM\PersistentCollection {#5520 …}
      +reports: Doctrine\ORM\PersistentCollection {#5534 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
      -id: 276723
      -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7060540"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704296473 {#5531
        date: 2024-01-03 16:41:13.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 4
    +score: 0
    +lastActive: DateTime @1704297752 {#5550
      date: 2024-01-03 17:02:32.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5545 …}
    +nested: Doctrine\ORM\PersistentCollection {#5543 …}
    +votes: Doctrine\ORM\PersistentCollection {#5541 …}
    +reports: Doctrine\ORM\PersistentCollection {#5557 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
    -id: 276799
    -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7045805"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704297752 {#5553
      date: 2024-01-03 17:02:32.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "That is only really true of you use sudo with a zero second password caching timeout."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704304064 {#5573
    date: 2024-01-03 18:47:44.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5570 …}
  +nested: Doctrine\ORM\PersistentCollection {#5567 …}
  +votes: Doctrine\ORM\PersistentCollection {#5565 …}
  +reports: Doctrine\ORM\PersistentCollection {#5579 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
  -id: 277056
  -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7063638"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704304064 {#5576
    date: 2024-01-03 18:47:44.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5600
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5578
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5555
      +user: Proxies\__CG__\App\Entity\User {#5547 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5533
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5511
          +user: Proxies\__CG__\App\Entity\User {#5264 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5475
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5441
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5352
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5198
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5106
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4917
                      +user: Proxies\__CG__\App\Entity\User {#4921 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4869
                        +user: App\Entity\User {#4753 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4035
                          +user: App\Entity\User {#3983 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: null
                          +root: null
                          +body: """
                            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                            \n
                            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 13
                          +score: 0
                          +lastActive: DateTime @1711630376 {#3949
                            date: 2024-03-28 13:52:56.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4033 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                          -id: 276053
                          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704277159 {#3985
                            date: 2024-01-03 11:19:19.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: """
                          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                          \n
                          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                          """
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 1
                        +score: 0
                        +lastActive: DateTime @1704278686 {#4867
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4870 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                        -id: 276086
                        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7051439"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704278686 {#4868
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 5
                      +score: 0
                      +lastActive: DateTime @1704283692 {#4916
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4926 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                      -id: 276194
                      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056225"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283692 {#4913
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 0
                    +score: 0
                    +lastActive: DateTime @1704283988 {#5107
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5099 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                    -id: 276202
                    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056271"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704283988 {#5104
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 5
                  +score: 0
                  +lastActive: DateTime @1704285364 {#5197
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5202 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                  -id: 276246
                  -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056533"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285364 {#5194
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 0
                +score: 0
                +lastActive: DateTime @1704285542 {#5353
                  date: 2024-01-03 13:39:02.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5346 …}
                +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                -id: 276251
                -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056563"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704285542 {#5350
                  date: 2024-01-03 13:39:02.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704287608 {#5440
                date: 2024-01-03 14:13:28.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5445 …}
              +nested: Doctrine\ORM\PersistentCollection {#5451 …}
              +votes: Doctrine\ORM\PersistentCollection {#5447 …}
              +reports: Doctrine\ORM\PersistentCollection {#5452 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
              -id: 276319
              -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057026"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704287608 {#5437
                date: 2024-01-03 14:13:28.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704288222 {#5480
              date: 2024-01-03 14:23:42.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5483 …}
            +nested: Doctrine\ORM\PersistentCollection {#5487 …}
            +votes: Doctrine\ORM\PersistentCollection {#5489 …}
            +reports: Doctrine\ORM\PersistentCollection {#5490 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
            -id: 276343
            -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7057314"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704288222 {#5477
              date: 2024-01-03 14:23:42.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704294264 {#5506
            date: 2024-01-03 16:04:24.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5503 …}
          +nested: Doctrine\ORM\PersistentCollection {#5500 …}
          +votes: Doctrine\ORM\PersistentCollection {#5498 …}
          +reports: Doctrine\ORM\PersistentCollection {#5512 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
          -id: 276604
          -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.world/comment/6381642"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704294264 {#5509
            date: 2024-01-03 16:04:24.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704296473 {#5528
          date: 2024-01-03 16:41:13.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5525 …}
        +nested: Doctrine\ORM\PersistentCollection {#5522 …}
        +votes: Doctrine\ORM\PersistentCollection {#5520 …}
        +reports: Doctrine\ORM\PersistentCollection {#5534 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
        -id: 276723
        -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7060540"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704296473 {#5531
          date: 2024-01-03 16:41:13.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 4
      +score: 0
      +lastActive: DateTime @1704297752 {#5550
        date: 2024-01-03 17:02:32.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5545 …}
      +nested: Doctrine\ORM\PersistentCollection {#5543 …}
      +votes: Doctrine\ORM\PersistentCollection {#5541 …}
      +reports: Doctrine\ORM\PersistentCollection {#5557 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
      -id: 276799
      -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7045805"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704297752 {#5553
        date: 2024-01-03 17:02:32.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "That is only really true of you use sudo with a zero second password caching timeout."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704304064 {#5573
      date: 2024-01-03 18:47:44.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5570 …}
    +nested: Doctrine\ORM\PersistentCollection {#5567 …}
    +votes: Doctrine\ORM\PersistentCollection {#5565 …}
    +reports: Doctrine\ORM\PersistentCollection {#5579 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
    -id: 277056
    -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7063638"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704304064 {#5576
      date: 2024-01-03 18:47:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704305517 {#5595
    date: 2024-01-03 19:11:57.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5592 …}
  +nested: Doctrine\ORM\PersistentCollection {#5589 …}
  +votes: Doctrine\ORM\PersistentCollection {#5587 …}
  +reports: Doctrine\ORM\PersistentCollection {#5601 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
  -id: 277123
  -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6384746"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704305517 {#5598
    date: 2024-01-03 19:11:57.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5600
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5578
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5555
      +user: Proxies\__CG__\App\Entity\User {#5547 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5533
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5511
          +user: Proxies\__CG__\App\Entity\User {#5264 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5475
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5441
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5352
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5198
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5106
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4917
                      +user: Proxies\__CG__\App\Entity\User {#4921 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4869
                        +user: App\Entity\User {#4753 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4035
                          +user: App\Entity\User {#3983 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: null
                          +root: null
                          +body: """
                            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                            \n
                            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 13
                          +score: 0
                          +lastActive: DateTime @1711630376 {#3949
                            date: 2024-03-28 13:52:56.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4033 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                          -id: 276053
                          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704277159 {#3985
                            date: 2024-01-03 11:19:19.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: """
                          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                          \n
                          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                          """
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 1
                        +score: 0
                        +lastActive: DateTime @1704278686 {#4867
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4870 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                        -id: 276086
                        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7051439"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704278686 {#4868
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 5
                      +score: 0
                      +lastActive: DateTime @1704283692 {#4916
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4926 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                      -id: 276194
                      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056225"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283692 {#4913
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 0
                    +score: 0
                    +lastActive: DateTime @1704283988 {#5107
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5099 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                    -id: 276202
                    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056271"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704283988 {#5104
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 5
                  +score: 0
                  +lastActive: DateTime @1704285364 {#5197
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5202 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                  -id: 276246
                  -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056533"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285364 {#5194
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 0
                +score: 0
                +lastActive: DateTime @1704285542 {#5353
                  date: 2024-01-03 13:39:02.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5346 …}
                +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                -id: 276251
                -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056563"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704285542 {#5350
                  date: 2024-01-03 13:39:02.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704287608 {#5440
                date: 2024-01-03 14:13:28.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5445 …}
              +nested: Doctrine\ORM\PersistentCollection {#5451 …}
              +votes: Doctrine\ORM\PersistentCollection {#5447 …}
              +reports: Doctrine\ORM\PersistentCollection {#5452 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
              -id: 276319
              -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057026"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704287608 {#5437
                date: 2024-01-03 14:13:28.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704288222 {#5480
              date: 2024-01-03 14:23:42.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5483 …}
            +nested: Doctrine\ORM\PersistentCollection {#5487 …}
            +votes: Doctrine\ORM\PersistentCollection {#5489 …}
            +reports: Doctrine\ORM\PersistentCollection {#5490 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
            -id: 276343
            -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7057314"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704288222 {#5477
              date: 2024-01-03 14:23:42.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704294264 {#5506
            date: 2024-01-03 16:04:24.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5503 …}
          +nested: Doctrine\ORM\PersistentCollection {#5500 …}
          +votes: Doctrine\ORM\PersistentCollection {#5498 …}
          +reports: Doctrine\ORM\PersistentCollection {#5512 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
          -id: 276604
          -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.world/comment/6381642"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704294264 {#5509
            date: 2024-01-03 16:04:24.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704296473 {#5528
          date: 2024-01-03 16:41:13.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5525 …}
        +nested: Doctrine\ORM\PersistentCollection {#5522 …}
        +votes: Doctrine\ORM\PersistentCollection {#5520 …}
        +reports: Doctrine\ORM\PersistentCollection {#5534 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
        -id: 276723
        -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7060540"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704296473 {#5531
          date: 2024-01-03 16:41:13.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 4
      +score: 0
      +lastActive: DateTime @1704297752 {#5550
        date: 2024-01-03 17:02:32.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5545 …}
      +nested: Doctrine\ORM\PersistentCollection {#5543 …}
      +votes: Doctrine\ORM\PersistentCollection {#5541 …}
      +reports: Doctrine\ORM\PersistentCollection {#5557 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
      -id: 276799
      -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7045805"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704297752 {#5553
        date: 2024-01-03 17:02:32.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "That is only really true of you use sudo with a zero second password caching timeout."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704304064 {#5573
      date: 2024-01-03 18:47:44.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5570 …}
    +nested: Doctrine\ORM\PersistentCollection {#5567 …}
    +votes: Doctrine\ORM\PersistentCollection {#5565 …}
    +reports: Doctrine\ORM\PersistentCollection {#5579 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
    -id: 277056
    -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7063638"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704304064 {#5576
      date: 2024-01-03 18:47:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704305517 {#5595
    date: 2024-01-03 19:11:57.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5592 …}
  +nested: Doctrine\ORM\PersistentCollection {#5589 …}
  +votes: Doctrine\ORM\PersistentCollection {#5587 …}
  +reports: Doctrine\ORM\PersistentCollection {#5601 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
  -id: 277123
  -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6384746"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704305517 {#5598
    date: 2024-01-03 19:11:57.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5600
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5578
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5555
      +user: Proxies\__CG__\App\Entity\User {#5547 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5533
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5511
          +user: Proxies\__CG__\App\Entity\User {#5264 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5475
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5441
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5352
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5198
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5106
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4917
                      +user: Proxies\__CG__\App\Entity\User {#4921 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4869
                        +user: App\Entity\User {#4753 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4035
                          +user: App\Entity\User {#3983 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: null
                          +root: null
                          +body: """
                            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                            \n
                            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 13
                          +score: 0
                          +lastActive: DateTime @1711630376 {#3949
                            date: 2024-03-28 13:52:56.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4033 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                          -id: 276053
                          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704277159 {#3985
                            date: 2024-01-03 11:19:19.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: """
                          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                          \n
                          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                          """
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 1
                        +score: 0
                        +lastActive: DateTime @1704278686 {#4867
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4870 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                        -id: 276086
                        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7051439"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704278686 {#4868
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 5
                      +score: 0
                      +lastActive: DateTime @1704283692 {#4916
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4926 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                      -id: 276194
                      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056225"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283692 {#4913
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 0
                    +score: 0
                    +lastActive: DateTime @1704283988 {#5107
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5099 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                    -id: 276202
                    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056271"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704283988 {#5104
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 5
                  +score: 0
                  +lastActive: DateTime @1704285364 {#5197
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5202 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                  -id: 276246
                  -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056533"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285364 {#5194
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 0
                +score: 0
                +lastActive: DateTime @1704285542 {#5353
                  date: 2024-01-03 13:39:02.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5346 …}
                +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                -id: 276251
                -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056563"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704285542 {#5350
                  date: 2024-01-03 13:39:02.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704287608 {#5440
                date: 2024-01-03 14:13:28.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5445 …}
              +nested: Doctrine\ORM\PersistentCollection {#5451 …}
              +votes: Doctrine\ORM\PersistentCollection {#5447 …}
              +reports: Doctrine\ORM\PersistentCollection {#5452 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
              -id: 276319
              -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057026"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704287608 {#5437
                date: 2024-01-03 14:13:28.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704288222 {#5480
              date: 2024-01-03 14:23:42.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5483 …}
            +nested: Doctrine\ORM\PersistentCollection {#5487 …}
            +votes: Doctrine\ORM\PersistentCollection {#5489 …}
            +reports: Doctrine\ORM\PersistentCollection {#5490 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
            -id: 276343
            -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7057314"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704288222 {#5477
              date: 2024-01-03 14:23:42.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704294264 {#5506
            date: 2024-01-03 16:04:24.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5503 …}
          +nested: Doctrine\ORM\PersistentCollection {#5500 …}
          +votes: Doctrine\ORM\PersistentCollection {#5498 …}
          +reports: Doctrine\ORM\PersistentCollection {#5512 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
          -id: 276604
          -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.world/comment/6381642"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704294264 {#5509
            date: 2024-01-03 16:04:24.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704296473 {#5528
          date: 2024-01-03 16:41:13.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5525 …}
        +nested: Doctrine\ORM\PersistentCollection {#5522 …}
        +votes: Doctrine\ORM\PersistentCollection {#5520 …}
        +reports: Doctrine\ORM\PersistentCollection {#5534 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
        -id: 276723
        -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7060540"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704296473 {#5531
          date: 2024-01-03 16:41:13.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 4
      +score: 0
      +lastActive: DateTime @1704297752 {#5550
        date: 2024-01-03 17:02:32.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5545 …}
      +nested: Doctrine\ORM\PersistentCollection {#5543 …}
      +votes: Doctrine\ORM\PersistentCollection {#5541 …}
      +reports: Doctrine\ORM\PersistentCollection {#5557 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
      -id: 276799
      -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7045805"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704297752 {#5553
        date: 2024-01-03 17:02:32.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "That is only really true of you use sudo with a zero second password caching timeout."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704304064 {#5573
      date: 2024-01-03 18:47:44.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5570 …}
    +nested: Doctrine\ORM\PersistentCollection {#5567 …}
    +votes: Doctrine\ORM\PersistentCollection {#5565 …}
    +reports: Doctrine\ORM\PersistentCollection {#5579 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
    -id: 277056
    -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7063638"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704304064 {#5576
      date: 2024-01-03 18:47:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704305517 {#5595
    date: 2024-01-03 19:11:57.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5592 …}
  +nested: Doctrine\ORM\PersistentCollection {#5589 …}
  +votes: Doctrine\ORM\PersistentCollection {#5587 …}
  +reports: Doctrine\ORM\PersistentCollection {#5601 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
  -id: 277123
  -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6384746"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704305517 {#5598
    date: 2024-01-03 19:11:57.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5623
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5600
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5578
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5555
        +user: Proxies\__CG__\App\Entity\User {#5547 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5533
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5511
            +user: Proxies\__CG__\App\Entity\User {#5264 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5475
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5441
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5352
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5198
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5106
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4917
                        +user: Proxies\__CG__\App\Entity\User {#4921 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4869
                          +user: App\Entity\User {#4753 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4035
                            +user: App\Entity\User {#3983 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: null
                            +root: null
                            +body: """
                              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                              \n
                              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                              """
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 13
                            +score: 0
                            +lastActive: DateTime @1711630376 {#3949
                              date: 2024-03-28 13:52:56.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4033 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                            -id: 276053
                            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704277159 {#3985
                              date: 2024-01-03 11:19:19.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: """
                            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                            \n
                            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 1
                          +score: 0
                          +lastActive: DateTime @1704278686 {#4867
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4870 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                          -id: 276086
                          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7051439"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704278686 {#4868
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 5
                        +score: 0
                        +lastActive: DateTime @1704283692 {#4916
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4926 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                        -id: 276194
                        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056225"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704283692 {#4913
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 0
                      +score: 0
                      +lastActive: DateTime @1704283988 {#5107
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5099 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                      -id: 276202
                      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056271"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283988 {#5104
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 5
                    +score: 0
                    +lastActive: DateTime @1704285364 {#5197
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5202 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                    -id: 276246
                    -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056533"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704285364 {#5194
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 0
                  +score: 0
                  +lastActive: DateTime @1704285542 {#5353
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5346 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                  -id: 276251
                  -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056563"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285542 {#5350
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704287608 {#5440
                  date: 2024-01-03 14:13:28.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5445 …}
                +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                -id: 276319
                -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7057026"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704287608 {#5437
                  date: 2024-01-03 14:13:28.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704288222 {#5480
                date: 2024-01-03 14:23:42.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5483 …}
              +nested: Doctrine\ORM\PersistentCollection {#5487 …}
              +votes: Doctrine\ORM\PersistentCollection {#5489 …}
              +reports: Doctrine\ORM\PersistentCollection {#5490 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
              -id: 276343
              -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057314"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704288222 {#5477
                date: 2024-01-03 14:23:42.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704294264 {#5506
              date: 2024-01-03 16:04:24.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5503 …}
            +nested: Doctrine\ORM\PersistentCollection {#5500 …}
            +votes: Doctrine\ORM\PersistentCollection {#5498 …}
            +reports: Doctrine\ORM\PersistentCollection {#5512 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
            -id: 276604
            -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://lemmy.world/comment/6381642"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704294264 {#5509
              date: 2024-01-03 16:04:24.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704296473 {#5528
            date: 2024-01-03 16:41:13.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5525 …}
          +nested: Doctrine\ORM\PersistentCollection {#5522 …}
          +votes: Doctrine\ORM\PersistentCollection {#5520 …}
          +reports: Doctrine\ORM\PersistentCollection {#5534 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
          -id: 276723
          -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7060540"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704296473 {#5531
            date: 2024-01-03 16:41:13.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 4
        +score: 0
        +lastActive: DateTime @1704297752 {#5550
          date: 2024-01-03 17:02:32.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5545 …}
        +nested: Doctrine\ORM\PersistentCollection {#5543 …}
        +votes: Doctrine\ORM\PersistentCollection {#5541 …}
        +reports: Doctrine\ORM\PersistentCollection {#5557 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
        -id: 276799
        -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7045805"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704297752 {#5553
          date: 2024-01-03 17:02:32.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "That is only really true of you use sudo with a zero second password caching timeout."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704304064 {#5573
        date: 2024-01-03 18:47:44.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5570 …}
      +nested: Doctrine\ORM\PersistentCollection {#5567 …}
      +votes: Doctrine\ORM\PersistentCollection {#5565 …}
      +reports: Doctrine\ORM\PersistentCollection {#5579 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
      -id: 277056
      -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7063638"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704304064 {#5576
        date: 2024-01-03 18:47:44.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704305517 {#5595
      date: 2024-01-03 19:11:57.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5592 …}
    +nested: Doctrine\ORM\PersistentCollection {#5589 …}
    +votes: Doctrine\ORM\PersistentCollection {#5587 …}
    +reports: Doctrine\ORM\PersistentCollection {#5601 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
    -id: 277123
    -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6384746"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704305517 {#5598
      date: 2024-01-03 19:11:57.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    > Any reduction in root access is beneficial.\n
    \n
    Such as having fewer users who are allowed to use sudo to become root and whose compromise can thus lead to a root compromise?
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704355806 {#5628
    date: 2024-01-04 09:10:06.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5631 …}
  +nested: Doctrine\ORM\PersistentCollection {#5635 …}
  +votes: Doctrine\ORM\PersistentCollection {#5637 …}
  +reports: Doctrine\ORM\PersistentCollection {#5638 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5640 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5642 …}
  -id: 278974
  -bodyTs: "'access':5 'allow':15 'becom':20 'benefici':7 'compromis':24,31 'fewer':11 'lead':27 'reduct':2 'root':4,21,30 'sudo':18 'thus':26 'use':17 'user':12 'whose':23"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7081607"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704355806 {#5625
    date: 2024-01-04 09:10:06.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5623
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5600
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5578
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5555
        +user: Proxies\__CG__\App\Entity\User {#5547 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5533
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5511
            +user: Proxies\__CG__\App\Entity\User {#5264 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5475
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5441
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5352
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5198
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5106
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4917
                        +user: Proxies\__CG__\App\Entity\User {#4921 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4869
                          +user: App\Entity\User {#4753 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4035
                            +user: App\Entity\User {#3983 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: null
                            +root: null
                            +body: """
                              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                              \n
                              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                              """
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 13
                            +score: 0
                            +lastActive: DateTime @1711630376 {#3949
                              date: 2024-03-28 13:52:56.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4033 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                            -id: 276053
                            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704277159 {#3985
                              date: 2024-01-03 11:19:19.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: """
                            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                            \n
                            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 1
                          +score: 0
                          +lastActive: DateTime @1704278686 {#4867
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4870 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                          -id: 276086
                          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7051439"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704278686 {#4868
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 5
                        +score: 0
                        +lastActive: DateTime @1704283692 {#4916
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4926 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                        -id: 276194
                        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056225"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704283692 {#4913
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 0
                      +score: 0
                      +lastActive: DateTime @1704283988 {#5107
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5099 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                      -id: 276202
                      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056271"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283988 {#5104
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 5
                    +score: 0
                    +lastActive: DateTime @1704285364 {#5197
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5202 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                    -id: 276246
                    -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056533"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704285364 {#5194
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 0
                  +score: 0
                  +lastActive: DateTime @1704285542 {#5353
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5346 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                  -id: 276251
                  -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056563"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285542 {#5350
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704287608 {#5440
                  date: 2024-01-03 14:13:28.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5445 …}
                +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                -id: 276319
                -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7057026"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704287608 {#5437
                  date: 2024-01-03 14:13:28.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704288222 {#5480
                date: 2024-01-03 14:23:42.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5483 …}
              +nested: Doctrine\ORM\PersistentCollection {#5487 …}
              +votes: Doctrine\ORM\PersistentCollection {#5489 …}
              +reports: Doctrine\ORM\PersistentCollection {#5490 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
              -id: 276343
              -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057314"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704288222 {#5477
                date: 2024-01-03 14:23:42.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704294264 {#5506
              date: 2024-01-03 16:04:24.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5503 …}
            +nested: Doctrine\ORM\PersistentCollection {#5500 …}
            +votes: Doctrine\ORM\PersistentCollection {#5498 …}
            +reports: Doctrine\ORM\PersistentCollection {#5512 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
            -id: 276604
            -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://lemmy.world/comment/6381642"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704294264 {#5509
              date: 2024-01-03 16:04:24.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704296473 {#5528
            date: 2024-01-03 16:41:13.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5525 …}
          +nested: Doctrine\ORM\PersistentCollection {#5522 …}
          +votes: Doctrine\ORM\PersistentCollection {#5520 …}
          +reports: Doctrine\ORM\PersistentCollection {#5534 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
          -id: 276723
          -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7060540"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704296473 {#5531
            date: 2024-01-03 16:41:13.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 4
        +score: 0
        +lastActive: DateTime @1704297752 {#5550
          date: 2024-01-03 17:02:32.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5545 …}
        +nested: Doctrine\ORM\PersistentCollection {#5543 …}
        +votes: Doctrine\ORM\PersistentCollection {#5541 …}
        +reports: Doctrine\ORM\PersistentCollection {#5557 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
        -id: 276799
        -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7045805"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704297752 {#5553
          date: 2024-01-03 17:02:32.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "That is only really true of you use sudo with a zero second password caching timeout."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704304064 {#5573
        date: 2024-01-03 18:47:44.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5570 …}
      +nested: Doctrine\ORM\PersistentCollection {#5567 …}
      +votes: Doctrine\ORM\PersistentCollection {#5565 …}
      +reports: Doctrine\ORM\PersistentCollection {#5579 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
      -id: 277056
      -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7063638"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704304064 {#5576
        date: 2024-01-03 18:47:44.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704305517 {#5595
      date: 2024-01-03 19:11:57.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5592 …}
    +nested: Doctrine\ORM\PersistentCollection {#5589 …}
    +votes: Doctrine\ORM\PersistentCollection {#5587 …}
    +reports: Doctrine\ORM\PersistentCollection {#5601 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
    -id: 277123
    -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6384746"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704305517 {#5598
      date: 2024-01-03 19:11:57.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    > Any reduction in root access is beneficial.\n
    \n
    Such as having fewer users who are allowed to use sudo to become root and whose compromise can thus lead to a root compromise?
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704355806 {#5628
    date: 2024-01-04 09:10:06.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5631 …}
  +nested: Doctrine\ORM\PersistentCollection {#5635 …}
  +votes: Doctrine\ORM\PersistentCollection {#5637 …}
  +reports: Doctrine\ORM\PersistentCollection {#5638 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5640 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5642 …}
  -id: 278974
  -bodyTs: "'access':5 'allow':15 'becom':20 'benefici':7 'compromis':24,31 'fewer':11 'lead':27 'reduct':2 'root':4,21,30 'sudo':18 'thus':26 'use':17 'user':12 'whose':23"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7081607"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704355806 {#5625
    date: 2024-01-04 09:10:06.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5623
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5600
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5578
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5555
        +user: Proxies\__CG__\App\Entity\User {#5547 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5533
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5511
            +user: Proxies\__CG__\App\Entity\User {#5264 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5475
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5441
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5352
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5198
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5106
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4917
                        +user: Proxies\__CG__\App\Entity\User {#4921 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4869
                          +user: App\Entity\User {#4753 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4035
                            +user: App\Entity\User {#3983 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: null
                            +root: null
                            +body: """
                              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                              \n
                              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                              """
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 13
                            +score: 0
                            +lastActive: DateTime @1711630376 {#3949
                              date: 2024-03-28 13:52:56.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4033 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                            -id: 276053
                            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704277159 {#3985
                              date: 2024-01-03 11:19:19.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: """
                            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                            \n
                            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 1
                          +score: 0
                          +lastActive: DateTime @1704278686 {#4867
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4870 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                          -id: 276086
                          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7051439"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704278686 {#4868
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 5
                        +score: 0
                        +lastActive: DateTime @1704283692 {#4916
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4926 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                        -id: 276194
                        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056225"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704283692 {#4913
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 0
                      +score: 0
                      +lastActive: DateTime @1704283988 {#5107
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5099 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                      -id: 276202
                      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056271"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283988 {#5104
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 5
                    +score: 0
                    +lastActive: DateTime @1704285364 {#5197
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5202 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                    -id: 276246
                    -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056533"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704285364 {#5194
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 0
                  +score: 0
                  +lastActive: DateTime @1704285542 {#5353
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5346 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                  -id: 276251
                  -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056563"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285542 {#5350
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704287608 {#5440
                  date: 2024-01-03 14:13:28.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5445 …}
                +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                -id: 276319
                -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7057026"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704287608 {#5437
                  date: 2024-01-03 14:13:28.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704288222 {#5480
                date: 2024-01-03 14:23:42.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5483 …}
              +nested: Doctrine\ORM\PersistentCollection {#5487 …}
              +votes: Doctrine\ORM\PersistentCollection {#5489 …}
              +reports: Doctrine\ORM\PersistentCollection {#5490 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
              -id: 276343
              -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057314"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704288222 {#5477
                date: 2024-01-03 14:23:42.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704294264 {#5506
              date: 2024-01-03 16:04:24.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5503 …}
            +nested: Doctrine\ORM\PersistentCollection {#5500 …}
            +votes: Doctrine\ORM\PersistentCollection {#5498 …}
            +reports: Doctrine\ORM\PersistentCollection {#5512 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
            -id: 276604
            -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://lemmy.world/comment/6381642"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704294264 {#5509
              date: 2024-01-03 16:04:24.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704296473 {#5528
            date: 2024-01-03 16:41:13.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5525 …}
          +nested: Doctrine\ORM\PersistentCollection {#5522 …}
          +votes: Doctrine\ORM\PersistentCollection {#5520 …}
          +reports: Doctrine\ORM\PersistentCollection {#5534 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
          -id: 276723
          -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7060540"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704296473 {#5531
            date: 2024-01-03 16:41:13.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 4
        +score: 0
        +lastActive: DateTime @1704297752 {#5550
          date: 2024-01-03 17:02:32.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5545 …}
        +nested: Doctrine\ORM\PersistentCollection {#5543 …}
        +votes: Doctrine\ORM\PersistentCollection {#5541 …}
        +reports: Doctrine\ORM\PersistentCollection {#5557 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
        -id: 276799
        -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7045805"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704297752 {#5553
          date: 2024-01-03 17:02:32.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "That is only really true of you use sudo with a zero second password caching timeout."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704304064 {#5573
        date: 2024-01-03 18:47:44.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5570 …}
      +nested: Doctrine\ORM\PersistentCollection {#5567 …}
      +votes: Doctrine\ORM\PersistentCollection {#5565 …}
      +reports: Doctrine\ORM\PersistentCollection {#5579 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
      -id: 277056
      -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7063638"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704304064 {#5576
        date: 2024-01-03 18:47:44.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704305517 {#5595
      date: 2024-01-03 19:11:57.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5592 …}
    +nested: Doctrine\ORM\PersistentCollection {#5589 …}
    +votes: Doctrine\ORM\PersistentCollection {#5587 …}
    +reports: Doctrine\ORM\PersistentCollection {#5601 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
    -id: 277123
    -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6384746"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704305517 {#5598
      date: 2024-01-03 19:11:57.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    > Any reduction in root access is beneficial.\n
    \n
    Such as having fewer users who are allowed to use sudo to become root and whose compromise can thus lead to a root compromise?
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704355806 {#5628
    date: 2024-01-04 09:10:06.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5631 …}
  +nested: Doctrine\ORM\PersistentCollection {#5635 …}
  +votes: Doctrine\ORM\PersistentCollection {#5637 …}
  +reports: Doctrine\ORM\PersistentCollection {#5638 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5640 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5642 …}
  -id: 278974
  -bodyTs: "'access':5 'allow':15 'becom':20 'benefici':7 'compromis':24,31 'fewer':11 'lead':27 'reduct':2 'root':4,21,30 'sudo':18 'thus':26 'use':17 'user':12 'whose':23"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7081607"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704355806 {#5625
    date: 2024-01-04 09:10:06.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5660
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5623
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5600
      +user: Proxies\__CG__\App\Entity\User {#5264 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5578
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5555
          +user: Proxies\__CG__\App\Entity\User {#5547 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5533
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5511
              +user: Proxies\__CG__\App\Entity\User {#5264 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5475
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5441
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5352
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5198
                      +user: Proxies\__CG__\App\Entity\User {#4921 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#5106
                        +user: App\Entity\User {#4753 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4917
                          +user: Proxies\__CG__\App\Entity\User {#4921 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4869
                            +user: App\Entity\User {#4753 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: App\Entity\EntryComment {#4035
                              +user: App\Entity\User {#3983 …}
                              +entry: App\Entity\Entry {#2400}
                              +magazine: App\Entity\Magazine {#265}
                              +image: null
                              +parent: null
                              +root: null
                              +body: """
                                As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                                \n
                                By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                                """
                              +lang: "en"
                              +isAdult: false
                              +favouriteCount: 13
                              +score: 0
                              +lastActive: DateTime @1711630376 {#3949
                                date: 2024-03-28 13:52:56.0 +01:00
                              }
                              +ip: null
                              +tags: null
                              +mentions: [
                                "@HiddenLayer5@lemmy.ml"
                              ]
                              +children: Doctrine\ORM\PersistentCollection {#4033 …}
                              +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                              +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                              +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                              +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                              +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                              -id: 276053
                              -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                              +ranking: 0
                              +commentCount: 0
                              +upVotes: 0
                              +downVotes: 0
                              +visibility: "visible             "
                              +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                              +editedAt: null
                              +createdAt: DateTimeImmutable @1704277159 {#3985
                                date: 2024-01-03 11:19:19.0 +01:00
                              }
                            }
                            +root: App\Entity\EntryComment {#4035}
                            +body: """
                              > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                              \n
                              That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                              """
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 1
                            +score: 0
                            +lastActive: DateTime @1704278686 {#4867
                              date: 2024-01-03 11:44:46.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                              "@arjache@kbin.social"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4870 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                            -id: 276086
                            -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://sh.itjust.works/comment/7051439"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704278686 {#4868
                              date: 2024-01-03 11:44:46.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 5
                          +score: 0
                          +lastActive: DateTime @1704283692 {#4916
                            date: 2024-01-03 13:08:12.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                            "@taladar@sh.itjust.works"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4926 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                          -id: 276194
                          -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7056225"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704283692 {#4913
                            date: 2024-01-03 13:08:12.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 0
                        +score: 0
                        +lastActive: DateTime @1704283988 {#5107
                          date: 2024-01-03 13:13:08.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                          "@ElderWendigo@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#5099 …}
                        +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                        +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                        +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                        -id: 276202
                        -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056271"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704283988 {#5104
                          date: 2024-01-03 13:13:08.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 5
                      +score: 0
                      +lastActive: DateTime @1704285364 {#5197
                        date: 2024-01-03 13:36:04.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5202 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                      -id: 276246
                      -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056533"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704285364 {#5194
                        date: 2024-01-03 13:36:04.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 0
                    +score: 0
                    +lastActive: DateTime @1704285542 {#5353
                      date: 2024-01-03 13:39:02.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5346 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                    -id: 276251
                    -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056563"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704285542 {#5350
                      date: 2024-01-03 13:39:02.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 3
                  +score: 0
                  +lastActive: DateTime @1704287608 {#5440
                    date: 2024-01-03 14:13:28.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5445 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                  -id: 276319
                  -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7057026"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704287608 {#5437
                    date: 2024-01-03 14:13:28.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704288222 {#5480
                  date: 2024-01-03 14:23:42.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5483 …}
                +nested: Doctrine\ORM\PersistentCollection {#5487 …}
                +votes: Doctrine\ORM\PersistentCollection {#5489 …}
                +reports: Doctrine\ORM\PersistentCollection {#5490 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
                -id: 276343
                -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7057314"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704288222 {#5477
                  date: 2024-01-03 14:23:42.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704294264 {#5506
                date: 2024-01-03 16:04:24.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5503 …}
              +nested: Doctrine\ORM\PersistentCollection {#5500 …}
              +votes: Doctrine\ORM\PersistentCollection {#5498 …}
              +reports: Doctrine\ORM\PersistentCollection {#5512 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
              -id: 276604
              -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://lemmy.world/comment/6381642"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704294264 {#5509
                date: 2024-01-03 16:04:24.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 1
            +score: 0
            +lastActive: DateTime @1704296473 {#5528
              date: 2024-01-03 16:41:13.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
              "@bluespin@lemmy.world"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5525 …}
            +nested: Doctrine\ORM\PersistentCollection {#5522 …}
            +votes: Doctrine\ORM\PersistentCollection {#5520 …}
            +reports: Doctrine\ORM\PersistentCollection {#5534 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
            -id: 276723
            -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7060540"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704296473 {#5531
              date: 2024-01-03 16:41:13.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 4
          +score: 0
          +lastActive: DateTime @1704297752 {#5550
            date: 2024-01-03 17:02:32.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5545 …}
          +nested: Doctrine\ORM\PersistentCollection {#5543 …}
          +votes: Doctrine\ORM\PersistentCollection {#5541 …}
          +reports: Doctrine\ORM\PersistentCollection {#5557 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
          -id: 276799
          -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.ml/comment/7045805"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704297752 {#5553
            date: 2024-01-03 17:02:32.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "That is only really true of you use sudo with a zero second password caching timeout."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704304064 {#5573
          date: 2024-01-03 18:47:44.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
          "@MyNameIsRichard@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5570 …}
        +nested: Doctrine\ORM\PersistentCollection {#5567 …}
        +votes: Doctrine\ORM\PersistentCollection {#5565 …}
        +reports: Doctrine\ORM\PersistentCollection {#5579 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
        -id: 277056
        -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7063638"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704304064 {#5576
          date: 2024-01-03 18:47:44.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704305517 {#5595
        date: 2024-01-03 19:11:57.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5592 …}
      +nested: Doctrine\ORM\PersistentCollection {#5589 …}
      +votes: Doctrine\ORM\PersistentCollection {#5587 …}
      +reports: Doctrine\ORM\PersistentCollection {#5601 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
      -id: 277123
      -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6384746"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704305517 {#5598
        date: 2024-01-03 19:11:57.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      > Any reduction in root access is beneficial.\n
      \n
      Such as having fewer users who are allowed to use sudo to become root and whose compromise can thus lead to a root compromise?
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704355806 {#5628
      date: 2024-01-04 09:10:06.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5631 …}
    +nested: Doctrine\ORM\PersistentCollection {#5635 …}
    +votes: Doctrine\ORM\PersistentCollection {#5637 …}
    +reports: Doctrine\ORM\PersistentCollection {#5638 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5640 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5642 …}
    -id: 278974
    -bodyTs: "'access':5 'allow':15 'becom':20 'benefici':7 'compromis':24,31 'fewer':11 'lead':27 'reduct':2 'root':4,21,30 'sudo':18 'thus':26 'use':17 'user':12 'whose':23"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7081607"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704355806 {#5625
      date: 2024-01-04 09:10:06.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Running fewer commands as root is more significant risk reduction than having an extra user. I won’t be replying further since I’m simply repeating what others have already said. If you sincerely don’t understand, I suggest doing additional research on your own."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704376839 {#5665
    date: 2024-01-04 15:00:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5668 …}
  +nested: Doctrine\ORM\PersistentCollection {#5672 …}
  +votes: Doctrine\ORM\PersistentCollection {#5674 …}
  +reports: Doctrine\ORM\PersistentCollection {#5675 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5677 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5679 …}
  -id: 279517
  -bodyTs: "'addit':41 'alreadi':30 'command':3 'extra':14 'fewer':2 'm':24 'other':28 'reduct':10 'repeat':26 'repli':20 'research':42 'risk':9 'root':5 'run':1 'said':31 'signific':8 'simpli':25 'sinc':22 'sincer':34 'suggest':39 'understand':37 'user':15 'won':17"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6400500"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704376839 {#5662
    date: 2024-01-04 15:00:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5660
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5623
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5600
      +user: Proxies\__CG__\App\Entity\User {#5264 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5578
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5555
          +user: Proxies\__CG__\App\Entity\User {#5547 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5533
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5511
              +user: Proxies\__CG__\App\Entity\User {#5264 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5475
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5441
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5352
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5198
                      +user: Proxies\__CG__\App\Entity\User {#4921 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#5106
                        +user: App\Entity\User {#4753 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4917
                          +user: Proxies\__CG__\App\Entity\User {#4921 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4869
                            +user: App\Entity\User {#4753 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: App\Entity\EntryComment {#4035
                              +user: App\Entity\User {#3983 …}
                              +entry: App\Entity\Entry {#2400}
                              +magazine: App\Entity\Magazine {#265}
                              +image: null
                              +parent: null
                              +root: null
                              +body: """
                                As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                                \n
                                By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                                """
                              +lang: "en"
                              +isAdult: false
                              +favouriteCount: 13
                              +score: 0
                              +lastActive: DateTime @1711630376 {#3949
                                date: 2024-03-28 13:52:56.0 +01:00
                              }
                              +ip: null
                              +tags: null
                              +mentions: [
                                "@HiddenLayer5@lemmy.ml"
                              ]
                              +children: Doctrine\ORM\PersistentCollection {#4033 …}
                              +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                              +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                              +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                              +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                              +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                              -id: 276053
                              -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                              +ranking: 0
                              +commentCount: 0
                              +upVotes: 0
                              +downVotes: 0
                              +visibility: "visible             "
                              +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                              +editedAt: null
                              +createdAt: DateTimeImmutable @1704277159 {#3985
                                date: 2024-01-03 11:19:19.0 +01:00
                              }
                            }
                            +root: App\Entity\EntryComment {#4035}
                            +body: """
                              > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                              \n
                              That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                              """
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 1
                            +score: 0
                            +lastActive: DateTime @1704278686 {#4867
                              date: 2024-01-03 11:44:46.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                              "@arjache@kbin.social"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4870 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                            -id: 276086
                            -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://sh.itjust.works/comment/7051439"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704278686 {#4868
                              date: 2024-01-03 11:44:46.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 5
                          +score: 0
                          +lastActive: DateTime @1704283692 {#4916
                            date: 2024-01-03 13:08:12.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                            "@taladar@sh.itjust.works"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4926 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                          -id: 276194
                          -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7056225"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704283692 {#4913
                            date: 2024-01-03 13:08:12.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 0
                        +score: 0
                        +lastActive: DateTime @1704283988 {#5107
                          date: 2024-01-03 13:13:08.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                          "@ElderWendigo@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#5099 …}
                        +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                        +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                        +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                        -id: 276202
                        -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056271"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704283988 {#5104
                          date: 2024-01-03 13:13:08.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 5
                      +score: 0
                      +lastActive: DateTime @1704285364 {#5197
                        date: 2024-01-03 13:36:04.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5202 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                      -id: 276246
                      -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056533"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704285364 {#5194
                        date: 2024-01-03 13:36:04.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 0
                    +score: 0
                    +lastActive: DateTime @1704285542 {#5353
                      date: 2024-01-03 13:39:02.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5346 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                    -id: 276251
                    -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056563"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704285542 {#5350
                      date: 2024-01-03 13:39:02.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 3
                  +score: 0
                  +lastActive: DateTime @1704287608 {#5440
                    date: 2024-01-03 14:13:28.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5445 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                  -id: 276319
                  -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7057026"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704287608 {#5437
                    date: 2024-01-03 14:13:28.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704288222 {#5480
                  date: 2024-01-03 14:23:42.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5483 …}
                +nested: Doctrine\ORM\PersistentCollection {#5487 …}
                +votes: Doctrine\ORM\PersistentCollection {#5489 …}
                +reports: Doctrine\ORM\PersistentCollection {#5490 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
                -id: 276343
                -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7057314"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704288222 {#5477
                  date: 2024-01-03 14:23:42.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704294264 {#5506
                date: 2024-01-03 16:04:24.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5503 …}
              +nested: Doctrine\ORM\PersistentCollection {#5500 …}
              +votes: Doctrine\ORM\PersistentCollection {#5498 …}
              +reports: Doctrine\ORM\PersistentCollection {#5512 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
              -id: 276604
              -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://lemmy.world/comment/6381642"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704294264 {#5509
                date: 2024-01-03 16:04:24.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 1
            +score: 0
            +lastActive: DateTime @1704296473 {#5528
              date: 2024-01-03 16:41:13.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
              "@bluespin@lemmy.world"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5525 …}
            +nested: Doctrine\ORM\PersistentCollection {#5522 …}
            +votes: Doctrine\ORM\PersistentCollection {#5520 …}
            +reports: Doctrine\ORM\PersistentCollection {#5534 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
            -id: 276723
            -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7060540"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704296473 {#5531
              date: 2024-01-03 16:41:13.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 4
          +score: 0
          +lastActive: DateTime @1704297752 {#5550
            date: 2024-01-03 17:02:32.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5545 …}
          +nested: Doctrine\ORM\PersistentCollection {#5543 …}
          +votes: Doctrine\ORM\PersistentCollection {#5541 …}
          +reports: Doctrine\ORM\PersistentCollection {#5557 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
          -id: 276799
          -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.ml/comment/7045805"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704297752 {#5553
            date: 2024-01-03 17:02:32.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "That is only really true of you use sudo with a zero second password caching timeout."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704304064 {#5573
          date: 2024-01-03 18:47:44.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
          "@MyNameIsRichard@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5570 …}
        +nested: Doctrine\ORM\PersistentCollection {#5567 …}
        +votes: Doctrine\ORM\PersistentCollection {#5565 …}
        +reports: Doctrine\ORM\PersistentCollection {#5579 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
        -id: 277056
        -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7063638"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704304064 {#5576
          date: 2024-01-03 18:47:44.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704305517 {#5595
        date: 2024-01-03 19:11:57.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5592 …}
      +nested: Doctrine\ORM\PersistentCollection {#5589 …}
      +votes: Doctrine\ORM\PersistentCollection {#5587 …}
      +reports: Doctrine\ORM\PersistentCollection {#5601 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
      -id: 277123
      -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6384746"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704305517 {#5598
        date: 2024-01-03 19:11:57.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      > Any reduction in root access is beneficial.\n
      \n
      Such as having fewer users who are allowed to use sudo to become root and whose compromise can thus lead to a root compromise?
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704355806 {#5628
      date: 2024-01-04 09:10:06.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5631 …}
    +nested: Doctrine\ORM\PersistentCollection {#5635 …}
    +votes: Doctrine\ORM\PersistentCollection {#5637 …}
    +reports: Doctrine\ORM\PersistentCollection {#5638 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5640 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5642 …}
    -id: 278974
    -bodyTs: "'access':5 'allow':15 'becom':20 'benefici':7 'compromis':24,31 'fewer':11 'lead':27 'reduct':2 'root':4,21,30 'sudo':18 'thus':26 'use':17 'user':12 'whose':23"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7081607"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704355806 {#5625
      date: 2024-01-04 09:10:06.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Running fewer commands as root is more significant risk reduction than having an extra user. I won’t be replying further since I’m simply repeating what others have already said. If you sincerely don’t understand, I suggest doing additional research on your own."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704376839 {#5665
    date: 2024-01-04 15:00:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5668 …}
  +nested: Doctrine\ORM\PersistentCollection {#5672 …}
  +votes: Doctrine\ORM\PersistentCollection {#5674 …}
  +reports: Doctrine\ORM\PersistentCollection {#5675 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5677 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5679 …}
  -id: 279517
  -bodyTs: "'addit':41 'alreadi':30 'command':3 'extra':14 'fewer':2 'm':24 'other':28 'reduct':10 'repeat':26 'repli':20 'research':42 'risk':9 'root':5 'run':1 'said':31 'signific':8 'simpli':25 'sinc':22 'sincer':34 'suggest':39 'understand':37 'user':15 'won':17"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6400500"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704376839 {#5662
    date: 2024-01-04 15:00:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5660
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5623
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5600
      +user: Proxies\__CG__\App\Entity\User {#5264 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5578
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5555
          +user: Proxies\__CG__\App\Entity\User {#5547 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5533
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5511
              +user: Proxies\__CG__\App\Entity\User {#5264 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5475
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5441
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5352
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5198
                      +user: Proxies\__CG__\App\Entity\User {#4921 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#5106
                        +user: App\Entity\User {#4753 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4917
                          +user: Proxies\__CG__\App\Entity\User {#4921 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4869
                            +user: App\Entity\User {#4753 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: App\Entity\EntryComment {#4035
                              +user: App\Entity\User {#3983 …}
                              +entry: App\Entity\Entry {#2400}
                              +magazine: App\Entity\Magazine {#265}
                              +image: null
                              +parent: null
                              +root: null
                              +body: """
                                As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                                \n
                                By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                                """
                              +lang: "en"
                              +isAdult: false
                              +favouriteCount: 13
                              +score: 0
                              +lastActive: DateTime @1711630376 {#3949
                                date: 2024-03-28 13:52:56.0 +01:00
                              }
                              +ip: null
                              +tags: null
                              +mentions: [
                                "@HiddenLayer5@lemmy.ml"
                              ]
                              +children: Doctrine\ORM\PersistentCollection {#4033 …}
                              +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                              +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                              +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                              +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                              +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                              -id: 276053
                              -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                              +ranking: 0
                              +commentCount: 0
                              +upVotes: 0
                              +downVotes: 0
                              +visibility: "visible             "
                              +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                              +editedAt: null
                              +createdAt: DateTimeImmutable @1704277159 {#3985
                                date: 2024-01-03 11:19:19.0 +01:00
                              }
                            }
                            +root: App\Entity\EntryComment {#4035}
                            +body: """
                              > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                              \n
                              That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                              """
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 1
                            +score: 0
                            +lastActive: DateTime @1704278686 {#4867
                              date: 2024-01-03 11:44:46.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                              "@arjache@kbin.social"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4870 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                            -id: 276086
                            -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://sh.itjust.works/comment/7051439"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704278686 {#4868
                              date: 2024-01-03 11:44:46.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 5
                          +score: 0
                          +lastActive: DateTime @1704283692 {#4916
                            date: 2024-01-03 13:08:12.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                            "@taladar@sh.itjust.works"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4926 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                          -id: 276194
                          -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7056225"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704283692 {#4913
                            date: 2024-01-03 13:08:12.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 0
                        +score: 0
                        +lastActive: DateTime @1704283988 {#5107
                          date: 2024-01-03 13:13:08.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                          "@ElderWendigo@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#5099 …}
                        +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                        +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                        +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                        -id: 276202
                        -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056271"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704283988 {#5104
                          date: 2024-01-03 13:13:08.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 5
                      +score: 0
                      +lastActive: DateTime @1704285364 {#5197
                        date: 2024-01-03 13:36:04.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5202 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                      -id: 276246
                      -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056533"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704285364 {#5194
                        date: 2024-01-03 13:36:04.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 0
                    +score: 0
                    +lastActive: DateTime @1704285542 {#5353
                      date: 2024-01-03 13:39:02.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5346 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                    -id: 276251
                    -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056563"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704285542 {#5350
                      date: 2024-01-03 13:39:02.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 3
                  +score: 0
                  +lastActive: DateTime @1704287608 {#5440
                    date: 2024-01-03 14:13:28.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5445 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                  -id: 276319
                  -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7057026"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704287608 {#5437
                    date: 2024-01-03 14:13:28.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704288222 {#5480
                  date: 2024-01-03 14:23:42.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5483 …}
                +nested: Doctrine\ORM\PersistentCollection {#5487 …}
                +votes: Doctrine\ORM\PersistentCollection {#5489 …}
                +reports: Doctrine\ORM\PersistentCollection {#5490 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
                -id: 276343
                -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7057314"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704288222 {#5477
                  date: 2024-01-03 14:23:42.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704294264 {#5506
                date: 2024-01-03 16:04:24.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5503 …}
              +nested: Doctrine\ORM\PersistentCollection {#5500 …}
              +votes: Doctrine\ORM\PersistentCollection {#5498 …}
              +reports: Doctrine\ORM\PersistentCollection {#5512 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
              -id: 276604
              -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://lemmy.world/comment/6381642"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704294264 {#5509
                date: 2024-01-03 16:04:24.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 1
            +score: 0
            +lastActive: DateTime @1704296473 {#5528
              date: 2024-01-03 16:41:13.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
              "@bluespin@lemmy.world"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5525 …}
            +nested: Doctrine\ORM\PersistentCollection {#5522 …}
            +votes: Doctrine\ORM\PersistentCollection {#5520 …}
            +reports: Doctrine\ORM\PersistentCollection {#5534 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
            -id: 276723
            -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7060540"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704296473 {#5531
              date: 2024-01-03 16:41:13.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 4
          +score: 0
          +lastActive: DateTime @1704297752 {#5550
            date: 2024-01-03 17:02:32.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5545 …}
          +nested: Doctrine\ORM\PersistentCollection {#5543 …}
          +votes: Doctrine\ORM\PersistentCollection {#5541 …}
          +reports: Doctrine\ORM\PersistentCollection {#5557 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
          -id: 276799
          -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.ml/comment/7045805"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704297752 {#5553
            date: 2024-01-03 17:02:32.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "That is only really true of you use sudo with a zero second password caching timeout."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704304064 {#5573
          date: 2024-01-03 18:47:44.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
          "@MyNameIsRichard@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5570 …}
        +nested: Doctrine\ORM\PersistentCollection {#5567 …}
        +votes: Doctrine\ORM\PersistentCollection {#5565 …}
        +reports: Doctrine\ORM\PersistentCollection {#5579 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
        -id: 277056
        -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7063638"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704304064 {#5576
          date: 2024-01-03 18:47:44.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704305517 {#5595
        date: 2024-01-03 19:11:57.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5592 …}
      +nested: Doctrine\ORM\PersistentCollection {#5589 …}
      +votes: Doctrine\ORM\PersistentCollection {#5587 …}
      +reports: Doctrine\ORM\PersistentCollection {#5601 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
      -id: 277123
      -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6384746"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704305517 {#5598
        date: 2024-01-03 19:11:57.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      > Any reduction in root access is beneficial.\n
      \n
      Such as having fewer users who are allowed to use sudo to become root and whose compromise can thus lead to a root compromise?
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704355806 {#5628
      date: 2024-01-04 09:10:06.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5631 …}
    +nested: Doctrine\ORM\PersistentCollection {#5635 …}
    +votes: Doctrine\ORM\PersistentCollection {#5637 …}
    +reports: Doctrine\ORM\PersistentCollection {#5638 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5640 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5642 …}
    -id: 278974
    -bodyTs: "'access':5 'allow':15 'becom':20 'benefici':7 'compromis':24,31 'fewer':11 'lead':27 'reduct':2 'root':4,21,30 'sudo':18 'thus':26 'use':17 'user':12 'whose':23"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7081607"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704355806 {#5625
      date: 2024-01-04 09:10:06.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Running fewer commands as root is more significant risk reduction than having an extra user. I won’t be replying further since I’m simply repeating what others have already said. If you sincerely don’t understand, I suggest doing additional research on your own."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704376839 {#5665
    date: 2024-01-04 15:00:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5668 …}
  +nested: Doctrine\ORM\PersistentCollection {#5672 …}
  +votes: Doctrine\ORM\PersistentCollection {#5674 …}
  +reports: Doctrine\ORM\PersistentCollection {#5675 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5677 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5679 …}
  -id: 279517
  -bodyTs: "'addit':41 'alreadi':30 'command':3 'extra':14 'fewer':2 'm':24 'other':28 'reduct':10 'repeat':26 'repli':20 'research':42 'risk':9 'root':5 'run':1 'said':31 'signific':8 'simpli':25 'sinc':22 'sincer':34 'suggest':39 'understand':37 'user':15 'won':17"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6400500"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704376839 {#5662
    date: 2024-01-04 15:00:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5696
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5660
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5623
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5600
        +user: Proxies\__CG__\App\Entity\User {#5264 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5578
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5555
            +user: Proxies\__CG__\App\Entity\User {#5547 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5533
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5511
                +user: Proxies\__CG__\App\Entity\User {#5264 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5475
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5441
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5352
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#5198
                        +user: Proxies\__CG__\App\Entity\User {#4921 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#5106
                          +user: App\Entity\User {#4753 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4917
                            +user: Proxies\__CG__\App\Entity\User {#4921 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: App\Entity\EntryComment {#4869
                              +user: App\Entity\User {#4753 …}
                              +entry: App\Entity\Entry {#2400}
                              +magazine: App\Entity\Magazine {#265}
                              +image: null
                              +parent: App\Entity\EntryComment {#4035
                                +user: App\Entity\User {#3983 …}
                                +entry: App\Entity\Entry {#2400}
                                +magazine: App\Entity\Magazine {#265}
                                +image: null
                                +parent: null
                                +root: null
                                +body: """
                                  As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                                  \n
                                  By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                                  """
                                +lang: "en"
                                +isAdult: false
                                +favouriteCount: 13
                                +score: 0
                                +lastActive: DateTime @1711630376 {#3949
                                  date: 2024-03-28 13:52:56.0 +01:00
                                }
                                +ip: null
                                +tags: null
                                +mentions: [
                                  "@HiddenLayer5@lemmy.ml"
                                ]
                                +children: Doctrine\ORM\PersistentCollection {#4033 …}
                                +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                                +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                                +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                                +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                                +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                                -id: 276053
                                -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                                +ranking: 0
                                +commentCount: 0
                                +upVotes: 0
                                +downVotes: 0
                                +visibility: "visible             "
                                +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                                +editedAt: null
                                +createdAt: DateTimeImmutable @1704277159 {#3985
                                  date: 2024-01-03 11:19:19.0 +01:00
                                }
                              }
                              +root: App\Entity\EntryComment {#4035}
                              +body: """
                                > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                                \n
                                That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                                """
                              +lang: "en"
                              +isAdult: false
                              +favouriteCount: 1
                              +score: 0
                              +lastActive: DateTime @1704278686 {#4867
                                date: 2024-01-03 11:44:46.0 +01:00
                              }
                              +ip: null
                              +tags: null
                              +mentions: [
                                "@HiddenLayer5@lemmy.ml"
                                "@arjache@kbin.social"
                              ]
                              +children: Doctrine\ORM\PersistentCollection {#4870 …}
                              +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                              +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                              +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                              +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                              +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                              -id: 276086
                              -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                              +ranking: 0
                              +commentCount: 0
                              +upVotes: 0
                              +downVotes: 0
                              +visibility: "visible             "
                              +apId: "https://sh.itjust.works/comment/7051439"
                              +editedAt: null
                              +createdAt: DateTimeImmutable @1704278686 {#4868
                                date: 2024-01-03 11:44:46.0 +01:00
                              }
                            }
                            +root: App\Entity\EntryComment {#4035}
                            +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 5
                            +score: 0
                            +lastActive: DateTime @1704283692 {#4916
                              date: 2024-01-03 13:08:12.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                              "@arjache@kbin.social"
                              "@taladar@sh.itjust.works"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4926 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                            -id: 276194
                            -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://sh.itjust.works/comment/7056225"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704283692 {#4913
                              date: 2024-01-03 13:08:12.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 0
                          +score: 0
                          +lastActive: DateTime @1704283988 {#5107
                            date: 2024-01-03 13:13:08.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                            "@taladar@sh.itjust.works"
                            "@ElderWendigo@sh.itjust.works"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#5099 …}
                          +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                          +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                          +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                          -id: 276202
                          -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7056271"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704283988 {#5104
                            date: 2024-01-03 13:13:08.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 5
                        +score: 0
                        +lastActive: DateTime @1704285364 {#5197
                          date: 2024-01-03 13:36:04.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                          "@ElderWendigo@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#5202 …}
                        +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                        +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                        +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                        -id: 276246
                        -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056533"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704285364 {#5194
                          date: 2024-01-03 13:36:04.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 0
                      +score: 0
                      +lastActive: DateTime @1704285542 {#5353
                        date: 2024-01-03 13:39:02.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5346 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                      -id: 276251
                      -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056563"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704285542 {#5350
                        date: 2024-01-03 13:39:02.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 3
                    +score: 0
                    +lastActive: DateTime @1704287608 {#5440
                      date: 2024-01-03 14:13:28.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5445 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                    -id: 276319
                    -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7057026"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704287608 {#5437
                      date: 2024-01-03 14:13:28.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 3
                  +score: 0
                  +lastActive: DateTime @1704288222 {#5480
                    date: 2024-01-03 14:23:42.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5483 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5487 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5489 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5490 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
                  -id: 276343
                  -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7057314"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704288222 {#5477
                    date: 2024-01-03 14:23:42.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704294264 {#5506
                  date: 2024-01-03 16:04:24.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5503 …}
                +nested: Doctrine\ORM\PersistentCollection {#5500 …}
                +votes: Doctrine\ORM\PersistentCollection {#5498 …}
                +reports: Doctrine\ORM\PersistentCollection {#5512 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
                -id: 276604
                -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://lemmy.world/comment/6381642"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704294264 {#5509
                  date: 2024-01-03 16:04:24.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 1
              +score: 0
              +lastActive: DateTime @1704296473 {#5528
                date: 2024-01-03 16:41:13.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
                "@bluespin@lemmy.world"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5525 …}
              +nested: Doctrine\ORM\PersistentCollection {#5522 …}
              +votes: Doctrine\ORM\PersistentCollection {#5520 …}
              +reports: Doctrine\ORM\PersistentCollection {#5534 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
              -id: 276723
              -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7060540"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704296473 {#5531
                date: 2024-01-03 16:41:13.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 4
            +score: 0
            +lastActive: DateTime @1704297752 {#5550
              date: 2024-01-03 17:02:32.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
              "@bluespin@lemmy.world"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5545 …}
            +nested: Doctrine\ORM\PersistentCollection {#5543 …}
            +votes: Doctrine\ORM\PersistentCollection {#5541 …}
            +reports: Doctrine\ORM\PersistentCollection {#5557 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
            -id: 276799
            -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://lemmy.ml/comment/7045805"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704297752 {#5553
              date: 2024-01-03 17:02:32.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "That is only really true of you use sudo with a zero second password caching timeout."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 0
          +score: 0
          +lastActive: DateTime @1704304064 {#5573
            date: 2024-01-03 18:47:44.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
            "@MyNameIsRichard@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5570 …}
          +nested: Doctrine\ORM\PersistentCollection {#5567 …}
          +votes: Doctrine\ORM\PersistentCollection {#5565 …}
          +reports: Doctrine\ORM\PersistentCollection {#5579 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
          -id: 277056
          -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7063638"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704304064 {#5576
            date: 2024-01-03 18:47:44.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704305517 {#5595
          date: 2024-01-03 19:11:57.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
          "@MyNameIsRichard@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5592 …}
        +nested: Doctrine\ORM\PersistentCollection {#5589 …}
        +votes: Doctrine\ORM\PersistentCollection {#5587 …}
        +reports: Doctrine\ORM\PersistentCollection {#5601 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
        -id: 277123
        -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/6384746"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704305517 {#5598
          date: 2024-01-03 19:11:57.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        > Any reduction in root access is beneficial.\n
        \n
        Such as having fewer users who are allowed to use sudo to become root and whose compromise can thus lead to a root compromise?
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704355806 {#5628
        date: 2024-01-04 09:10:06.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5631 …}
      +nested: Doctrine\ORM\PersistentCollection {#5635 …}
      +votes: Doctrine\ORM\PersistentCollection {#5637 …}
      +reports: Doctrine\ORM\PersistentCollection {#5638 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5640 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5642 …}
      -id: 278974
      -bodyTs: "'access':5 'allow':15 'becom':20 'benefici':7 'compromis':24,31 'fewer':11 'lead':27 'reduct':2 'root':4,21,30 'sudo':18 'thus':26 'use':17 'user':12 'whose':23"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7081607"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704355806 {#5625
        date: 2024-01-04 09:10:06.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Running fewer commands as root is more significant risk reduction than having an extra user. I won’t be replying further since I’m simply repeating what others have already said. If you sincerely don’t understand, I suggest doing additional research on your own."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704376839 {#5665
      date: 2024-01-04 15:00:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5668 …}
    +nested: Doctrine\ORM\PersistentCollection {#5672 …}
    +votes: Doctrine\ORM\PersistentCollection {#5674 …}
    +reports: Doctrine\ORM\PersistentCollection {#5675 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5677 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5679 …}
    -id: 279517
    -bodyTs: "'addit':41 'alreadi':30 'command':3 'extra':14 'fewer':2 'm':24 'other':28 'reduct':10 'repeat':26 'repli':20 'research':42 'risk':9 'root':5 'run':1 'said':31 'signific':8 'simpli':25 'sinc':22 'sincer':34 'suggest':39 'understand':37 'user':15 'won':17"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6400500"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704376839 {#5662
      date: 2024-01-04 15:00:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You people don’t seem to grasp that I am already not running any commands on the server as root that do not require root. This is all about administrative tasks."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704376956 {#5691
    date: 2024-01-04 15:02:36.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5688 …}
  +nested: Doctrine\ORM\PersistentCollection {#5685 …}
  +votes: Doctrine\ORM\PersistentCollection {#5683 …}
  +reports: Doctrine\ORM\PersistentCollection {#5697 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5699 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5701 …}
  -id: 279522
  -bodyTs: "'administr':30 'alreadi':11 'command':15 'grasp':7 'peopl':2 'requir':24 'root':20,25 'run':13 'seem':5 'server':18 'task':31"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7089083"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704376956 {#5694
    date: 2024-01-04 15:02:36.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5696
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5660
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5623
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5600
        +user: Proxies\__CG__\App\Entity\User {#5264 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5578
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5555
            +user: Proxies\__CG__\App\Entity\User {#5547 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5533
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5511
                +user: Proxies\__CG__\App\Entity\User {#5264 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5475
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5441
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5352
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#5198
                        +user: Proxies\__CG__\App\Entity\User {#4921 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#5106
                          +user: App\Entity\User {#4753 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4917
                            +user: Proxies\__CG__\App\Entity\User {#4921 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: App\Entity\EntryComment {#4869
                              +user: App\Entity\User {#4753 …}
                              +entry: App\Entity\Entry {#2400}
                              +magazine: App\Entity\Magazine {#265}
                              +image: null
                              +parent: App\Entity\EntryComment {#4035
                                +user: App\Entity\User {#3983 …}
                                +entry: App\Entity\Entry {#2400}
                                +magazine: App\Entity\Magazine {#265}
                                +image: null
                                +parent: null
                                +root: null
                                +body: """
                                  As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                                  \n
                                  By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                                  """
                                +lang: "en"
                                +isAdult: false
                                +favouriteCount: 13
                                +score: 0
                                +lastActive: DateTime @1711630376 {#3949
                                  date: 2024-03-28 13:52:56.0 +01:00
                                }
                                +ip: null
                                +tags: null
                                +mentions: [
                                  "@HiddenLayer5@lemmy.ml"
                                ]
                                +children: Doctrine\ORM\PersistentCollection {#4033 …}
                                +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                                +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                                +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                                +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                                +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                                -id: 276053
                                -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                                +ranking: 0
                                +commentCount: 0
                                +upVotes: 0
                                +downVotes: 0
                                +visibility: "visible             "
                                +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                                +editedAt: null
                                +createdAt: DateTimeImmutable @1704277159 {#3985
                                  date: 2024-01-03 11:19:19.0 +01:00
                                }
                              }
                              +root: App\Entity\EntryComment {#4035}
                              +body: """
                                > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                                \n
                                That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                                """
                              +lang: "en"
                              +isAdult: false
                              +favouriteCount: 1
                              +score: 0
                              +lastActive: DateTime @1704278686 {#4867
                                date: 2024-01-03 11:44:46.0 +01:00
                              }
                              +ip: null
                              +tags: null
                              +mentions: [
                                "@HiddenLayer5@lemmy.ml"
                                "@arjache@kbin.social"
                              ]
                              +children: Doctrine\ORM\PersistentCollection {#4870 …}
                              +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                              +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                              +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                              +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                              +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                              -id: 276086
                              -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                              +ranking: 0
                              +commentCount: 0
                              +upVotes: 0
                              +downVotes: 0
                              +visibility: "visible             "
                              +apId: "https://sh.itjust.works/comment/7051439"
                              +editedAt: null
                              +createdAt: DateTimeImmutable @1704278686 {#4868
                                date: 2024-01-03 11:44:46.0 +01:00
                              }
                            }
                            +root: App\Entity\EntryComment {#4035}
                            +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 5
                            +score: 0
                            +lastActive: DateTime @1704283692 {#4916
                              date: 2024-01-03 13:08:12.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                              "@arjache@kbin.social"
                              "@taladar@sh.itjust.works"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4926 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                            -id: 276194
                            -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://sh.itjust.works/comment/7056225"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704283692 {#4913
                              date: 2024-01-03 13:08:12.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 0
                          +score: 0
                          +lastActive: DateTime @1704283988 {#5107
                            date: 2024-01-03 13:13:08.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                            "@taladar@sh.itjust.works"
                            "@ElderWendigo@sh.itjust.works"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#5099 …}
                          +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                          +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                          +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                          -id: 276202
                          -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7056271"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704283988 {#5104
                            date: 2024-01-03 13:13:08.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 5
                        +score: 0
                        +lastActive: DateTime @1704285364 {#5197
                          date: 2024-01-03 13:36:04.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                          "@ElderWendigo@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#5202 …}
                        +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                        +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                        +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                        -id: 276246
                        -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056533"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704285364 {#5194
                          date: 2024-01-03 13:36:04.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 0
                      +score: 0
                      +lastActive: DateTime @1704285542 {#5353
                        date: 2024-01-03 13:39:02.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5346 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                      -id: 276251
                      -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056563"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704285542 {#5350
                        date: 2024-01-03 13:39:02.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 3
                    +score: 0
                    +lastActive: DateTime @1704287608 {#5440
                      date: 2024-01-03 14:13:28.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5445 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                    -id: 276319
                    -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7057026"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704287608 {#5437
                      date: 2024-01-03 14:13:28.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 3
                  +score: 0
                  +lastActive: DateTime @1704288222 {#5480
                    date: 2024-01-03 14:23:42.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5483 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5487 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5489 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5490 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
                  -id: 276343
                  -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7057314"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704288222 {#5477
                    date: 2024-01-03 14:23:42.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704294264 {#5506
                  date: 2024-01-03 16:04:24.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5503 …}
                +nested: Doctrine\ORM\PersistentCollection {#5500 …}
                +votes: Doctrine\ORM\PersistentCollection {#5498 …}
                +reports: Doctrine\ORM\PersistentCollection {#5512 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
                -id: 276604
                -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://lemmy.world/comment/6381642"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704294264 {#5509
                  date: 2024-01-03 16:04:24.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 1
              +score: 0
              +lastActive: DateTime @1704296473 {#5528
                date: 2024-01-03 16:41:13.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
                "@bluespin@lemmy.world"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5525 …}
              +nested: Doctrine\ORM\PersistentCollection {#5522 …}
              +votes: Doctrine\ORM\PersistentCollection {#5520 …}
              +reports: Doctrine\ORM\PersistentCollection {#5534 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
              -id: 276723
              -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7060540"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704296473 {#5531
                date: 2024-01-03 16:41:13.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 4
            +score: 0
            +lastActive: DateTime @1704297752 {#5550
              date: 2024-01-03 17:02:32.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
              "@bluespin@lemmy.world"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5545 …}
            +nested: Doctrine\ORM\PersistentCollection {#5543 …}
            +votes: Doctrine\ORM\PersistentCollection {#5541 …}
            +reports: Doctrine\ORM\PersistentCollection {#5557 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
            -id: 276799
            -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://lemmy.ml/comment/7045805"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704297752 {#5553
              date: 2024-01-03 17:02:32.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "That is only really true of you use sudo with a zero second password caching timeout."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 0
          +score: 0
          +lastActive: DateTime @1704304064 {#5573
            date: 2024-01-03 18:47:44.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
            "@MyNameIsRichard@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5570 …}
          +nested: Doctrine\ORM\PersistentCollection {#5567 …}
          +votes: Doctrine\ORM\PersistentCollection {#5565 …}
          +reports: Doctrine\ORM\PersistentCollection {#5579 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
          -id: 277056
          -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7063638"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704304064 {#5576
            date: 2024-01-03 18:47:44.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704305517 {#5595
          date: 2024-01-03 19:11:57.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
          "@MyNameIsRichard@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5592 …}
        +nested: Doctrine\ORM\PersistentCollection {#5589 …}
        +votes: Doctrine\ORM\PersistentCollection {#5587 …}
        +reports: Doctrine\ORM\PersistentCollection {#5601 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
        -id: 277123
        -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/6384746"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704305517 {#5598
          date: 2024-01-03 19:11:57.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        > Any reduction in root access is beneficial.\n
        \n
        Such as having fewer users who are allowed to use sudo to become root and whose compromise can thus lead to a root compromise?
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704355806 {#5628
        date: 2024-01-04 09:10:06.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5631 …}
      +nested: Doctrine\ORM\PersistentCollection {#5635 …}
      +votes: Doctrine\ORM\PersistentCollection {#5637 …}
      +reports: Doctrine\ORM\PersistentCollection {#5638 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5640 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5642 …}
      -id: 278974
      -bodyTs: "'access':5 'allow':15 'becom':20 'benefici':7 'compromis':24,31 'fewer':11 'lead':27 'reduct':2 'root':4,21,30 'sudo':18 'thus':26 'use':17 'user':12 'whose':23"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7081607"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704355806 {#5625
        date: 2024-01-04 09:10:06.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Running fewer commands as root is more significant risk reduction than having an extra user. I won’t be replying further since I’m simply repeating what others have already said. If you sincerely don’t understand, I suggest doing additional research on your own."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704376839 {#5665
      date: 2024-01-04 15:00:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5668 …}
    +nested: Doctrine\ORM\PersistentCollection {#5672 …}
    +votes: Doctrine\ORM\PersistentCollection {#5674 …}
    +reports: Doctrine\ORM\PersistentCollection {#5675 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5677 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5679 …}
    -id: 279517
    -bodyTs: "'addit':41 'alreadi':30 'command':3 'extra':14 'fewer':2 'm':24 'other':28 'reduct':10 'repeat':26 'repli':20 'research':42 'risk':9 'root':5 'run':1 'said':31 'signific':8 'simpli':25 'sinc':22 'sincer':34 'suggest':39 'understand':37 'user':15 'won':17"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6400500"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704376839 {#5662
      date: 2024-01-04 15:00:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You people don’t seem to grasp that I am already not running any commands on the server as root that do not require root. This is all about administrative tasks."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704376956 {#5691
    date: 2024-01-04 15:02:36.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5688 …}
  +nested: Doctrine\ORM\PersistentCollection {#5685 …}
  +votes: Doctrine\ORM\PersistentCollection {#5683 …}
  +reports: Doctrine\ORM\PersistentCollection {#5697 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5699 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5701 …}
  -id: 279522
  -bodyTs: "'administr':30 'alreadi':11 'command':15 'grasp':7 'peopl':2 'requir':24 'root':20,25 'run':13 'seem':5 'server':18 'task':31"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7089083"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704376956 {#5694
    date: 2024-01-04 15:02:36.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5696
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5660
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5623
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5600
        +user: Proxies\__CG__\App\Entity\User {#5264 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5578
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5555
            +user: Proxies\__CG__\App\Entity\User {#5547 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5533
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5511
                +user: Proxies\__CG__\App\Entity\User {#5264 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5475
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5441
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5352
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#5198
                        +user: Proxies\__CG__\App\Entity\User {#4921 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#5106
                          +user: App\Entity\User {#4753 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4917
                            +user: Proxies\__CG__\App\Entity\User {#4921 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: App\Entity\EntryComment {#4869
                              +user: App\Entity\User {#4753 …}
                              +entry: App\Entity\Entry {#2400}
                              +magazine: App\Entity\Magazine {#265}
                              +image: null
                              +parent: App\Entity\EntryComment {#4035
                                +user: App\Entity\User {#3983 …}
                                +entry: App\Entity\Entry {#2400}
                                +magazine: App\Entity\Magazine {#265}
                                +image: null
                                +parent: null
                                +root: null
                                +body: """
                                  As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                                  \n
                                  By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                                  """
                                +lang: "en"
                                +isAdult: false
                                +favouriteCount: 13
                                +score: 0
                                +lastActive: DateTime @1711630376 {#3949
                                  date: 2024-03-28 13:52:56.0 +01:00
                                }
                                +ip: null
                                +tags: null
                                +mentions: [
                                  "@HiddenLayer5@lemmy.ml"
                                ]
                                +children: Doctrine\ORM\PersistentCollection {#4033 …}
                                +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                                +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                                +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                                +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                                +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                                -id: 276053
                                -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                                +ranking: 0
                                +commentCount: 0
                                +upVotes: 0
                                +downVotes: 0
                                +visibility: "visible             "
                                +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                                +editedAt: null
                                +createdAt: DateTimeImmutable @1704277159 {#3985
                                  date: 2024-01-03 11:19:19.0 +01:00
                                }
                              }
                              +root: App\Entity\EntryComment {#4035}
                              +body: """
                                > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                                \n
                                That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                                """
                              +lang: "en"
                              +isAdult: false
                              +favouriteCount: 1
                              +score: 0
                              +lastActive: DateTime @1704278686 {#4867
                                date: 2024-01-03 11:44:46.0 +01:00
                              }
                              +ip: null
                              +tags: null
                              +mentions: [
                                "@HiddenLayer5@lemmy.ml"
                                "@arjache@kbin.social"
                              ]
                              +children: Doctrine\ORM\PersistentCollection {#4870 …}
                              +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                              +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                              +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                              +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                              +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                              -id: 276086
                              -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                              +ranking: 0
                              +commentCount: 0
                              +upVotes: 0
                              +downVotes: 0
                              +visibility: "visible             "
                              +apId: "https://sh.itjust.works/comment/7051439"
                              +editedAt: null
                              +createdAt: DateTimeImmutable @1704278686 {#4868
                                date: 2024-01-03 11:44:46.0 +01:00
                              }
                            }
                            +root: App\Entity\EntryComment {#4035}
                            +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 5
                            +score: 0
                            +lastActive: DateTime @1704283692 {#4916
                              date: 2024-01-03 13:08:12.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                              "@arjache@kbin.social"
                              "@taladar@sh.itjust.works"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4926 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                            -id: 276194
                            -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://sh.itjust.works/comment/7056225"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704283692 {#4913
                              date: 2024-01-03 13:08:12.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 0
                          +score: 0
                          +lastActive: DateTime @1704283988 {#5107
                            date: 2024-01-03 13:13:08.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                            "@taladar@sh.itjust.works"
                            "@ElderWendigo@sh.itjust.works"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#5099 …}
                          +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                          +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                          +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                          -id: 276202
                          -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7056271"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704283988 {#5104
                            date: 2024-01-03 13:13:08.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 5
                        +score: 0
                        +lastActive: DateTime @1704285364 {#5197
                          date: 2024-01-03 13:36:04.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                          "@ElderWendigo@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#5202 …}
                        +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                        +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                        +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                        -id: 276246
                        -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056533"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704285364 {#5194
                          date: 2024-01-03 13:36:04.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 0
                      +score: 0
                      +lastActive: DateTime @1704285542 {#5353
                        date: 2024-01-03 13:39:02.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5346 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                      -id: 276251
                      -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056563"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704285542 {#5350
                        date: 2024-01-03 13:39:02.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 3
                    +score: 0
                    +lastActive: DateTime @1704287608 {#5440
                      date: 2024-01-03 14:13:28.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5445 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                    -id: 276319
                    -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7057026"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704287608 {#5437
                      date: 2024-01-03 14:13:28.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 3
                  +score: 0
                  +lastActive: DateTime @1704288222 {#5480
                    date: 2024-01-03 14:23:42.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5483 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5487 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5489 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5490 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
                  -id: 276343
                  -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7057314"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704288222 {#5477
                    date: 2024-01-03 14:23:42.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704294264 {#5506
                  date: 2024-01-03 16:04:24.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5503 …}
                +nested: Doctrine\ORM\PersistentCollection {#5500 …}
                +votes: Doctrine\ORM\PersistentCollection {#5498 …}
                +reports: Doctrine\ORM\PersistentCollection {#5512 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
                -id: 276604
                -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://lemmy.world/comment/6381642"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704294264 {#5509
                  date: 2024-01-03 16:04:24.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 1
              +score: 0
              +lastActive: DateTime @1704296473 {#5528
                date: 2024-01-03 16:41:13.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
                "@bluespin@lemmy.world"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5525 …}
              +nested: Doctrine\ORM\PersistentCollection {#5522 …}
              +votes: Doctrine\ORM\PersistentCollection {#5520 …}
              +reports: Doctrine\ORM\PersistentCollection {#5534 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
              -id: 276723
              -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7060540"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704296473 {#5531
                date: 2024-01-03 16:41:13.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 4
            +score: 0
            +lastActive: DateTime @1704297752 {#5550
              date: 2024-01-03 17:02:32.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
              "@bluespin@lemmy.world"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5545 …}
            +nested: Doctrine\ORM\PersistentCollection {#5543 …}
            +votes: Doctrine\ORM\PersistentCollection {#5541 …}
            +reports: Doctrine\ORM\PersistentCollection {#5557 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
            -id: 276799
            -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://lemmy.ml/comment/7045805"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704297752 {#5553
              date: 2024-01-03 17:02:32.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "That is only really true of you use sudo with a zero second password caching timeout."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 0
          +score: 0
          +lastActive: DateTime @1704304064 {#5573
            date: 2024-01-03 18:47:44.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
            "@MyNameIsRichard@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5570 …}
          +nested: Doctrine\ORM\PersistentCollection {#5567 …}
          +votes: Doctrine\ORM\PersistentCollection {#5565 …}
          +reports: Doctrine\ORM\PersistentCollection {#5579 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
          -id: 277056
          -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7063638"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704304064 {#5576
            date: 2024-01-03 18:47:44.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You seem to be looking at the issue in black and white. Any reduction in root access is beneficial. Using sudo with password cache lasting an hour is still preferable to signing in as root. As many people have said, it’s about minimizing attack surface"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704305517 {#5595
          date: 2024-01-03 19:11:57.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
          "@MyNameIsRichard@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5592 …}
        +nested: Doctrine\ORM\PersistentCollection {#5589 …}
        +votes: Doctrine\ORM\PersistentCollection {#5587 …}
        +reports: Doctrine\ORM\PersistentCollection {#5601 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5603 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5605 …}
        -id: 277123
        -bodyTs: "'access':17 'attack':45 'benefici':19 'black':10 'cach':24 'hour':27 'issu':8 'last':25 'look':5 'mani':37 'minim':44 'password':23 'peopl':38 'prefer':30 'reduct':14 'root':16,35 'said':40 'seem':2 'sign':32 'still':29 'sudo':21 'surfac':46 'use':20 'white':12"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/6384746"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704305517 {#5598
          date: 2024-01-03 19:11:57.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        > Any reduction in root access is beneficial.\n
        \n
        Such as having fewer users who are allowed to use sudo to become root and whose compromise can thus lead to a root compromise?
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704355806 {#5628
        date: 2024-01-04 09:10:06.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5631 …}
      +nested: Doctrine\ORM\PersistentCollection {#5635 …}
      +votes: Doctrine\ORM\PersistentCollection {#5637 …}
      +reports: Doctrine\ORM\PersistentCollection {#5638 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5640 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5642 …}
      -id: 278974
      -bodyTs: "'access':5 'allow':15 'becom':20 'benefici':7 'compromis':24,31 'fewer':11 'lead':27 'reduct':2 'root':4,21,30 'sudo':18 'thus':26 'use':17 'user':12 'whose':23"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7081607"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704355806 {#5625
        date: 2024-01-04 09:10:06.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Running fewer commands as root is more significant risk reduction than having an extra user. I won’t be replying further since I’m simply repeating what others have already said. If you sincerely don’t understand, I suggest doing additional research on your own."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704376839 {#5665
      date: 2024-01-04 15:00:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5668 …}
    +nested: Doctrine\ORM\PersistentCollection {#5672 …}
    +votes: Doctrine\ORM\PersistentCollection {#5674 …}
    +reports: Doctrine\ORM\PersistentCollection {#5675 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5677 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5679 …}
    -id: 279517
    -bodyTs: "'addit':41 'alreadi':30 'command':3 'extra':14 'fewer':2 'm':24 'other':28 'reduct':10 'repeat':26 'repli':20 'research':42 'risk':9 'root':5 'run':1 'said':31 'signific':8 'simpli':25 'sinc':22 'sincer':34 'suggest':39 'understand':37 'user':15 'won':17"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6400500"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704376839 {#5662
      date: 2024-01-04 15:00:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You people don’t seem to grasp that I am already not running any commands on the server as root that do not require root. This is all about administrative tasks."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704376956 {#5691
    date: 2024-01-04 15:02:36.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5688 …}
  +nested: Doctrine\ORM\PersistentCollection {#5685 …}
  +votes: Doctrine\ORM\PersistentCollection {#5683 …}
  +reports: Doctrine\ORM\PersistentCollection {#5697 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5699 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5701 …}
  -id: 279522
  -bodyTs: "'administr':30 'alreadi':11 'command':15 'grasp':7 'peopl':2 'requir':24 'root':20,25 'run':13 'seem':5 'server':18 'task':31"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7089083"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704376956 {#5694
    date: 2024-01-04 15:02:36.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5609
  +user: Proxies\__CG__\App\Entity\User {#5547 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5578
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5555
      +user: Proxies\__CG__\App\Entity\User {#5547 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5533
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5511
          +user: Proxies\__CG__\App\Entity\User {#5264 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5475
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5441
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5352
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5198
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5106
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4917
                      +user: Proxies\__CG__\App\Entity\User {#4921 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4869
                        +user: App\Entity\User {#4753 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4035
                          +user: App\Entity\User {#3983 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: null
                          +root: null
                          +body: """
                            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                            \n
                            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 13
                          +score: 0
                          +lastActive: DateTime @1711630376 {#3949
                            date: 2024-03-28 13:52:56.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4033 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                          -id: 276053
                          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704277159 {#3985
                            date: 2024-01-03 11:19:19.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: """
                          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                          \n
                          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                          """
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 1
                        +score: 0
                        +lastActive: DateTime @1704278686 {#4867
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4870 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                        -id: 276086
                        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7051439"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704278686 {#4868
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 5
                      +score: 0
                      +lastActive: DateTime @1704283692 {#4916
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4926 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                      -id: 276194
                      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056225"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283692 {#4913
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 0
                    +score: 0
                    +lastActive: DateTime @1704283988 {#5107
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5099 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                    -id: 276202
                    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056271"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704283988 {#5104
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 5
                  +score: 0
                  +lastActive: DateTime @1704285364 {#5197
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5202 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                  -id: 276246
                  -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056533"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285364 {#5194
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 0
                +score: 0
                +lastActive: DateTime @1704285542 {#5353
                  date: 2024-01-03 13:39:02.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5346 …}
                +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                -id: 276251
                -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056563"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704285542 {#5350
                  date: 2024-01-03 13:39:02.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704287608 {#5440
                date: 2024-01-03 14:13:28.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5445 …}
              +nested: Doctrine\ORM\PersistentCollection {#5451 …}
              +votes: Doctrine\ORM\PersistentCollection {#5447 …}
              +reports: Doctrine\ORM\PersistentCollection {#5452 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
              -id: 276319
              -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057026"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704287608 {#5437
                date: 2024-01-03 14:13:28.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704288222 {#5480
              date: 2024-01-03 14:23:42.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5483 …}
            +nested: Doctrine\ORM\PersistentCollection {#5487 …}
            +votes: Doctrine\ORM\PersistentCollection {#5489 …}
            +reports: Doctrine\ORM\PersistentCollection {#5490 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
            -id: 276343
            -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7057314"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704288222 {#5477
              date: 2024-01-03 14:23:42.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704294264 {#5506
            date: 2024-01-03 16:04:24.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5503 …}
          +nested: Doctrine\ORM\PersistentCollection {#5500 …}
          +votes: Doctrine\ORM\PersistentCollection {#5498 …}
          +reports: Doctrine\ORM\PersistentCollection {#5512 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
          -id: 276604
          -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.world/comment/6381642"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704294264 {#5509
            date: 2024-01-03 16:04:24.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704296473 {#5528
          date: 2024-01-03 16:41:13.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5525 …}
        +nested: Doctrine\ORM\PersistentCollection {#5522 …}
        +votes: Doctrine\ORM\PersistentCollection {#5520 …}
        +reports: Doctrine\ORM\PersistentCollection {#5534 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
        -id: 276723
        -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7060540"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704296473 {#5531
          date: 2024-01-03 16:41:13.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 4
      +score: 0
      +lastActive: DateTime @1704297752 {#5550
        date: 2024-01-03 17:02:32.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5545 …}
      +nested: Doctrine\ORM\PersistentCollection {#5543 …}
      +votes: Doctrine\ORM\PersistentCollection {#5541 …}
      +reports: Doctrine\ORM\PersistentCollection {#5557 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
      -id: 276799
      -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7045805"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704297752 {#5553
        date: 2024-01-03 17:02:32.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "That is only really true of you use sudo with a zero second password caching timeout."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704304064 {#5573
      date: 2024-01-03 18:47:44.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5570 …}
    +nested: Doctrine\ORM\PersistentCollection {#5567 …}
    +votes: Doctrine\ORM\PersistentCollection {#5565 …}
    +reports: Doctrine\ORM\PersistentCollection {#5579 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
    -id: 277056
    -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7063638"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704304064 {#5576
      date: 2024-01-03 18:47:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Not true. While you won’t always have to enter your password, not every command will have elevated rights."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704358064 {#5607
    date: 2024-01-04 09:47:44.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5610 …}
  +nested: Doctrine\ORM\PersistentCollection {#5612 …}
  +votes: Doctrine\ORM\PersistentCollection {#5614 …}
  +reports: Doctrine\ORM\PersistentCollection {#5616 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5618 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5620 …}
  -id: 279020
  -bodyTs: "'alway':7 'command':15 'elev':18 'enter':10 'everi':14 'password':12 'right':19 'true':2 'won':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7062636"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704358064 {#5608
    date: 2024-01-04 09:47:44.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5609
  +user: Proxies\__CG__\App\Entity\User {#5547 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5578
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5555
      +user: Proxies\__CG__\App\Entity\User {#5547 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5533
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5511
          +user: Proxies\__CG__\App\Entity\User {#5264 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5475
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5441
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5352
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5198
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5106
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4917
                      +user: Proxies\__CG__\App\Entity\User {#4921 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4869
                        +user: App\Entity\User {#4753 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4035
                          +user: App\Entity\User {#3983 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: null
                          +root: null
                          +body: """
                            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                            \n
                            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 13
                          +score: 0
                          +lastActive: DateTime @1711630376 {#3949
                            date: 2024-03-28 13:52:56.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4033 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                          -id: 276053
                          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704277159 {#3985
                            date: 2024-01-03 11:19:19.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: """
                          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                          \n
                          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                          """
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 1
                        +score: 0
                        +lastActive: DateTime @1704278686 {#4867
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4870 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                        -id: 276086
                        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7051439"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704278686 {#4868
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 5
                      +score: 0
                      +lastActive: DateTime @1704283692 {#4916
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4926 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                      -id: 276194
                      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056225"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283692 {#4913
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 0
                    +score: 0
                    +lastActive: DateTime @1704283988 {#5107
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5099 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                    -id: 276202
                    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056271"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704283988 {#5104
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 5
                  +score: 0
                  +lastActive: DateTime @1704285364 {#5197
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5202 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                  -id: 276246
                  -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056533"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285364 {#5194
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 0
                +score: 0
                +lastActive: DateTime @1704285542 {#5353
                  date: 2024-01-03 13:39:02.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5346 …}
                +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                -id: 276251
                -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056563"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704285542 {#5350
                  date: 2024-01-03 13:39:02.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704287608 {#5440
                date: 2024-01-03 14:13:28.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5445 …}
              +nested: Doctrine\ORM\PersistentCollection {#5451 …}
              +votes: Doctrine\ORM\PersistentCollection {#5447 …}
              +reports: Doctrine\ORM\PersistentCollection {#5452 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
              -id: 276319
              -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057026"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704287608 {#5437
                date: 2024-01-03 14:13:28.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704288222 {#5480
              date: 2024-01-03 14:23:42.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5483 …}
            +nested: Doctrine\ORM\PersistentCollection {#5487 …}
            +votes: Doctrine\ORM\PersistentCollection {#5489 …}
            +reports: Doctrine\ORM\PersistentCollection {#5490 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
            -id: 276343
            -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7057314"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704288222 {#5477
              date: 2024-01-03 14:23:42.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704294264 {#5506
            date: 2024-01-03 16:04:24.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5503 …}
          +nested: Doctrine\ORM\PersistentCollection {#5500 …}
          +votes: Doctrine\ORM\PersistentCollection {#5498 …}
          +reports: Doctrine\ORM\PersistentCollection {#5512 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
          -id: 276604
          -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.world/comment/6381642"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704294264 {#5509
            date: 2024-01-03 16:04:24.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704296473 {#5528
          date: 2024-01-03 16:41:13.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5525 …}
        +nested: Doctrine\ORM\PersistentCollection {#5522 …}
        +votes: Doctrine\ORM\PersistentCollection {#5520 …}
        +reports: Doctrine\ORM\PersistentCollection {#5534 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
        -id: 276723
        -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7060540"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704296473 {#5531
          date: 2024-01-03 16:41:13.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 4
      +score: 0
      +lastActive: DateTime @1704297752 {#5550
        date: 2024-01-03 17:02:32.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5545 …}
      +nested: Doctrine\ORM\PersistentCollection {#5543 …}
      +votes: Doctrine\ORM\PersistentCollection {#5541 …}
      +reports: Doctrine\ORM\PersistentCollection {#5557 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
      -id: 276799
      -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7045805"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704297752 {#5553
        date: 2024-01-03 17:02:32.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "That is only really true of you use sudo with a zero second password caching timeout."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704304064 {#5573
      date: 2024-01-03 18:47:44.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5570 …}
    +nested: Doctrine\ORM\PersistentCollection {#5567 …}
    +votes: Doctrine\ORM\PersistentCollection {#5565 …}
    +reports: Doctrine\ORM\PersistentCollection {#5579 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
    -id: 277056
    -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7063638"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704304064 {#5576
      date: 2024-01-03 18:47:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Not true. While you won’t always have to enter your password, not every command will have elevated rights."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704358064 {#5607
    date: 2024-01-04 09:47:44.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5610 …}
  +nested: Doctrine\ORM\PersistentCollection {#5612 …}
  +votes: Doctrine\ORM\PersistentCollection {#5614 …}
  +reports: Doctrine\ORM\PersistentCollection {#5616 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5618 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5620 …}
  -id: 279020
  -bodyTs: "'alway':7 'command':15 'elev':18 'enter':10 'everi':14 'password':12 'right':19 'true':2 'won':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7062636"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704358064 {#5608
    date: 2024-01-04 09:47:44.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5609
  +user: Proxies\__CG__\App\Entity\User {#5547 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5578
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5555
      +user: Proxies\__CG__\App\Entity\User {#5547 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5533
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5511
          +user: Proxies\__CG__\App\Entity\User {#5264 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5475
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5441
              +user: Proxies\__CG__\App\Entity\User {#4921 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5352
                +user: App\Entity\User {#4753 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5198
                  +user: Proxies\__CG__\App\Entity\User {#4921 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5106
                    +user: App\Entity\User {#4753 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#4917
                      +user: Proxies\__CG__\App\Entity\User {#4921 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4869
                        +user: App\Entity\User {#4753 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4035
                          +user: App\Entity\User {#3983 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: null
                          +root: null
                          +body: """
                            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                            \n
                            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 13
                          +score: 0
                          +lastActive: DateTime @1711630376 {#3949
                            date: 2024-03-28 13:52:56.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4033 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                          -id: 276053
                          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704277159 {#3985
                            date: 2024-01-03 11:19:19.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: """
                          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                          \n
                          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                          """
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 1
                        +score: 0
                        +lastActive: DateTime @1704278686 {#4867
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4870 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                        -id: 276086
                        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7051439"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704278686 {#4868
                          date: 2024-01-03 11:44:46.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 5
                      +score: 0
                      +lastActive: DateTime @1704283692 {#4916
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#4926 …}
                      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                      -id: 276194
                      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056225"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283692 {#4913
                        date: 2024-01-03 13:08:12.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 0
                    +score: 0
                    +lastActive: DateTime @1704283988 {#5107
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5099 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                    -id: 276202
                    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056271"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704283988 {#5104
                      date: 2024-01-03 13:13:08.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 5
                  +score: 0
                  +lastActive: DateTime @1704285364 {#5197
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5202 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                  -id: 276246
                  -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056533"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285364 {#5194
                    date: 2024-01-03 13:36:04.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 0
                +score: 0
                +lastActive: DateTime @1704285542 {#5353
                  date: 2024-01-03 13:39:02.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5346 …}
                +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                -id: 276251
                -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7056563"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704285542 {#5350
                  date: 2024-01-03 13:39:02.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704287608 {#5440
                date: 2024-01-03 14:13:28.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5445 …}
              +nested: Doctrine\ORM\PersistentCollection {#5451 …}
              +votes: Doctrine\ORM\PersistentCollection {#5447 …}
              +reports: Doctrine\ORM\PersistentCollection {#5452 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
              -id: 276319
              -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057026"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704287608 {#5437
                date: 2024-01-03 14:13:28.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704288222 {#5480
              date: 2024-01-03 14:23:42.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5483 …}
            +nested: Doctrine\ORM\PersistentCollection {#5487 …}
            +votes: Doctrine\ORM\PersistentCollection {#5489 …}
            +reports: Doctrine\ORM\PersistentCollection {#5490 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
            -id: 276343
            -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7057314"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704288222 {#5477
              date: 2024-01-03 14:23:42.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704294264 {#5506
            date: 2024-01-03 16:04:24.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5503 …}
          +nested: Doctrine\ORM\PersistentCollection {#5500 …}
          +votes: Doctrine\ORM\PersistentCollection {#5498 …}
          +reports: Doctrine\ORM\PersistentCollection {#5512 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
          -id: 276604
          -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.world/comment/6381642"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704294264 {#5509
            date: 2024-01-03 16:04:24.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704296473 {#5528
          date: 2024-01-03 16:41:13.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5525 …}
        +nested: Doctrine\ORM\PersistentCollection {#5522 …}
        +votes: Doctrine\ORM\PersistentCollection {#5520 …}
        +reports: Doctrine\ORM\PersistentCollection {#5534 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
        -id: 276723
        -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7060540"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704296473 {#5531
          date: 2024-01-03 16:41:13.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 4
      +score: 0
      +lastActive: DateTime @1704297752 {#5550
        date: 2024-01-03 17:02:32.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5545 …}
      +nested: Doctrine\ORM\PersistentCollection {#5543 …}
      +votes: Doctrine\ORM\PersistentCollection {#5541 …}
      +reports: Doctrine\ORM\PersistentCollection {#5557 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
      -id: 276799
      -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7045805"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704297752 {#5553
        date: 2024-01-03 17:02:32.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "That is only really true of you use sudo with a zero second password caching timeout."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704304064 {#5573
      date: 2024-01-03 18:47:44.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5570 …}
    +nested: Doctrine\ORM\PersistentCollection {#5567 …}
    +votes: Doctrine\ORM\PersistentCollection {#5565 …}
    +reports: Doctrine\ORM\PersistentCollection {#5579 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
    -id: 277056
    -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7063638"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704304064 {#5576
      date: 2024-01-03 18:47:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Not true. While you won’t always have to enter your password, not every command will have elevated rights."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704358064 {#5607
    date: 2024-01-04 09:47:44.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5610 …}
  +nested: Doctrine\ORM\PersistentCollection {#5612 …}
  +votes: Doctrine\ORM\PersistentCollection {#5614 …}
  +reports: Doctrine\ORM\PersistentCollection {#5616 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5618 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5620 …}
  -id: 279020
  -bodyTs: "'alway':7 'command':15 'elev':18 'enter':10 'everi':14 'password':12 'right':19 'true':2 'won':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7062636"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704358064 {#5608
    date: 2024-01-04 09:47:44.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5646
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5609
    +user: Proxies\__CG__\App\Entity\User {#5547 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5578
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5555
        +user: Proxies\__CG__\App\Entity\User {#5547 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5533
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5511
            +user: Proxies\__CG__\App\Entity\User {#5264 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5475
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5441
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5352
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5198
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5106
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4917
                        +user: Proxies\__CG__\App\Entity\User {#4921 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4869
                          +user: App\Entity\User {#4753 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4035
                            +user: App\Entity\User {#3983 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: null
                            +root: null
                            +body: """
                              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                              \n
                              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                              """
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 13
                            +score: 0
                            +lastActive: DateTime @1711630376 {#3949
                              date: 2024-03-28 13:52:56.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4033 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                            -id: 276053
                            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704277159 {#3985
                              date: 2024-01-03 11:19:19.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: """
                            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                            \n
                            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 1
                          +score: 0
                          +lastActive: DateTime @1704278686 {#4867
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4870 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                          -id: 276086
                          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7051439"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704278686 {#4868
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 5
                        +score: 0
                        +lastActive: DateTime @1704283692 {#4916
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4926 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                        -id: 276194
                        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056225"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704283692 {#4913
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 0
                      +score: 0
                      +lastActive: DateTime @1704283988 {#5107
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5099 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                      -id: 276202
                      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056271"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283988 {#5104
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 5
                    +score: 0
                    +lastActive: DateTime @1704285364 {#5197
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5202 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                    -id: 276246
                    -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056533"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704285364 {#5194
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 0
                  +score: 0
                  +lastActive: DateTime @1704285542 {#5353
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5346 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                  -id: 276251
                  -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056563"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285542 {#5350
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704287608 {#5440
                  date: 2024-01-03 14:13:28.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5445 …}
                +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                -id: 276319
                -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7057026"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704287608 {#5437
                  date: 2024-01-03 14:13:28.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704288222 {#5480
                date: 2024-01-03 14:23:42.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5483 …}
              +nested: Doctrine\ORM\PersistentCollection {#5487 …}
              +votes: Doctrine\ORM\PersistentCollection {#5489 …}
              +reports: Doctrine\ORM\PersistentCollection {#5490 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
              -id: 276343
              -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057314"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704288222 {#5477
                date: 2024-01-03 14:23:42.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704294264 {#5506
              date: 2024-01-03 16:04:24.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5503 …}
            +nested: Doctrine\ORM\PersistentCollection {#5500 …}
            +votes: Doctrine\ORM\PersistentCollection {#5498 …}
            +reports: Doctrine\ORM\PersistentCollection {#5512 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
            -id: 276604
            -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://lemmy.world/comment/6381642"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704294264 {#5509
              date: 2024-01-03 16:04:24.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704296473 {#5528
            date: 2024-01-03 16:41:13.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5525 …}
          +nested: Doctrine\ORM\PersistentCollection {#5522 …}
          +votes: Doctrine\ORM\PersistentCollection {#5520 …}
          +reports: Doctrine\ORM\PersistentCollection {#5534 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
          -id: 276723
          -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7060540"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704296473 {#5531
            date: 2024-01-03 16:41:13.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 4
        +score: 0
        +lastActive: DateTime @1704297752 {#5550
          date: 2024-01-03 17:02:32.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5545 …}
        +nested: Doctrine\ORM\PersistentCollection {#5543 …}
        +votes: Doctrine\ORM\PersistentCollection {#5541 …}
        +reports: Doctrine\ORM\PersistentCollection {#5557 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
        -id: 276799
        -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7045805"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704297752 {#5553
          date: 2024-01-03 17:02:32.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "That is only really true of you use sudo with a zero second password caching timeout."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704304064 {#5573
        date: 2024-01-03 18:47:44.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5570 …}
      +nested: Doctrine\ORM\PersistentCollection {#5567 …}
      +votes: Doctrine\ORM\PersistentCollection {#5565 …}
      +reports: Doctrine\ORM\PersistentCollection {#5579 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
      -id: 277056
      -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7063638"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704304064 {#5576
        date: 2024-01-03 18:47:44.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Not true. While you won’t always have to enter your password, not every command will have elevated rights."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704358064 {#5607
      date: 2024-01-04 09:47:44.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5610 …}
    +nested: Doctrine\ORM\PersistentCollection {#5612 …}
    +votes: Doctrine\ORM\PersistentCollection {#5614 …}
    +reports: Doctrine\ORM\PersistentCollection {#5616 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5618 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5620 …}
    -id: 279020
    -bodyTs: "'alway':7 'command':15 'elev':18 'enter':10 'everi':14 'password':12 'right':19 'true':2 'won':5"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7062636"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704358064 {#5608
      date: 2024-01-04 09:47:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "The vast majority of commands when debugging actual issues on the system or performing administrative tasks do require root. Out of the others some give you incomplete results when called as a regular user and 90% of the rest shouldn’t be run on the server in the first place if you can avoid it but directly on your client computer (e.g. looking up documentation)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704362423 {#5644
    date: 2024-01-04 11:00:23.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5647 …}
  +nested: Doctrine\ORM\PersistentCollection {#5649 …}
  +votes: Doctrine\ORM\PersistentCollection {#5651 …}
  +reports: Doctrine\ORM\PersistentCollection {#5653 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5655 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5657 …}
  -id: 279102
  -bodyTs: "'90':36 'actual':8 'administr':15 'avoid':54 'call':30 'client':60 'command':5 'comput':61 'debug':7 'direct':57 'document':65 'e.g':62 'first':49 'give':25 'incomplet':27 'issu':9 'look':63 'major':3 'other':23 'perform':14 'place':50 'regular':33 'requir':18 'rest':39 'result':28 'root':19 'run':43 'server':46 'shouldn':40 'system':12 'task':16 'user':34 'vast':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7084151"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704362423 {#5645
    date: 2024-01-04 11:00:23.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5646
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5609
    +user: Proxies\__CG__\App\Entity\User {#5547 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5578
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5555
        +user: Proxies\__CG__\App\Entity\User {#5547 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5533
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5511
            +user: Proxies\__CG__\App\Entity\User {#5264 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5475
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5441
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5352
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5198
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5106
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4917
                        +user: Proxies\__CG__\App\Entity\User {#4921 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4869
                          +user: App\Entity\User {#4753 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4035
                            +user: App\Entity\User {#3983 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: null
                            +root: null
                            +body: """
                              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                              \n
                              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                              """
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 13
                            +score: 0
                            +lastActive: DateTime @1711630376 {#3949
                              date: 2024-03-28 13:52:56.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4033 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                            -id: 276053
                            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704277159 {#3985
                              date: 2024-01-03 11:19:19.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: """
                            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                            \n
                            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 1
                          +score: 0
                          +lastActive: DateTime @1704278686 {#4867
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4870 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                          -id: 276086
                          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7051439"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704278686 {#4868
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 5
                        +score: 0
                        +lastActive: DateTime @1704283692 {#4916
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4926 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                        -id: 276194
                        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056225"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704283692 {#4913
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 0
                      +score: 0
                      +lastActive: DateTime @1704283988 {#5107
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5099 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                      -id: 276202
                      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056271"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283988 {#5104
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 5
                    +score: 0
                    +lastActive: DateTime @1704285364 {#5197
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5202 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                    -id: 276246
                    -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056533"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704285364 {#5194
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 0
                  +score: 0
                  +lastActive: DateTime @1704285542 {#5353
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5346 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                  -id: 276251
                  -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056563"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285542 {#5350
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704287608 {#5440
                  date: 2024-01-03 14:13:28.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5445 …}
                +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                -id: 276319
                -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7057026"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704287608 {#5437
                  date: 2024-01-03 14:13:28.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704288222 {#5480
                date: 2024-01-03 14:23:42.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5483 …}
              +nested: Doctrine\ORM\PersistentCollection {#5487 …}
              +votes: Doctrine\ORM\PersistentCollection {#5489 …}
              +reports: Doctrine\ORM\PersistentCollection {#5490 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
              -id: 276343
              -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057314"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704288222 {#5477
                date: 2024-01-03 14:23:42.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704294264 {#5506
              date: 2024-01-03 16:04:24.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5503 …}
            +nested: Doctrine\ORM\PersistentCollection {#5500 …}
            +votes: Doctrine\ORM\PersistentCollection {#5498 …}
            +reports: Doctrine\ORM\PersistentCollection {#5512 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
            -id: 276604
            -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://lemmy.world/comment/6381642"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704294264 {#5509
              date: 2024-01-03 16:04:24.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704296473 {#5528
            date: 2024-01-03 16:41:13.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5525 …}
          +nested: Doctrine\ORM\PersistentCollection {#5522 …}
          +votes: Doctrine\ORM\PersistentCollection {#5520 …}
          +reports: Doctrine\ORM\PersistentCollection {#5534 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
          -id: 276723
          -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7060540"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704296473 {#5531
            date: 2024-01-03 16:41:13.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 4
        +score: 0
        +lastActive: DateTime @1704297752 {#5550
          date: 2024-01-03 17:02:32.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5545 …}
        +nested: Doctrine\ORM\PersistentCollection {#5543 …}
        +votes: Doctrine\ORM\PersistentCollection {#5541 …}
        +reports: Doctrine\ORM\PersistentCollection {#5557 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
        -id: 276799
        -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7045805"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704297752 {#5553
          date: 2024-01-03 17:02:32.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "That is only really true of you use sudo with a zero second password caching timeout."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704304064 {#5573
        date: 2024-01-03 18:47:44.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5570 …}
      +nested: Doctrine\ORM\PersistentCollection {#5567 …}
      +votes: Doctrine\ORM\PersistentCollection {#5565 …}
      +reports: Doctrine\ORM\PersistentCollection {#5579 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
      -id: 277056
      -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7063638"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704304064 {#5576
        date: 2024-01-03 18:47:44.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Not true. While you won’t always have to enter your password, not every command will have elevated rights."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704358064 {#5607
      date: 2024-01-04 09:47:44.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5610 …}
    +nested: Doctrine\ORM\PersistentCollection {#5612 …}
    +votes: Doctrine\ORM\PersistentCollection {#5614 …}
    +reports: Doctrine\ORM\PersistentCollection {#5616 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5618 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5620 …}
    -id: 279020
    -bodyTs: "'alway':7 'command':15 'elev':18 'enter':10 'everi':14 'password':12 'right':19 'true':2 'won':5"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7062636"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704358064 {#5608
      date: 2024-01-04 09:47:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "The vast majority of commands when debugging actual issues on the system or performing administrative tasks do require root. Out of the others some give you incomplete results when called as a regular user and 90% of the rest shouldn’t be run on the server in the first place if you can avoid it but directly on your client computer (e.g. looking up documentation)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704362423 {#5644
    date: 2024-01-04 11:00:23.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5647 …}
  +nested: Doctrine\ORM\PersistentCollection {#5649 …}
  +votes: Doctrine\ORM\PersistentCollection {#5651 …}
  +reports: Doctrine\ORM\PersistentCollection {#5653 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5655 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5657 …}
  -id: 279102
  -bodyTs: "'90':36 'actual':8 'administr':15 'avoid':54 'call':30 'client':60 'command':5 'comput':61 'debug':7 'direct':57 'document':65 'e.g':62 'first':49 'give':25 'incomplet':27 'issu':9 'look':63 'major':3 'other':23 'perform':14 'place':50 'regular':33 'requir':18 'rest':39 'result':28 'root':19 'run':43 'server':46 'shouldn':40 'system':12 'task':16 'user':34 'vast':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7084151"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704362423 {#5645
    date: 2024-01-04 11:00:23.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5646
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5609
    +user: Proxies\__CG__\App\Entity\User {#5547 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5578
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5555
        +user: Proxies\__CG__\App\Entity\User {#5547 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#5533
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#5511
            +user: Proxies\__CG__\App\Entity\User {#5264 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#5475
              +user: App\Entity\User {#4753 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: App\Entity\EntryComment {#5441
                +user: Proxies\__CG__\App\Entity\User {#4921 …}
                +entry: App\Entity\Entry {#2400}
                +magazine: App\Entity\Magazine {#265}
                +image: null
                +parent: App\Entity\EntryComment {#5352
                  +user: App\Entity\User {#4753 …}
                  +entry: App\Entity\Entry {#2400}
                  +magazine: App\Entity\Magazine {#265}
                  +image: null
                  +parent: App\Entity\EntryComment {#5198
                    +user: Proxies\__CG__\App\Entity\User {#4921 …}
                    +entry: App\Entity\Entry {#2400}
                    +magazine: App\Entity\Magazine {#265}
                    +image: null
                    +parent: App\Entity\EntryComment {#5106
                      +user: App\Entity\User {#4753 …}
                      +entry: App\Entity\Entry {#2400}
                      +magazine: App\Entity\Magazine {#265}
                      +image: null
                      +parent: App\Entity\EntryComment {#4917
                        +user: Proxies\__CG__\App\Entity\User {#4921 …}
                        +entry: App\Entity\Entry {#2400}
                        +magazine: App\Entity\Magazine {#265}
                        +image: null
                        +parent: App\Entity\EntryComment {#4869
                          +user: App\Entity\User {#4753 …}
                          +entry: App\Entity\Entry {#2400}
                          +magazine: App\Entity\Magazine {#265}
                          +image: null
                          +parent: App\Entity\EntryComment {#4035
                            +user: App\Entity\User {#3983 …}
                            +entry: App\Entity\Entry {#2400}
                            +magazine: App\Entity\Magazine {#265}
                            +image: null
                            +parent: null
                            +root: null
                            +body: """
                              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                              \n
                              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                              """
                            +lang: "en"
                            +isAdult: false
                            +favouriteCount: 13
                            +score: 0
                            +lastActive: DateTime @1711630376 {#3949
                              date: 2024-03-28 13:52:56.0 +01:00
                            }
                            +ip: null
                            +tags: null
                            +mentions: [
                              "@HiddenLayer5@lemmy.ml"
                            ]
                            +children: Doctrine\ORM\PersistentCollection {#4033 …}
                            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
                            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
                            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
                            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
                            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
                            -id: 276053
                            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
                            +ranking: 0
                            +commentCount: 0
                            +upVotes: 0
                            +downVotes: 0
                            +visibility: "visible             "
                            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
                            +editedAt: null
                            +createdAt: DateTimeImmutable @1704277159 {#3985
                              date: 2024-01-03 11:19:19.0 +01:00
                            }
                          }
                          +root: App\Entity\EntryComment {#4035}
                          +body: """
                            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
                            \n
                            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
                            """
                          +lang: "en"
                          +isAdult: false
                          +favouriteCount: 1
                          +score: 0
                          +lastActive: DateTime @1704278686 {#4867
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                          +ip: null
                          +tags: null
                          +mentions: [
                            "@HiddenLayer5@lemmy.ml"
                            "@arjache@kbin.social"
                          ]
                          +children: Doctrine\ORM\PersistentCollection {#4870 …}
                          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
                          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
                          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
                          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
                          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
                          -id: 276086
                          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
                          +ranking: 0
                          +commentCount: 0
                          +upVotes: 0
                          +downVotes: 0
                          +visibility: "visible             "
                          +apId: "https://sh.itjust.works/comment/7051439"
                          +editedAt: null
                          +createdAt: DateTimeImmutable @1704278686 {#4868
                            date: 2024-01-03 11:44:46.0 +01:00
                          }
                        }
                        +root: App\Entity\EntryComment {#4035}
                        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
                        +lang: "en"
                        +isAdult: false
                        +favouriteCount: 5
                        +score: 0
                        +lastActive: DateTime @1704283692 {#4916
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                        +ip: null
                        +tags: null
                        +mentions: [
                          "@HiddenLayer5@lemmy.ml"
                          "@arjache@kbin.social"
                          "@taladar@sh.itjust.works"
                        ]
                        +children: Doctrine\ORM\PersistentCollection {#4926 …}
                        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
                        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
                        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
                        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
                        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
                        -id: 276194
                        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
                        +ranking: 0
                        +commentCount: 0
                        +upVotes: 0
                        +downVotes: 0
                        +visibility: "visible             "
                        +apId: "https://sh.itjust.works/comment/7056225"
                        +editedAt: null
                        +createdAt: DateTimeImmutable @1704283692 {#4913
                          date: 2024-01-03 13:08:12.0 +01:00
                        }
                      }
                      +root: App\Entity\EntryComment {#4035}
                      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
                      +lang: "en"
                      +isAdult: false
                      +favouriteCount: 0
                      +score: 0
                      +lastActive: DateTime @1704283988 {#5107
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                      +ip: null
                      +tags: null
                      +mentions: [
                        "@HiddenLayer5@lemmy.ml"
                        "@arjache@kbin.social"
                        "@taladar@sh.itjust.works"
                        "@ElderWendigo@sh.itjust.works"
                      ]
                      +children: Doctrine\ORM\PersistentCollection {#5099 …}
                      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
                      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
                      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
                      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
                      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
                      -id: 276202
                      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
                      +ranking: 0
                      +commentCount: 0
                      +upVotes: 0
                      +downVotes: 0
                      +visibility: "visible             "
                      +apId: "https://sh.itjust.works/comment/7056271"
                      +editedAt: null
                      +createdAt: DateTimeImmutable @1704283988 {#5104
                        date: 2024-01-03 13:13:08.0 +01:00
                      }
                    }
                    +root: App\Entity\EntryComment {#4035}
                    +body: "Sounds like you’re doing things the hard way, making you believe that you are being forced into choosing between security and convenience."
                    +lang: "en"
                    +isAdult: false
                    +favouriteCount: 5
                    +score: 0
                    +lastActive: DateTime @1704285364 {#5197
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                    +ip: null
                    +tags: null
                    +mentions: [
                      "@HiddenLayer5@lemmy.ml"
                      "@arjache@kbin.social"
                      "@taladar@sh.itjust.works"
                      "@ElderWendigo@sh.itjust.works"
                    ]
                    +children: Doctrine\ORM\PersistentCollection {#5202 …}
                    +nested: Doctrine\ORM\PersistentCollection {#5208 …}
                    +votes: Doctrine\ORM\PersistentCollection {#5204 …}
                    +reports: Doctrine\ORM\PersistentCollection {#5209 …}
                    +favourites: Doctrine\ORM\PersistentCollection {#5211 …}
                    +notifications: Doctrine\ORM\PersistentCollection {#5213 …}
                    -id: 276246
                    -bodyTs: "'believ':12 'choos':19 'conveni':23 'forc':17 'hard':8 'like':2 'make':10 're':4 'secur':21 'sound':1 'thing':6 'way':9"
                    +ranking: 0
                    +commentCount: 0
                    +upVotes: 0
                    +downVotes: 0
                    +visibility: "visible             "
                    +apId: "https://sh.itjust.works/comment/7056533"
                    +editedAt: null
                    +createdAt: DateTimeImmutable @1704285364 {#5194
                      date: 2024-01-03 13:36:04.0 +01:00
                    }
                  }
                  +root: App\Entity\EntryComment {#4035}
                  +body: "Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us."
                  +lang: "en"
                  +isAdult: false
                  +favouriteCount: 0
                  +score: 0
                  +lastActive: DateTime @1704285542 {#5353
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                  +ip: null
                  +tags: null
                  +mentions: [
                    "@HiddenLayer5@lemmy.ml"
                    "@arjache@kbin.social"
                    "@taladar@sh.itjust.works"
                    "@ElderWendigo@sh.itjust.works"
                  ]
                  +children: Doctrine\ORM\PersistentCollection {#5346 …}
                  +nested: Doctrine\ORM\PersistentCollection {#5345 …}
                  +votes: Doctrine\ORM\PersistentCollection {#5343 …}
                  +reports: Doctrine\ORM\PersistentCollection {#5355 …}
                  +favourites: Doctrine\ORM\PersistentCollection {#5357 …}
                  +notifications: Doctrine\ORM\PersistentCollection {#5359 …}
                  -id: 276251
                  -bodyTs: "'100':57 'amount':16 'autom':25,36 'automat':54 'avail':63 'complet':24,53 'cours':29 'easi':7,27 'enlighten':2 'heterogen':34 'ident':58 'la':38 'manual':18 'one':43 'oversight':19 'product':59 'relat':33 'requir':14 'run':51 'server':35 'system':45,60 'task':11,20 'test':44 'us':65 'way':8 'work':49"
                  +ranking: 0
                  +commentCount: 0
                  +upVotes: 0
                  +downVotes: 0
                  +visibility: "visible             "
                  +apId: "https://sh.itjust.works/comment/7056563"
                  +editedAt: null
                  +createdAt: DateTimeImmutable @1704285542 {#5350
                    date: 2024-01-03 13:39:02.0 +01:00
                  }
                }
                +root: App\Entity\EntryComment {#4035}
                +body: "Not my circus, not my monkeys. You’re doing things the hard way and now it’s somehow my responsibility to fix your mess? I’m SUPER glad I don’t work with you."
                +lang: "en"
                +isAdult: false
                +favouriteCount: 3
                +score: 0
                +lastActive: DateTime @1704287608 {#5440
                  date: 2024-01-03 14:13:28.0 +01:00
                }
                +ip: null
                +tags: null
                +mentions: [
                  "@HiddenLayer5@lemmy.ml"
                  "@arjache@kbin.social"
                  "@taladar@sh.itjust.works"
                  "@ElderWendigo@sh.itjust.works"
                ]
                +children: Doctrine\ORM\PersistentCollection {#5445 …}
                +nested: Doctrine\ORM\PersistentCollection {#5451 …}
                +votes: Doctrine\ORM\PersistentCollection {#5447 …}
                +reports: Doctrine\ORM\PersistentCollection {#5452 …}
                +favourites: Doctrine\ORM\PersistentCollection {#5454 …}
                +notifications: Doctrine\ORM\PersistentCollection {#5456 …}
                -id: 276319
                -bodyTs: "'circus':3 'fix':22 'glad':28 'hard':12 'm':26 'mess':24 'monkey':6 're':8 'respons':20 'somehow':18 'super':27 'thing':10 'way':13 'work':32"
                +ranking: 0
                +commentCount: 0
                +upVotes: 0
                +downVotes: 0
                +visibility: "visible             "
                +apId: "https://sh.itjust.works/comment/7057026"
                +editedAt: null
                +createdAt: DateTimeImmutable @1704287608 {#5437
                  date: 2024-01-03 14:13:28.0 +01:00
                }
              }
              +root: App\Entity\EntryComment {#4035}
              +body: "You are the one who insists that there is a better way to do things but refuse to say what that better way is."
              +lang: "en"
              +isAdult: false
              +favouriteCount: 3
              +score: 0
              +lastActive: DateTime @1704288222 {#5480
                date: 2024-01-03 14:23:42.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
                "@arjache@kbin.social"
                "@taladar@sh.itjust.works"
                "@ElderWendigo@sh.itjust.works"
              ]
              +children: Doctrine\ORM\PersistentCollection {#5483 …}
              +nested: Doctrine\ORM\PersistentCollection {#5487 …}
              +votes: Doctrine\ORM\PersistentCollection {#5489 …}
              +reports: Doctrine\ORM\PersistentCollection {#5490 …}
              +favourites: Doctrine\ORM\PersistentCollection {#5492 …}
              +notifications: Doctrine\ORM\PersistentCollection {#5494 …}
              -id: 276343
              -bodyTs: "'better':11,22 'insist':6 'one':4 'refus':17 'say':19 'thing':15 'way':12,23"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://sh.itjust.works/comment/7057314"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704288222 {#5477
                date: 2024-01-03 14:23:42.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: "None of us can tell you the right approach for your specific system and use-case. People are simply pointing out that what you stated you’re doing is insecure and not recommended"
            +lang: "en"
            +isAdult: false
            +favouriteCount: 3
            +score: 0
            +lastActive: DateTime @1704294264 {#5506
              date: 2024-01-03 16:04:24.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
              "@taladar@sh.itjust.works"
              "@ElderWendigo@sh.itjust.works"
            ]
            +children: Doctrine\ORM\PersistentCollection {#5503 …}
            +nested: Doctrine\ORM\PersistentCollection {#5500 …}
            +votes: Doctrine\ORM\PersistentCollection {#5498 …}
            +reports: Doctrine\ORM\PersistentCollection {#5512 …}
            +favourites: Doctrine\ORM\PersistentCollection {#5514 …}
            +notifications: Doctrine\ORM\PersistentCollection {#5516 …}
            -id: 276604
            -bodyTs: "'approach':9 'case':17 'insecur':31 'none':1 'peopl':18 'point':21 're':28 'recommend':34 'right':8 'simpli':20 'specif':12 'state':26 'system':13 'tell':5 'us':3 'use':16 'use-cas':15"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://lemmy.world/comment/6381642"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704294264 {#5509
              date: 2024-01-03 16:04:24.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "And nobody in any of these threads has ever pointed out why it is considered to be insecure. The most probable origin for that idea I have come upon so far is that it is a left-over from pre-SSH days when people thought using the root password with su at something other than the start of their connection would make it harder to sniff. Literally nobody lists even one good reason why sudo should be more secure than direct root login with SSH public keys and password login disabled for full root access (as in not limited to just one or two commands)."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704296473 {#5528
            date: 2024-01-03 16:41:13.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
            "@ElderWendigo@sh.itjust.works"
            "@bluespin@lemmy.world"
          ]
          +children: Doctrine\ORM\PersistentCollection {#5525 …}
          +nested: Doctrine\ORM\PersistentCollection {#5522 …}
          +votes: Doctrine\ORM\PersistentCollection {#5520 …}
          +reports: Doctrine\ORM\PersistentCollection {#5534 …}
          +favourites: Doctrine\ORM\PersistentCollection {#5536 …}
          +notifications: Doctrine\ORM\PersistentCollection {#5538 …}
          -id: 276723
          -bodyTs: "'access':97 'come':28 'command':107 'connect':62 'consid':15 'day':44 'direct':83 'disabl':93 'even':72 'ever':9 'far':31 'full':95 'good':74 'harder':66 'idea':25 'insecur':18 'key':89 'left':38 'left-ov':37 'limit':101 'list':71 'liter':69 'login':85,92 'make':64 'nobodi':2,70 'one':73,104 'origin':22 'password':51,91 'peopl':46 'point':10 'pre':42 'pre-ssh':41 'probabl':21 'public':88 'reason':75 'root':50,84,96 'secur':81 'sniff':68 'someth':55 'ssh':43,87 'start':59 'su':53 'sudo':77 'thought':47 'thread':7 'two':106 'upon':29 'use':48 'would':63"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7060540"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704296473 {#5531
            date: 2024-01-03 16:41:13.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "It’s not about someone sniffing your passwords, it’s about reducing your attack surface. If you use su then the entire session has root privileges and any piece of software you run could do system level damage if it has a bug. Using sudo limits the privilege escalation to just one command."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 4
        +score: 0
        +lastActive: DateTime @1704297752 {#5550
          date: 2024-01-03 17:02:32.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@ElderWendigo@sh.itjust.works"
          "@bluespin@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5545 …}
        +nested: Doctrine\ORM\PersistentCollection {#5543 …}
        +votes: Doctrine\ORM\PersistentCollection {#5541 …}
        +reports: Doctrine\ORM\PersistentCollection {#5557 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5559 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5561 …}
        -id: 276799
        -bodyTs: "'attack':14 'bug':43 'command':53 'could':34 'damag':38 'entir':22 'escal':49 'level':37 'limit':46 'one':52 'password':8 'piec':29 'privileg':26,48 'reduc':12 'root':25 'run':33 'session':23 'snif':6 'softwar':31 'someon':5 'su':19 'sudo':45 'surfac':15 'system':36 'use':18,44"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7045805"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704297752 {#5553
          date: 2024-01-03 17:02:32.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "That is only really true of you use sudo with a zero second password caching timeout."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704304064 {#5573
        date: 2024-01-03 18:47:44.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
        "@bluespin@lemmy.world"
        "@MyNameIsRichard@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5570 …}
      +nested: Doctrine\ORM\PersistentCollection {#5567 …}
      +votes: Doctrine\ORM\PersistentCollection {#5565 …}
      +reports: Doctrine\ORM\PersistentCollection {#5579 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5581 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5583 …}
      -id: 277056
      -bodyTs: "'cach':15 'password':14 'realli':4 'second':13 'sudo':9 'timeout':16 'true':5 'use':8 'zero':12"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7063638"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704304064 {#5576
        date: 2024-01-03 18:47:44.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Not true. While you won’t always have to enter your password, not every command will have elevated rights."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704358064 {#5607
      date: 2024-01-04 09:47:44.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
      "@bluespin@lemmy.world"
      "@MyNameIsRichard@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5610 …}
    +nested: Doctrine\ORM\PersistentCollection {#5612 …}
    +votes: Doctrine\ORM\PersistentCollection {#5614 …}
    +reports: Doctrine\ORM\PersistentCollection {#5616 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5618 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5620 …}
    -id: 279020
    -bodyTs: "'alway':7 'command':15 'elev':18 'enter':10 'everi':14 'password':12 'right':19 'true':2 'won':5"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7062636"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704358064 {#5608
      date: 2024-01-04 09:47:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "The vast majority of commands when debugging actual issues on the system or performing administrative tasks do require root. Out of the others some give you incomplete results when called as a regular user and 90% of the rest shouldn’t be run on the server in the first place if you can avoid it but directly on your client computer (e.g. looking up documentation)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704362423 {#5644
    date: 2024-01-04 11:00:23.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@bluespin@lemmy.world"
    "@MyNameIsRichard@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5647 …}
  +nested: Doctrine\ORM\PersistentCollection {#5649 …}
  +votes: Doctrine\ORM\PersistentCollection {#5651 …}
  +reports: Doctrine\ORM\PersistentCollection {#5653 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5655 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5657 …}
  -id: 279102
  -bodyTs: "'90':36 'actual':8 'administr':15 'avoid':54 'call':30 'client':60 'command':5 'comput':61 'debug':7 'direct':57 'document':65 'e.g':62 'first':49 'give':25 'incomplet':27 'issu':9 'look':63 'major':3 'other':23 'perform':14 'place':50 'regular':33 'requir':18 'rest':39 'result':28 'root':19 'run':43 'server':46 'shouldn':40 'system':12 'task':16 'user':34 'vast':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7084151"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704362423 {#5645
    date: 2024-01-04 11:00:23.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5217
  +user: Proxies\__CG__\App\Entity\User {#5218 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5106
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4917
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704283692 {#4916
        date: 2024-01-03 13:08:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4926 …}
      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
      -id: 276194
      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056225"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283692 {#4913
        date: 2024-01-03 13:08:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704283988 {#5107
      date: 2024-01-03 13:13:08.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5099 …}
    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
    -id: 276202
    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056271"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283988 {#5104
      date: 2024-01-03 13:13:08.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    FreeIPA and your password is the same on every machine: yours. (Make it good)\n
    \n
    Service accounts should have either no sudo password or use something like Ansible with vault and keep every one of them scrambled and rotate regularly (which you can do with Ansible itself)\n
    \n
    Yes, even if you have 2 VMs and a docker container, this is worth it.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704290371 {#5215
    date: 2024-01-03 14:59:31.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5219 …}
  +nested: Doctrine\ORM\PersistentCollection {#5221 …}
  +votes: Doctrine\ORM\PersistentCollection {#5223 …}
  +reports: Doctrine\ORM\PersistentCollection {#5225 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5227 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5229 …}
  -id: 276439
  -bodyTs: "'2':52 'account':16 'ansibl':27,45 'contain':57 'docker':56 'either':19 'even':48 'everi':9,32 'freeipa':1 'good':14 'keep':31 'like':26 'machin':10 'make':12 'one':33 'password':4,22 'regular':39 'rotat':38 'scrambl':36 'servic':15 'someth':25 'sudo':21 'use':24 'vault':29 'vms':53 'worth':60 'yes':47"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7837489"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704290371 {#5216
    date: 2024-01-03 14:59:31.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5217
  +user: Proxies\__CG__\App\Entity\User {#5218 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5106
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4917
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704283692 {#4916
        date: 2024-01-03 13:08:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4926 …}
      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
      -id: 276194
      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056225"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283692 {#4913
        date: 2024-01-03 13:08:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704283988 {#5107
      date: 2024-01-03 13:13:08.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5099 …}
    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
    -id: 276202
    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056271"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283988 {#5104
      date: 2024-01-03 13:13:08.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    FreeIPA and your password is the same on every machine: yours. (Make it good)\n
    \n
    Service accounts should have either no sudo password or use something like Ansible with vault and keep every one of them scrambled and rotate regularly (which you can do with Ansible itself)\n
    \n
    Yes, even if you have 2 VMs and a docker container, this is worth it.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704290371 {#5215
    date: 2024-01-03 14:59:31.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5219 …}
  +nested: Doctrine\ORM\PersistentCollection {#5221 …}
  +votes: Doctrine\ORM\PersistentCollection {#5223 …}
  +reports: Doctrine\ORM\PersistentCollection {#5225 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5227 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5229 …}
  -id: 276439
  -bodyTs: "'2':52 'account':16 'ansibl':27,45 'contain':57 'docker':56 'either':19 'even':48 'everi':9,32 'freeipa':1 'good':14 'keep':31 'like':26 'machin':10 'make':12 'one':33 'password':4,22 'regular':39 'rotat':38 'scrambl':36 'servic':15 'someth':25 'sudo':21 'use':24 'vault':29 'vms':53 'worth':60 'yes':47"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7837489"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704290371 {#5216
    date: 2024-01-03 14:59:31.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5217
  +user: Proxies\__CG__\App\Entity\User {#5218 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5106
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4917
      +user: Proxies\__CG__\App\Entity\User {#4921 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704283692 {#4916
        date: 2024-01-03 13:08:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4926 …}
      +nested: Doctrine\ORM\PersistentCollection {#4922 …}
      +votes: Doctrine\ORM\PersistentCollection {#4924 …}
      +reports: Doctrine\ORM\PersistentCollection {#4929 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
      -id: 276194
      -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056225"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283692 {#4913
        date: 2024-01-03 13:08:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704283988 {#5107
      date: 2024-01-03 13:13:08.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5099 …}
    +nested: Doctrine\ORM\PersistentCollection {#5097 …}
    +votes: Doctrine\ORM\PersistentCollection {#5095 …}
    +reports: Doctrine\ORM\PersistentCollection {#5108 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
    -id: 276202
    -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056271"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283988 {#5104
      date: 2024-01-03 13:13:08.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    FreeIPA and your password is the same on every machine: yours. (Make it good)\n
    \n
    Service accounts should have either no sudo password or use something like Ansible with vault and keep every one of them scrambled and rotate regularly (which you can do with Ansible itself)\n
    \n
    Yes, even if you have 2 VMs and a docker container, this is worth it.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704290371 {#5215
    date: 2024-01-03 14:59:31.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5219 …}
  +nested: Doctrine\ORM\PersistentCollection {#5221 …}
  +votes: Doctrine\ORM\PersistentCollection {#5223 …}
  +reports: Doctrine\ORM\PersistentCollection {#5225 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5227 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5229 …}
  -id: 276439
  -bodyTs: "'2':52 'account':16 'ansibl':27,45 'contain':57 'docker':56 'either':19 'even':48 'everi':9,32 'freeipa':1 'good':14 'keep':31 'like':26 'machin':10 'make':12 'one':33 'password':4,22 'regular':39 'rotat':38 'scrambl':36 'servic':15 'someth':25 'sudo':21 'use':24 'vault':29 'vms':53 'worth':60 'yes':47"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7837489"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704290371 {#5216
    date: 2024-01-03 14:59:31.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5378
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5217
    +user: Proxies\__CG__\App\Entity\User {#5218 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5106
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4917
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704283692 {#4916
          date: 2024-01-03 13:08:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4926 …}
        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
        -id: 276194
        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056225"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283692 {#4913
          date: 2024-01-03 13:08:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704283988 {#5107
        date: 2024-01-03 13:13:08.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5099 …}
      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
      -id: 276202
      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056271"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283988 {#5104
        date: 2024-01-03 13:13:08.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      FreeIPA and your password is the same on every machine: yours. (Make it good)\n
      \n
      Service accounts should have either no sudo password or use something like Ansible with vault and keep every one of them scrambled and rotate regularly (which you can do with Ansible itself)\n
      \n
      Yes, even if you have 2 VMs and a docker container, this is worth it.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704290371 {#5215
      date: 2024-01-03 14:59:31.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5219 …}
    +nested: Doctrine\ORM\PersistentCollection {#5221 …}
    +votes: Doctrine\ORM\PersistentCollection {#5223 …}
    +reports: Doctrine\ORM\PersistentCollection {#5225 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5227 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5229 …}
    -id: 276439
    -bodyTs: "'2':52 'account':16 'ansibl':27,45 'contain':57 'docker':56 'either':19 'even':48 'everi':9,32 'freeipa':1 'good':14 'keep':31 'like':26 'machin':10 'make':12 'one':33 'password':4,22 'regular':39 'rotat':38 'scrambl':36 'servic':15 'someth':25 'sudo':21 'use':24 'vault':29 'vms':53 'worth':60 'yes':47"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemm.ee/comment/7837489"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704290371 {#5216
      date: 2024-01-03 14:59:31.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    > FreeIPA and your password is the same on every machine: yours.\n
    \n
    Any network based system like that sucks when you need to fix a system that has some severe issue (network, DNS, disk,…) which is exactly when root access is the most important.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291501 {#5376
    date: 2024-01-03 15:18:21.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@4am@lemm.ee"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5379 …}
  +nested: Doctrine\ORM\PersistentCollection {#5381 …}
  +votes: Doctrine\ORM\PersistentCollection {#5383 …}
  +reports: Doctrine\ORM\PersistentCollection {#5385 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5387 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5389 …}
  -id: 276484
  -bodyTs: "'access':39 'base':14 'disk':33 'dns':32 'everi':9 'exact':36 'fix':23 'freeipa':1 'import':43 'issu':30 'like':16 'machin':10 'need':21 'network':13,31 'password':4 'root':38 'sever':29 'suck':18 'system':15,25"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7058446"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291501 {#5377
    date: 2024-01-03 15:18:21.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5378
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5217
    +user: Proxies\__CG__\App\Entity\User {#5218 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5106
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4917
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704283692 {#4916
          date: 2024-01-03 13:08:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4926 …}
        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
        -id: 276194
        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056225"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283692 {#4913
          date: 2024-01-03 13:08:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704283988 {#5107
        date: 2024-01-03 13:13:08.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5099 …}
      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
      -id: 276202
      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056271"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283988 {#5104
        date: 2024-01-03 13:13:08.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      FreeIPA and your password is the same on every machine: yours. (Make it good)\n
      \n
      Service accounts should have either no sudo password or use something like Ansible with vault and keep every one of them scrambled and rotate regularly (which you can do with Ansible itself)\n
      \n
      Yes, even if you have 2 VMs and a docker container, this is worth it.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704290371 {#5215
      date: 2024-01-03 14:59:31.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5219 …}
    +nested: Doctrine\ORM\PersistentCollection {#5221 …}
    +votes: Doctrine\ORM\PersistentCollection {#5223 …}
    +reports: Doctrine\ORM\PersistentCollection {#5225 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5227 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5229 …}
    -id: 276439
    -bodyTs: "'2':52 'account':16 'ansibl':27,45 'contain':57 'docker':56 'either':19 'even':48 'everi':9,32 'freeipa':1 'good':14 'keep':31 'like':26 'machin':10 'make':12 'one':33 'password':4,22 'regular':39 'rotat':38 'scrambl':36 'servic':15 'someth':25 'sudo':21 'use':24 'vault':29 'vms':53 'worth':60 'yes':47"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemm.ee/comment/7837489"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704290371 {#5216
      date: 2024-01-03 14:59:31.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    > FreeIPA and your password is the same on every machine: yours.\n
    \n
    Any network based system like that sucks when you need to fix a system that has some severe issue (network, DNS, disk,…) which is exactly when root access is the most important.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291501 {#5376
    date: 2024-01-03 15:18:21.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@4am@lemm.ee"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5379 …}
  +nested: Doctrine\ORM\PersistentCollection {#5381 …}
  +votes: Doctrine\ORM\PersistentCollection {#5383 …}
  +reports: Doctrine\ORM\PersistentCollection {#5385 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5387 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5389 …}
  -id: 276484
  -bodyTs: "'access':39 'base':14 'disk':33 'dns':32 'everi':9 'exact':36 'fix':23 'freeipa':1 'import':43 'issu':30 'like':16 'machin':10 'need':21 'network':13,31 'password':4 'root':38 'sever':29 'suck':18 'system':15,25"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7058446"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291501 {#5377
    date: 2024-01-03 15:18:21.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5378
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5217
    +user: Proxies\__CG__\App\Entity\User {#5218 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5106
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4917
        +user: Proxies\__CG__\App\Entity\User {#4921 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "Whose letting you run dozens of servers if managing dozens of passwords is “pretty much unworkable” for you?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704283692 {#4916
          date: 2024-01-03 13:08:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4926 …}
        +nested: Doctrine\ORM\PersistentCollection {#4922 …}
        +votes: Doctrine\ORM\PersistentCollection {#4924 …}
        +reports: Doctrine\ORM\PersistentCollection {#4929 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4931 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4933 …}
        -id: 276194
        -bodyTs: "'dozen':5,10 'let':2 'manag':9 'much':15 'password':12 'pretti':14 'run':4 'server':7 'unwork':16 'whose':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056225"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283692 {#4913
          date: 2024-01-03 13:08:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704283988 {#5107
        date: 2024-01-03 13:13:08.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@ElderWendigo@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5099 …}
      +nested: Doctrine\ORM\PersistentCollection {#5097 …}
      +votes: Doctrine\ORM\PersistentCollection {#5095 …}
      +reports: Doctrine\ORM\PersistentCollection {#5108 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5110 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5112 …}
      -id: 276202
      -bodyTs: "'automat':21 'command':17 'cours':2 'dozen':6 'e.g':23 'enter':30 'everi':11,24 'password':8,34 'pend':27 'requir':14,29 'run':20 'server':25 'singl':16 'store':5 'task':12 'unwork':37 'updat':28"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056271"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283988 {#5104
        date: 2024-01-03 13:13:08.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      FreeIPA and your password is the same on every machine: yours. (Make it good)\n
      \n
      Service accounts should have either no sudo password or use something like Ansible with vault and keep every one of them scrambled and rotate regularly (which you can do with Ansible itself)\n
      \n
      Yes, even if you have 2 VMs and a docker container, this is worth it.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704290371 {#5215
      date: 2024-01-03 14:59:31.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@ElderWendigo@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5219 …}
    +nested: Doctrine\ORM\PersistentCollection {#5221 …}
    +votes: Doctrine\ORM\PersistentCollection {#5223 …}
    +reports: Doctrine\ORM\PersistentCollection {#5225 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5227 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5229 …}
    -id: 276439
    -bodyTs: "'2':52 'account':16 'ansibl':27,45 'contain':57 'docker':56 'either':19 'even':48 'everi':9,32 'freeipa':1 'good':14 'keep':31 'like':26 'machin':10 'make':12 'one':33 'password':4,22 'regular':39 'rotat':38 'scrambl':36 'servic':15 'someth':25 'sudo':21 'use':24 'vault':29 'vms':53 'worth':60 'yes':47"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemm.ee/comment/7837489"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704290371 {#5216
      date: 2024-01-03 14:59:31.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    > FreeIPA and your password is the same on every machine: yours.\n
    \n
    Any network based system like that sucks when you need to fix a system that has some severe issue (network, DNS, disk,…) which is exactly when root access is the most important.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291501 {#5376
    date: 2024-01-03 15:18:21.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@ElderWendigo@sh.itjust.works"
    "@4am@lemm.ee"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5379 …}
  +nested: Doctrine\ORM\PersistentCollection {#5381 …}
  +votes: Doctrine\ORM\PersistentCollection {#5383 …}
  +reports: Doctrine\ORM\PersistentCollection {#5385 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5387 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5389 …}
  -id: 276484
  -bodyTs: "'access':39 'base':14 'disk':33 'dns':32 'everi':9 'exact':36 'fix':23 'freeipa':1 'import':43 'issu':30 'like':16 'machin':10 'need':21 'network':13,31 'password':4 'root':38 'sever':29 'suck':18 'system':15,25"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7058446"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291501 {#5377
    date: 2024-01-03 15:18:21.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4937
  +user: Proxies\__CG__\App\Entity\User {#4938 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4869
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4035
      +user: App\Entity\User {#3983 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
        \n
        By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 13
      +score: 0
      +lastActive: DateTime @1711630376 {#3949
        date: 2024-03-28 13:52:56.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4033 …}
      +nested: Doctrine\ORM\PersistentCollection {#4031 …}
      +votes: Doctrine\ORM\PersistentCollection {#4029 …}
      +reports: Doctrine\ORM\PersistentCollection {#4027 …}
      +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
      +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
      -id: 276053
      -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704277159 {#3985
        date: 2024-01-03 11:19:19.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
      \n
      That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704278686 {#4867
      date: 2024-01-03 11:44:46.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4870 …}
    +nested: Doctrine\ORM\PersistentCollection {#4872 …}
    +votes: Doctrine\ORM\PersistentCollection {#4874 …}
    +reports: Doctrine\ORM\PersistentCollection {#4876 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
    -id: 276086
    -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7051439"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704278686 {#4868
      date: 2024-01-03 11:44:46.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704285179 {#4935
    date: 2024-01-03 13:32:59.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4939 …}
  +nested: Doctrine\ORM\PersistentCollection {#4941 …}
  +votes: Doctrine\ORM\PersistentCollection {#4943 …}
  +reports: Doctrine\ORM\PersistentCollection {#4945 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
  -id: 276238
  -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://feditown.com/comment/207667"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285179 {#4936
    date: 2024-01-03 13:32:59.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4937
  +user: Proxies\__CG__\App\Entity\User {#4938 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4869
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4035
      +user: App\Entity\User {#3983 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
        \n
        By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 13
      +score: 0
      +lastActive: DateTime @1711630376 {#3949
        date: 2024-03-28 13:52:56.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4033 …}
      +nested: Doctrine\ORM\PersistentCollection {#4031 …}
      +votes: Doctrine\ORM\PersistentCollection {#4029 …}
      +reports: Doctrine\ORM\PersistentCollection {#4027 …}
      +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
      +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
      -id: 276053
      -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704277159 {#3985
        date: 2024-01-03 11:19:19.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
      \n
      That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704278686 {#4867
      date: 2024-01-03 11:44:46.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4870 …}
    +nested: Doctrine\ORM\PersistentCollection {#4872 …}
    +votes: Doctrine\ORM\PersistentCollection {#4874 …}
    +reports: Doctrine\ORM\PersistentCollection {#4876 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
    -id: 276086
    -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7051439"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704278686 {#4868
      date: 2024-01-03 11:44:46.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704285179 {#4935
    date: 2024-01-03 13:32:59.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4939 …}
  +nested: Doctrine\ORM\PersistentCollection {#4941 …}
  +votes: Doctrine\ORM\PersistentCollection {#4943 …}
  +reports: Doctrine\ORM\PersistentCollection {#4945 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
  -id: 276238
  -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://feditown.com/comment/207667"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285179 {#4936
    date: 2024-01-03 13:32:59.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4937
  +user: Proxies\__CG__\App\Entity\User {#4938 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4869
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4035
      +user: App\Entity\User {#3983 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
        \n
        By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 13
      +score: 0
      +lastActive: DateTime @1711630376 {#3949
        date: 2024-03-28 13:52:56.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4033 …}
      +nested: Doctrine\ORM\PersistentCollection {#4031 …}
      +votes: Doctrine\ORM\PersistentCollection {#4029 …}
      +reports: Doctrine\ORM\PersistentCollection {#4027 …}
      +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
      +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
      -id: 276053
      -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704277159 {#3985
        date: 2024-01-03 11:19:19.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
      \n
      That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704278686 {#4867
      date: 2024-01-03 11:44:46.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4870 …}
    +nested: Doctrine\ORM\PersistentCollection {#4872 …}
    +votes: Doctrine\ORM\PersistentCollection {#4874 …}
    +reports: Doctrine\ORM\PersistentCollection {#4876 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
    -id: 276086
    -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7051439"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704278686 {#4868
      date: 2024-01-03 11:44:46.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704285179 {#4935
    date: 2024-01-03 13:32:59.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4939 …}
  +nested: Doctrine\ORM\PersistentCollection {#4941 …}
  +votes: Doctrine\ORM\PersistentCollection {#4943 …}
  +reports: Doctrine\ORM\PersistentCollection {#4945 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
  -id: 276238
  -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://feditown.com/comment/207667"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285179 {#4936
    date: 2024-01-03 13:32:59.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5116
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4937
    +user: Proxies\__CG__\App\Entity\User {#4938 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4869
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4035
        +user: App\Entity\User {#3983 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
          \n
          By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 13
        +score: 0
        +lastActive: DateTime @1711630376 {#3949
          date: 2024-03-28 13:52:56.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4033 …}
        +nested: Doctrine\ORM\PersistentCollection {#4031 …}
        +votes: Doctrine\ORM\PersistentCollection {#4029 …}
        +reports: Doctrine\ORM\PersistentCollection {#4027 …}
        +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
        +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
        -id: 276053
        -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704277159 {#3985
          date: 2024-01-03 11:19:19.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
        \n
        That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704278686 {#4867
        date: 2024-01-03 11:44:46.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4870 …}
      +nested: Doctrine\ORM\PersistentCollection {#4872 …}
      +votes: Doctrine\ORM\PersistentCollection {#4874 …}
      +reports: Doctrine\ORM\PersistentCollection {#4876 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
      -id: 276086
      -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7051439"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704278686 {#4868
        date: 2024-01-03 11:44:46.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704285179 {#4935
      date: 2024-01-03 13:32:59.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4939 …}
    +nested: Doctrine\ORM\PersistentCollection {#4941 …}
    +votes: Doctrine\ORM\PersistentCollection {#4943 …}
    +reports: Doctrine\ORM\PersistentCollection {#4945 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
    -id: 276238
    -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://feditown.com/comment/207667"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285179 {#4936
      date: 2024-01-03 13:32:59.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704285432 {#5114
    date: 2024-01-03 13:37:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5117 …}
  +nested: Doctrine\ORM\PersistentCollection {#5119 …}
  +votes: Doctrine\ORM\PersistentCollection {#5121 …}
  +reports: Doctrine\ORM\PersistentCollection {#5123 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
  -id: 276248
  -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056549"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285432 {#5115
    date: 2024-01-03 13:37:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5116
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4937
    +user: Proxies\__CG__\App\Entity\User {#4938 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4869
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4035
        +user: App\Entity\User {#3983 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
          \n
          By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 13
        +score: 0
        +lastActive: DateTime @1711630376 {#3949
          date: 2024-03-28 13:52:56.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4033 …}
        +nested: Doctrine\ORM\PersistentCollection {#4031 …}
        +votes: Doctrine\ORM\PersistentCollection {#4029 …}
        +reports: Doctrine\ORM\PersistentCollection {#4027 …}
        +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
        +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
        -id: 276053
        -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704277159 {#3985
          date: 2024-01-03 11:19:19.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
        \n
        That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704278686 {#4867
        date: 2024-01-03 11:44:46.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4870 …}
      +nested: Doctrine\ORM\PersistentCollection {#4872 …}
      +votes: Doctrine\ORM\PersistentCollection {#4874 …}
      +reports: Doctrine\ORM\PersistentCollection {#4876 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
      -id: 276086
      -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7051439"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704278686 {#4868
        date: 2024-01-03 11:44:46.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704285179 {#4935
      date: 2024-01-03 13:32:59.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4939 …}
    +nested: Doctrine\ORM\PersistentCollection {#4941 …}
    +votes: Doctrine\ORM\PersistentCollection {#4943 …}
    +reports: Doctrine\ORM\PersistentCollection {#4945 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
    -id: 276238
    -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://feditown.com/comment/207667"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285179 {#4936
      date: 2024-01-03 13:32:59.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704285432 {#5114
    date: 2024-01-03 13:37:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5117 …}
  +nested: Doctrine\ORM\PersistentCollection {#5119 …}
  +votes: Doctrine\ORM\PersistentCollection {#5121 …}
  +reports: Doctrine\ORM\PersistentCollection {#5123 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
  -id: 276248
  -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056549"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285432 {#5115
    date: 2024-01-03 13:37:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5116
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4937
    +user: Proxies\__CG__\App\Entity\User {#4938 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4869
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4035
        +user: App\Entity\User {#3983 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
          \n
          By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 13
        +score: 0
        +lastActive: DateTime @1711630376 {#3949
          date: 2024-03-28 13:52:56.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4033 …}
        +nested: Doctrine\ORM\PersistentCollection {#4031 …}
        +votes: Doctrine\ORM\PersistentCollection {#4029 …}
        +reports: Doctrine\ORM\PersistentCollection {#4027 …}
        +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
        +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
        -id: 276053
        -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704277159 {#3985
          date: 2024-01-03 11:19:19.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
        \n
        That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704278686 {#4867
        date: 2024-01-03 11:44:46.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4870 …}
      +nested: Doctrine\ORM\PersistentCollection {#4872 …}
      +votes: Doctrine\ORM\PersistentCollection {#4874 …}
      +reports: Doctrine\ORM\PersistentCollection {#4876 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
      -id: 276086
      -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7051439"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704278686 {#4868
        date: 2024-01-03 11:44:46.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704285179 {#4935
      date: 2024-01-03 13:32:59.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4939 …}
    +nested: Doctrine\ORM\PersistentCollection {#4941 …}
    +votes: Doctrine\ORM\PersistentCollection {#4943 …}
    +reports: Doctrine\ORM\PersistentCollection {#4945 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
    -id: 276238
    -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://feditown.com/comment/207667"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285179 {#4936
      date: 2024-01-03 13:32:59.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704285432 {#5114
    date: 2024-01-03 13:37:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5117 …}
  +nested: Doctrine\ORM\PersistentCollection {#5119 …}
  +votes: Doctrine\ORM\PersistentCollection {#5121 …}
  +reports: Doctrine\ORM\PersistentCollection {#5123 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
  -id: 276248
  -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7056549"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285432 {#5115
    date: 2024-01-03 13:37:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5233
  +user: Proxies\__CG__\App\Entity\User {#5218 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "I thought your passwordless passphrase passkey ssh connection that is superior to passwords was secure. Is it not?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704290193 {#5231
    date: 2024-01-03 14:56:33.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5234 …}
  +nested: Doctrine\ORM\PersistentCollection {#5236 …}
  +votes: Doctrine\ORM\PersistentCollection {#5238 …}
  +reports: Doctrine\ORM\PersistentCollection {#5240 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5242 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5244 …}
  -id: 276426
  -bodyTs: "'connect':8 'passkey':6 'passphras':5 'password':13 'passwordless':4 'secur':15 'ssh':7 'superior':11 'thought':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7837430"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704290193 {#5232
    date: 2024-01-03 14:56:33.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5233
  +user: Proxies\__CG__\App\Entity\User {#5218 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "I thought your passwordless passphrase passkey ssh connection that is superior to passwords was secure. Is it not?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704290193 {#5231
    date: 2024-01-03 14:56:33.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5234 …}
  +nested: Doctrine\ORM\PersistentCollection {#5236 …}
  +votes: Doctrine\ORM\PersistentCollection {#5238 …}
  +reports: Doctrine\ORM\PersistentCollection {#5240 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5242 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5244 …}
  -id: 276426
  -bodyTs: "'connect':8 'passkey':6 'passphras':5 'password':13 'passwordless':4 'secur':15 'ssh':7 'superior':11 'thought':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7837430"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704290193 {#5232
    date: 2024-01-03 14:56:33.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5233
  +user: Proxies\__CG__\App\Entity\User {#5218 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "I thought your passwordless passphrase passkey ssh connection that is superior to passwords was secure. Is it not?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704290193 {#5231
    date: 2024-01-03 14:56:33.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5234 …}
  +nested: Doctrine\ORM\PersistentCollection {#5236 …}
  +votes: Doctrine\ORM\PersistentCollection {#5238 …}
  +reports: Doctrine\ORM\PersistentCollection {#5240 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5242 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5244 …}
  -id: 276426
  -bodyTs: "'connect':8 'passkey':6 'passphras':5 'password':13 'passwordless':4 'secur':15 'ssh':7 'superior':11 'thought':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7837430"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704290193 {#5232
    date: 2024-01-03 14:56:33.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5363
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5233
    +user: Proxies\__CG__\App\Entity\User {#5218 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "I thought your passwordless passphrase passkey ssh connection that is superior to passwords was secure. Is it not?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704290193 {#5231
      date: 2024-01-03 14:56:33.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5234 …}
    +nested: Doctrine\ORM\PersistentCollection {#5236 …}
    +votes: Doctrine\ORM\PersistentCollection {#5238 …}
    +reports: Doctrine\ORM\PersistentCollection {#5240 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5242 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5244 …}
    -id: 276426
    -bodyTs: "'connect':8 'passkey':6 'passphras':5 'password':13 'passwordless':4 'secur':15 'ssh':7 'superior':11 'thought':2"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemm.ee/comment/7837430"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704290193 {#5232
      date: 2024-01-03 14:56:33.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "It is. That is the whole point. Why would I make extra unprivileged accounts that can run any command I need to run as root at any time without a password on the system just to avoid it. That just increases the attack surface via any other vector by giving an attacker accounts to choose from to break into."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291380 {#5361
    date: 2024-01-03 15:16:20.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@4am@lemm.ee"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5364 …}
  +nested: Doctrine\ORM\PersistentCollection {#5366 …}
  +votes: Doctrine\ORM\PersistentCollection {#5368 …}
  +reports: Doctrine\ORM\PersistentCollection {#5370 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5372 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5374 …}
  -id: 276478
  -bodyTs: "'account':14,53 'attack':43,52 'avoid':37 'break':58 'choos':55 'command':19 'extra':12 'give':50 'increas':41 'make':11 'need':21 'password':31 'point':7 'root':25 'run':17,23 'surfac':44 'system':34 'time':28 'unprivileg':13 'vector':48 'via':45 'whole':6 'without':29 'would':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7058407"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291380 {#5362
    date: 2024-01-03 15:16:20.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5363
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5233
    +user: Proxies\__CG__\App\Entity\User {#5218 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "I thought your passwordless passphrase passkey ssh connection that is superior to passwords was secure. Is it not?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704290193 {#5231
      date: 2024-01-03 14:56:33.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5234 …}
    +nested: Doctrine\ORM\PersistentCollection {#5236 …}
    +votes: Doctrine\ORM\PersistentCollection {#5238 …}
    +reports: Doctrine\ORM\PersistentCollection {#5240 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5242 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5244 …}
    -id: 276426
    -bodyTs: "'connect':8 'passkey':6 'passphras':5 'password':13 'passwordless':4 'secur':15 'ssh':7 'superior':11 'thought':2"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemm.ee/comment/7837430"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704290193 {#5232
      date: 2024-01-03 14:56:33.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "It is. That is the whole point. Why would I make extra unprivileged accounts that can run any command I need to run as root at any time without a password on the system just to avoid it. That just increases the attack surface via any other vector by giving an attacker accounts to choose from to break into."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291380 {#5361
    date: 2024-01-03 15:16:20.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@4am@lemm.ee"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5364 …}
  +nested: Doctrine\ORM\PersistentCollection {#5366 …}
  +votes: Doctrine\ORM\PersistentCollection {#5368 …}
  +reports: Doctrine\ORM\PersistentCollection {#5370 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5372 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5374 …}
  -id: 276478
  -bodyTs: "'account':14,53 'attack':43,52 'avoid':37 'break':58 'choos':55 'command':19 'extra':12 'give':50 'increas':41 'make':11 'need':21 'password':31 'point':7 'root':25 'run':17,23 'surfac':44 'system':34 'time':28 'unprivileg':13 'vector':48 'via':45 'whole':6 'without':29 'would':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7058407"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291380 {#5362
    date: 2024-01-03 15:16:20.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5363
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5233
    +user: Proxies\__CG__\App\Entity\User {#5218 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "I thought your passwordless passphrase passkey ssh connection that is superior to passwords was secure. Is it not?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704290193 {#5231
      date: 2024-01-03 14:56:33.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5234 …}
    +nested: Doctrine\ORM\PersistentCollection {#5236 …}
    +votes: Doctrine\ORM\PersistentCollection {#5238 …}
    +reports: Doctrine\ORM\PersistentCollection {#5240 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5242 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5244 …}
    -id: 276426
    -bodyTs: "'connect':8 'passkey':6 'passphras':5 'password':13 'passwordless':4 'secur':15 'ssh':7 'superior':11 'thought':2"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemm.ee/comment/7837430"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704290193 {#5232
      date: 2024-01-03 14:56:33.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "It is. That is the whole point. Why would I make extra unprivileged accounts that can run any command I need to run as root at any time without a password on the system just to avoid it. That just increases the attack surface via any other vector by giving an attacker accounts to choose from to break into."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291380 {#5361
    date: 2024-01-03 15:16:20.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@4am@lemm.ee"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5364 …}
  +nested: Doctrine\ORM\PersistentCollection {#5366 …}
  +votes: Doctrine\ORM\PersistentCollection {#5368 …}
  +reports: Doctrine\ORM\PersistentCollection {#5370 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5372 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5374 …}
  -id: 276478
  -bodyTs: "'account':14,53 'attack':43,52 'avoid':37 'break':58 'choos':55 'command':19 'extra':12 'give':50 'increas':41 'make':11 'need':21 'password':31 'point':7 'root':25 'run':17,23 'surfac':44 'system':34 'time':28 'unprivileg':13 'vector':48 'via':45 'whole':6 'without':29 'would':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7058407"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291380 {#5362
    date: 2024-01-03 15:16:20.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5248
  +user: Proxies\__CG__\App\Entity\User {#4938 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    You can allow only specific commands and options. See my config for example.\n
    \n
    [gitea.exu.li/exu/configs/src/commit/…/wheel](https://gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)\n
    \n
    You can limit this to a specific user as well.\n
    \n
    Anyone who hacks into the account can now only run those tightly defined commands and no others. Compared to root, who can run anything.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704291023 {#5246
    date: 2024-01-03 15:10:23.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5249 …}
  +nested: Doctrine\ORM\PersistentCollection {#5251 …}
  +votes: Doctrine\ORM\PersistentCollection {#5253 …}
  +reports: Doctrine\ORM\PersistentCollection {#5255 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5257 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5259 …}
  -id: 276465
  -bodyTs: "'/exu/configs/src/commit/':16 '/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':20 '/wheel':17 'account':36 'allow':3 'anyon':31 'anyth':54 'command':6,44 'compar':48 'config':11 'defin':43 'exampl':13 'gitea.exu.li':15,19 'gitea.exu.li/exu/configs/src/commit/':14 'gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':18 'hack':33 'limit':23 'option':8 'other':47 'root':50 'run':40,53 'see':9 'specif':5,27 'tight':42 'user':28 'well':30"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://feditown.com/comment/207958"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291023 {#5247
    date: 2024-01-03 15:10:23.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5248
  +user: Proxies\__CG__\App\Entity\User {#4938 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    You can allow only specific commands and options. See my config for example.\n
    \n
    [gitea.exu.li/exu/configs/src/commit/…/wheel](https://gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)\n
    \n
    You can limit this to a specific user as well.\n
    \n
    Anyone who hacks into the account can now only run those tightly defined commands and no others. Compared to root, who can run anything.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704291023 {#5246
    date: 2024-01-03 15:10:23.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5249 …}
  +nested: Doctrine\ORM\PersistentCollection {#5251 …}
  +votes: Doctrine\ORM\PersistentCollection {#5253 …}
  +reports: Doctrine\ORM\PersistentCollection {#5255 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5257 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5259 …}
  -id: 276465
  -bodyTs: "'/exu/configs/src/commit/':16 '/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':20 '/wheel':17 'account':36 'allow':3 'anyon':31 'anyth':54 'command':6,44 'compar':48 'config':11 'defin':43 'exampl':13 'gitea.exu.li':15,19 'gitea.exu.li/exu/configs/src/commit/':14 'gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':18 'hack':33 'limit':23 'option':8 'other':47 'root':50 'run':40,53 'see':9 'specif':5,27 'tight':42 'user':28 'well':30"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://feditown.com/comment/207958"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291023 {#5247
    date: 2024-01-03 15:10:23.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5248
  +user: Proxies\__CG__\App\Entity\User {#4938 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    You can allow only specific commands and options. See my config for example.\n
    \n
    [gitea.exu.li/exu/configs/src/commit/…/wheel](https://gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)\n
    \n
    You can limit this to a specific user as well.\n
    \n
    Anyone who hacks into the account can now only run those tightly defined commands and no others. Compared to root, who can run anything.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704291023 {#5246
    date: 2024-01-03 15:10:23.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5249 …}
  +nested: Doctrine\ORM\PersistentCollection {#5251 …}
  +votes: Doctrine\ORM\PersistentCollection {#5253 …}
  +reports: Doctrine\ORM\PersistentCollection {#5255 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5257 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5259 …}
  -id: 276465
  -bodyTs: "'/exu/configs/src/commit/':16 '/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':20 '/wheel':17 'account':36 'allow':3 'anyon':31 'anyth':54 'command':6,44 'compar':48 'config':11 'defin':43 'exampl':13 'gitea.exu.li':15,19 'gitea.exu.li/exu/configs/src/commit/':14 'gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':18 'hack':33 'limit':23 'option':8 'other':47 'root':50 'run':40,53 'see':9 'specif':5,27 'tight':42 'user':28 'well':30"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://feditown.com/comment/207958"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291023 {#5247
    date: 2024-01-03 15:10:23.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5393
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5248
    +user: Proxies\__CG__\App\Entity\User {#4938 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      You can allow only specific commands and options. See my config for example.\n
      \n
      [gitea.exu.li/exu/configs/src/commit/…/wheel](https://gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)\n
      \n
      You can limit this to a specific user as well.\n
      \n
      Anyone who hacks into the account can now only run those tightly defined commands and no others. Compared to root, who can run anything.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704291023 {#5246
      date: 2024-01-03 15:10:23.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5249 …}
    +nested: Doctrine\ORM\PersistentCollection {#5251 …}
    +votes: Doctrine\ORM\PersistentCollection {#5253 …}
    +reports: Doctrine\ORM\PersistentCollection {#5255 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5257 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5259 …}
    -id: 276465
    -bodyTs: "'/exu/configs/src/commit/':16 '/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':20 '/wheel':17 'account':36 'allow':3 'anyon':31 'anyth':54 'command':6,44 'compar':48 'config':11 'defin':43 'exampl':13 'gitea.exu.li':15,19 'gitea.exu.li/exu/configs/src/commit/':14 'gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':18 'hack':33 'limit':23 'option':8 'other':47 'root':50 'run':40,53 'see':9 'specif':5,27 'tight':42 'user':28 'well':30"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://feditown.com/comment/207958"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704291023 {#5247
      date: 2024-01-03 15:10:23.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "I am well aware that sudo can limit which commands you run but so can force_command in authorized_keys if you really need that functionality."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291546 {#5391
    date: 2024-01-03 15:19:06.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5394 …}
  +nested: Doctrine\ORM\PersistentCollection {#5396 …}
  +votes: Doctrine\ORM\PersistentCollection {#5398 …}
  +reports: Doctrine\ORM\PersistentCollection {#5400 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5402 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5404 …}
  -id: 276486
  -bodyTs: "'author':19 'awar':4 'command':10,17 'forc':16 'function':26 'key':20 'limit':8 'need':24 'realli':23 'run':12 'sudo':6 'well':3"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7058456"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291546 {#5392
    date: 2024-01-03 15:19:06.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5393
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5248
    +user: Proxies\__CG__\App\Entity\User {#4938 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      You can allow only specific commands and options. See my config for example.\n
      \n
      [gitea.exu.li/exu/configs/src/commit/…/wheel](https://gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)\n
      \n
      You can limit this to a specific user as well.\n
      \n
      Anyone who hacks into the account can now only run those tightly defined commands and no others. Compared to root, who can run anything.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704291023 {#5246
      date: 2024-01-03 15:10:23.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5249 …}
    +nested: Doctrine\ORM\PersistentCollection {#5251 …}
    +votes: Doctrine\ORM\PersistentCollection {#5253 …}
    +reports: Doctrine\ORM\PersistentCollection {#5255 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5257 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5259 …}
    -id: 276465
    -bodyTs: "'/exu/configs/src/commit/':16 '/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':20 '/wheel':17 'account':36 'allow':3 'anyon':31 'anyth':54 'command':6,44 'compar':48 'config':11 'defin':43 'exampl':13 'gitea.exu.li':15,19 'gitea.exu.li/exu/configs/src/commit/':14 'gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':18 'hack':33 'limit':23 'option':8 'other':47 'root':50 'run':40,53 'see':9 'specif':5,27 'tight':42 'user':28 'well':30"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://feditown.com/comment/207958"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704291023 {#5247
      date: 2024-01-03 15:10:23.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "I am well aware that sudo can limit which commands you run but so can force_command in authorized_keys if you really need that functionality."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291546 {#5391
    date: 2024-01-03 15:19:06.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5394 …}
  +nested: Doctrine\ORM\PersistentCollection {#5396 …}
  +votes: Doctrine\ORM\PersistentCollection {#5398 …}
  +reports: Doctrine\ORM\PersistentCollection {#5400 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5402 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5404 …}
  -id: 276486
  -bodyTs: "'author':19 'awar':4 'command':10,17 'forc':16 'function':26 'key':20 'limit':8 'need':24 'realli':23 'run':12 'sudo':6 'well':3"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7058456"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291546 {#5392
    date: 2024-01-03 15:19:06.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5393
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5248
    +user: Proxies\__CG__\App\Entity\User {#4938 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      You can allow only specific commands and options. See my config for example.\n
      \n
      [gitea.exu.li/exu/configs/src/commit/…/wheel](https://gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)\n
      \n
      You can limit this to a specific user as well.\n
      \n
      Anyone who hacks into the account can now only run those tightly defined commands and no others. Compared to root, who can run anything.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704291023 {#5246
      date: 2024-01-03 15:10:23.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5249 …}
    +nested: Doctrine\ORM\PersistentCollection {#5251 …}
    +votes: Doctrine\ORM\PersistentCollection {#5253 …}
    +reports: Doctrine\ORM\PersistentCollection {#5255 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5257 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5259 …}
    -id: 276465
    -bodyTs: "'/exu/configs/src/commit/':16 '/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':20 '/wheel':17 'account':36 'allow':3 'anyon':31 'anyth':54 'command':6,44 'compar':48 'config':11 'defin':43 'exampl':13 'gitea.exu.li':15,19 'gitea.exu.li/exu/configs/src/commit/':14 'gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel)':18 'hack':33 'limit':23 'option':8 'other':47 'root':50 'run':40,53 'see':9 'specif':5,27 'tight':42 'user':28 'well':30"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://feditown.com/comment/207958"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704291023 {#5247
      date: 2024-01-03 15:10:23.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "I am well aware that sudo can limit which commands you run but so can force_command in authorized_keys if you really need that functionality."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291546 {#5391
    date: 2024-01-03 15:19:06.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5394 …}
  +nested: Doctrine\ORM\PersistentCollection {#5396 …}
  +votes: Doctrine\ORM\PersistentCollection {#5398 …}
  +reports: Doctrine\ORM\PersistentCollection {#5400 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5402 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5404 …}
  -id: 276486
  -bodyTs: "'author':19 'awar':4 'command':10,17 'forc':16 'function':26 'key':20 'limit':8 'need':24 'realli':23 'run':12 'sudo':6 'well':3"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7058456"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291546 {#5392
    date: 2024-01-03 15:19:06.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5263
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Are you asking why it’s more secure to surface a few commands without password rather than all of them…?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1704293811 {#5261
    date: 2024-01-03 15:56:51.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5265 …}
  +nested: Doctrine\ORM\PersistentCollection {#5267 …}
  +votes: Doctrine\ORM\PersistentCollection {#5269 …}
  +reports: Doctrine\ORM\PersistentCollection {#5271 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5273 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5275 …}
  -id: 276589
  -bodyTs: "'ask':3 'command':13 'password':15 'rather':16 'secur':8 'surfac':10 'without':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6381543"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704293811 {#5262
    date: 2024-01-03 15:56:51.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5263
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Are you asking why it’s more secure to surface a few commands without password rather than all of them…?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1704293811 {#5261
    date: 2024-01-03 15:56:51.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5265 …}
  +nested: Doctrine\ORM\PersistentCollection {#5267 …}
  +votes: Doctrine\ORM\PersistentCollection {#5269 …}
  +reports: Doctrine\ORM\PersistentCollection {#5271 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5273 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5275 …}
  -id: 276589
  -bodyTs: "'ask':3 'command':13 'password':15 'rather':16 'secur':8 'surfac':10 'without':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6381543"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704293811 {#5262
    date: 2024-01-03 15:56:51.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5263
  +user: Proxies\__CG__\App\Entity\User {#5264 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Are you asking why it’s more secure to surface a few commands without password rather than all of them…?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1704293811 {#5261
    date: 2024-01-03 15:56:51.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5265 …}
  +nested: Doctrine\ORM\PersistentCollection {#5267 …}
  +votes: Doctrine\ORM\PersistentCollection {#5269 …}
  +reports: Doctrine\ORM\PersistentCollection {#5271 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5273 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5275 …}
  -id: 276589
  -bodyTs: "'ask':3 'command':13 'password':15 'rather':16 'secur':8 'surfac':10 'without':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6381543"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704293811 {#5262
    date: 2024-01-03 15:56:51.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5408
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5263
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Are you asking why it’s more secure to surface a few commands without password rather than all of them…?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 4
    +score: 0
    +lastActive: DateTime @1704293811 {#5261
      date: 2024-01-03 15:56:51.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5265 …}
    +nested: Doctrine\ORM\PersistentCollection {#5267 …}
    +votes: Doctrine\ORM\PersistentCollection {#5269 …}
    +reports: Doctrine\ORM\PersistentCollection {#5271 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5273 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5275 …}
    -id: 276589
    -bodyTs: "'ask':3 'command':13 'password':15 'rather':16 'secur':8 'surfac':10 'without':14"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6381543"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704293811 {#5262
      date: 2024-01-03 15:56:51.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "I am asking why it is considered to be more secure for the use case where you aren’t limiting access to a few commands because it is access meant for all kinds of admin tasks, not just one specific one (as in access for the people who need to fix unexpected problems among other things)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704296558 {#5406
    date: 2024-01-03 16:42:38.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@bluespin@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5409 …}
  +nested: Doctrine\ORM\PersistentCollection {#5411 …}
  +votes: Doctrine\ORM\PersistentCollection {#5413 …}
  +reports: Doctrine\ORM\PersistentCollection {#5415 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5417 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5419 …}
  -id: 276728
  -bodyTs: "'access':21,29,44 'admin':35 'among':54 'aren':18 'ask':3 'case':15 'command':25 'consid':7 'fix':51 'kind':33 'limit':20 'meant':30 'need':49 'one':39,41 'peopl':47 'problem':53 'secur':11 'specif':40 'task':36 'thing':56 'unexpect':52 'use':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7060568"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704296558 {#5407
    date: 2024-01-03 16:42:38.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5408
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5263
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Are you asking why it’s more secure to surface a few commands without password rather than all of them…?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 4
    +score: 0
    +lastActive: DateTime @1704293811 {#5261
      date: 2024-01-03 15:56:51.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5265 …}
    +nested: Doctrine\ORM\PersistentCollection {#5267 …}
    +votes: Doctrine\ORM\PersistentCollection {#5269 …}
    +reports: Doctrine\ORM\PersistentCollection {#5271 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5273 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5275 …}
    -id: 276589
    -bodyTs: "'ask':3 'command':13 'password':15 'rather':16 'secur':8 'surfac':10 'without':14"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6381543"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704293811 {#5262
      date: 2024-01-03 15:56:51.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "I am asking why it is considered to be more secure for the use case where you aren’t limiting access to a few commands because it is access meant for all kinds of admin tasks, not just one specific one (as in access for the people who need to fix unexpected problems among other things)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704296558 {#5406
    date: 2024-01-03 16:42:38.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@bluespin@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5409 …}
  +nested: Doctrine\ORM\PersistentCollection {#5411 …}
  +votes: Doctrine\ORM\PersistentCollection {#5413 …}
  +reports: Doctrine\ORM\PersistentCollection {#5415 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5417 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5419 …}
  -id: 276728
  -bodyTs: "'access':21,29,44 'admin':35 'among':54 'aren':18 'ask':3 'case':15 'command':25 'consid':7 'fix':51 'kind':33 'limit':20 'meant':30 'need':49 'one':39,41 'peopl':47 'problem':53 'secur':11 'specif':40 'task':36 'thing':56 'unexpect':52 'use':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7060568"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704296558 {#5407
    date: 2024-01-03 16:42:38.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5408
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5263
    +user: Proxies\__CG__\App\Entity\User {#5264 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "Are you asking why it’s more secure to surface a few commands without password rather than all of them…?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 4
    +score: 0
    +lastActive: DateTime @1704293811 {#5261
      date: 2024-01-03 15:56:51.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5265 …}
    +nested: Doctrine\ORM\PersistentCollection {#5267 …}
    +votes: Doctrine\ORM\PersistentCollection {#5269 …}
    +reports: Doctrine\ORM\PersistentCollection {#5271 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5273 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5275 …}
    -id: 276589
    -bodyTs: "'ask':3 'command':13 'password':15 'rather':16 'secur':8 'surfac':10 'without':14"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6381543"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704293811 {#5262
      date: 2024-01-03 15:56:51.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "I am asking why it is considered to be more secure for the use case where you aren’t limiting access to a few commands because it is access meant for all kinds of admin tasks, not just one specific one (as in access for the people who need to fix unexpected problems among other things)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704296558 {#5406
    date: 2024-01-03 16:42:38.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@bluespin@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5409 …}
  +nested: Doctrine\ORM\PersistentCollection {#5411 …}
  +votes: Doctrine\ORM\PersistentCollection {#5413 …}
  +reports: Doctrine\ORM\PersistentCollection {#5415 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5417 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5419 …}
  -id: 276728
  -bodyTs: "'access':21,29,44 'admin':35 'among':54 'aren':18 'ask':3 'case':15 'command':25 'consid':7 'fix':51 'kind':33 'limit':20 'meant':30 'need':49 'one':39,41 'peopl':47 'problem':53 'secur':11 'specif':40 'task':36 'thing':56 'unexpect':52 'use':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7060568"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704296558 {#5407
    date: 2024-01-03 16:42:38.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5279
  +user: Proxies\__CG__\App\Entity\User {#5280 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    Realistically, there is only a trivial pure *security* difference between logging in directly to root vs sudo set up to allow unrestricted NOPASS access to specific users: the attacker might not know the correct username when trying to brute force. That doesn't matter in the slightest unless you have password auth enabled with trivial passwords.\n
    \n
    But there is a difference in the ability to audit what happened after the fact if you have any kind of service storing system logs remotely or in a tamper-proof way. If there's more than one admin user on a service, that is very very important. Knowing where the compromise happened is absolutely essential to make things safe.\n
    \n
    If there's only ever going to be one administrative user (personal machine), logging in directly as root for manual administrative tasks is fine: you already know who the user is. If there's any chance there might be more administrative users later (small but growing business), you should consider doing it right from the start.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704308775 {#5277
    date: 2024-01-03 20:06:15.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5281 …}
  +nested: Doctrine\ORM\PersistentCollection {#5283 …}
  +votes: Doctrine\ORM\PersistentCollection {#5285 …}
  +reports: Doctrine\ORM\PersistentCollection {#5287 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5289 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5291 …}
  -id: 277251
  -bodyTs: "'abil':64 'absolut':112 'access':24 'admin':96 'administr':127,138,158 'allow':21 'alreadi':143 'attack':29 'audit':66 'auth':52 'brute':39 'busi':164 'chanc':153 'compromis':109 'consid':167 'correct':34 'differ':9,61 'direct':13,133 'doesn':42 'enabl':53 'essenti':113 'ever':122 'fact':71 'fine':141 'forc':40 'go':123 'grow':163 'happen':68,110 'import':105 'kind':76 'know':32,106,144 'later':160 'log':11,81,131 'machin':130 'make':115 'manual':137 'matter':44 'might':30,155 'nopass':23 'one':95,126 'password':51,56 'person':129 'proof':88 'pure':7 'realist':1 'remot':82 'right':170 'root':15,135 'safe':117 'secur':8 'servic':78,100 'set':18 'slightest':47 'small':161 'specif':26 'start':173 'store':79 'sudo':17 'system':80 'tamper':87 'tamper-proof':86 'task':139 'thing':116 'tri':37 'trivial':6,55 'unless':48 'unrestrict':22 'user':27,97,128,147,159 'usernam':35 'vs':16 'way':89"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4390220"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704308775 {#5278
    date: 2024-01-03 20:06:15.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5279
  +user: Proxies\__CG__\App\Entity\User {#5280 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    Realistically, there is only a trivial pure *security* difference between logging in directly to root vs sudo set up to allow unrestricted NOPASS access to specific users: the attacker might not know the correct username when trying to brute force. That doesn't matter in the slightest unless you have password auth enabled with trivial passwords.\n
    \n
    But there is a difference in the ability to audit what happened after the fact if you have any kind of service storing system logs remotely or in a tamper-proof way. If there's more than one admin user on a service, that is very very important. Knowing where the compromise happened is absolutely essential to make things safe.\n
    \n
    If there's only ever going to be one administrative user (personal machine), logging in directly as root for manual administrative tasks is fine: you already know who the user is. If there's any chance there might be more administrative users later (small but growing business), you should consider doing it right from the start.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704308775 {#5277
    date: 2024-01-03 20:06:15.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5281 …}
  +nested: Doctrine\ORM\PersistentCollection {#5283 …}
  +votes: Doctrine\ORM\PersistentCollection {#5285 …}
  +reports: Doctrine\ORM\PersistentCollection {#5287 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5289 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5291 …}
  -id: 277251
  -bodyTs: "'abil':64 'absolut':112 'access':24 'admin':96 'administr':127,138,158 'allow':21 'alreadi':143 'attack':29 'audit':66 'auth':52 'brute':39 'busi':164 'chanc':153 'compromis':109 'consid':167 'correct':34 'differ':9,61 'direct':13,133 'doesn':42 'enabl':53 'essenti':113 'ever':122 'fact':71 'fine':141 'forc':40 'go':123 'grow':163 'happen':68,110 'import':105 'kind':76 'know':32,106,144 'later':160 'log':11,81,131 'machin':130 'make':115 'manual':137 'matter':44 'might':30,155 'nopass':23 'one':95,126 'password':51,56 'person':129 'proof':88 'pure':7 'realist':1 'remot':82 'right':170 'root':15,135 'safe':117 'secur':8 'servic':78,100 'set':18 'slightest':47 'small':161 'specif':26 'start':173 'store':79 'sudo':17 'system':80 'tamper':87 'tamper-proof':86 'task':139 'thing':116 'tri':37 'trivial':6,55 'unless':48 'unrestrict':22 'user':27,97,128,147,159 'usernam':35 'vs':16 'way':89"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4390220"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704308775 {#5278
    date: 2024-01-03 20:06:15.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5279
  +user: Proxies\__CG__\App\Entity\User {#5280 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5116
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4937
      +user: Proxies\__CG__\App\Entity\User {#4938 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4869
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4035
          +user: App\Entity\User {#3983 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
            \n
            By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 13
          +score: 0
          +lastActive: DateTime @1711630376 {#3949
            date: 2024-03-28 13:52:56.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4033 …}
          +nested: Doctrine\ORM\PersistentCollection {#4031 …}
          +votes: Doctrine\ORM\PersistentCollection {#4029 …}
          +reports: Doctrine\ORM\PersistentCollection {#4027 …}
          +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
          +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
          -id: 276053
          -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704277159 {#3985
            date: 2024-01-03 11:19:19.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: """
          > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
          \n
          That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704278686 {#4867
          date: 2024-01-03 11:44:46.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4870 …}
        +nested: Doctrine\ORM\PersistentCollection {#4872 …}
        +votes: Doctrine\ORM\PersistentCollection {#4874 …}
        +reports: Doctrine\ORM\PersistentCollection {#4876 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
        -id: 276086
        -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7051439"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704278686 {#4868
          date: 2024-01-03 11:44:46.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285179 {#4935
        date: 2024-01-03 13:32:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4939 …}
      +nested: Doctrine\ORM\PersistentCollection {#4941 …}
      +votes: Doctrine\ORM\PersistentCollection {#4943 …}
      +reports: Doctrine\ORM\PersistentCollection {#4945 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
      -id: 276238
      -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://feditown.com/comment/207667"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285179 {#4936
        date: 2024-01-03 13:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704285432 {#5114
      date: 2024-01-03 13:37:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5117 …}
    +nested: Doctrine\ORM\PersistentCollection {#5119 …}
    +votes: Doctrine\ORM\PersistentCollection {#5121 …}
    +reports: Doctrine\ORM\PersistentCollection {#5123 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
    -id: 276248
    -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7056549"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285432 {#5115
      date: 2024-01-03 13:37:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    Realistically, there is only a trivial pure *security* difference between logging in directly to root vs sudo set up to allow unrestricted NOPASS access to specific users: the attacker might not know the correct username when trying to brute force. That doesn't matter in the slightest unless you have password auth enabled with trivial passwords.\n
    \n
    But there is a difference in the ability to audit what happened after the fact if you have any kind of service storing system logs remotely or in a tamper-proof way. If there's more than one admin user on a service, that is very very important. Knowing where the compromise happened is absolutely essential to make things safe.\n
    \n
    If there's only ever going to be one administrative user (personal machine), logging in directly as root for manual administrative tasks is fine: you already know who the user is. If there's any chance there might be more administrative users later (small but growing business), you should consider doing it right from the start.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704308775 {#5277
    date: 2024-01-03 20:06:15.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5281 …}
  +nested: Doctrine\ORM\PersistentCollection {#5283 …}
  +votes: Doctrine\ORM\PersistentCollection {#5285 …}
  +reports: Doctrine\ORM\PersistentCollection {#5287 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5289 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5291 …}
  -id: 277251
  -bodyTs: "'abil':64 'absolut':112 'access':24 'admin':96 'administr':127,138,158 'allow':21 'alreadi':143 'attack':29 'audit':66 'auth':52 'brute':39 'busi':164 'chanc':153 'compromis':109 'consid':167 'correct':34 'differ':9,61 'direct':13,133 'doesn':42 'enabl':53 'essenti':113 'ever':122 'fact':71 'fine':141 'forc':40 'go':123 'grow':163 'happen':68,110 'import':105 'kind':76 'know':32,106,144 'later':160 'log':11,81,131 'machin':130 'make':115 'manual':137 'matter':44 'might':30,155 'nopass':23 'one':95,126 'password':51,56 'person':129 'proof':88 'pure':7 'realist':1 'remot':82 'right':170 'root':15,135 'safe':117 'secur':8 'servic':78,100 'set':18 'slightest':47 'small':161 'specif':26 'start':173 'store':79 'sudo':17 'system':80 'tamper':87 'tamper-proof':86 'task':139 'thing':116 'tri':37 'trivial':6,55 'unless':48 'unrestrict':22 'user':27,97,128,147,159 'usernam':35 'vs':16 'way':89"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4390220"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704308775 {#5278
    date: 2024-01-03 20:06:15.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5423
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5279
    +user: Proxies\__CG__\App\Entity\User {#5280 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      Realistically, there is only a trivial pure *security* difference between logging in directly to root vs sudo set up to allow unrestricted NOPASS access to specific users: the attacker might not know the correct username when trying to brute force. That doesn't matter in the slightest unless you have password auth enabled with trivial passwords.\n
      \n
      But there is a difference in the ability to audit what happened after the fact if you have any kind of service storing system logs remotely or in a tamper-proof way. If there's more than one admin user on a service, that is very very important. Knowing where the compromise happened is absolutely essential to make things safe.\n
      \n
      If there's only ever going to be one administrative user (personal machine), logging in directly as root for manual administrative tasks is fine: you already know who the user is. If there's any chance there might be more administrative users later (small but growing business), you should consider doing it right from the start.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704308775 {#5277
      date: 2024-01-03 20:06:15.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5281 …}
    +nested: Doctrine\ORM\PersistentCollection {#5283 …}
    +votes: Doctrine\ORM\PersistentCollection {#5285 …}
    +reports: Doctrine\ORM\PersistentCollection {#5287 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5289 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5291 …}
    -id: 277251
    -bodyTs: "'abil':64 'absolut':112 'access':24 'admin':96 'administr':127,138,158 'allow':21 'alreadi':143 'attack':29 'audit':66 'auth':52 'brute':39 'busi':164 'chanc':153 'compromis':109 'consid':167 'correct':34 'differ':9,61 'direct':13,133 'doesn':42 'enabl':53 'essenti':113 'ever':122 'fact':71 'fine':141 'forc':40 'go':123 'grow':163 'happen':68,110 'import':105 'kind':76 'know':32,106,144 'later':160 'log':11,81,131 'machin':130 'make':115 'manual':137 'matter':44 'might':30,155 'nopass':23 'one':95,126 'password':51,56 'person':129 'proof':88 'pure':7 'realist':1 'remot':82 'right':170 'root':15,135 'safe':117 'secur':8 'servic':78,100 'set':18 'slightest':47 'small':161 'specif':26 'start':173 'store':79 'sudo':17 'system':80 'tamper':87 'tamper-proof':86 'task':139 'thing':116 'tri':37 'trivial':6,55 'unless':48 'unrestrict':22 'user':27,97,128,147,159 'usernam':35 'vs':16 'way':89"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4390220"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704308775 {#5278
      date: 2024-01-03 20:06:15.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    I was aware of the login UID for auditd logging as a difference but as you say, that is only really helpful if the logs are shipped somewhere else or tampering with them is otherwise prevented for admin users. It is not quite the same but the auth.log entries sshd produces on login also contain the key fingerprint used to login these days so on a more limited scale you can at least tell who logged in when from those (or whose key but that is no different than whose account for the sudo approach).\n
    \n
    > you should consider doing it right from the start.\n
    \n
    Do you have any advice on how to use the sudo approach without having a huge slow down in every automated process that requires `ssh user@host ` calls for manual password entry? I am aware of Ansible but I am honestly very sceptical of Python tools since they tend to break easily and often from my past experiences and I would like to avoid using additional ones for critical tasks. Plus Ansible in particular seemed to be very late with their Python 3 transition, as I recall I uninstalled it when it was one of the last tools left that did not work with Python 3.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704356374 {#5421
    date: 2024-01-04 09:19:34.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@chameleon@kbin.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5424 …}
  +nested: Doctrine\ORM\PersistentCollection {#5426 …}
  +votes: Doctrine\ORM\PersistentCollection {#5428 …}
  +reports: Doctrine\ORM\PersistentCollection {#5430 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5432 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5434 …}
  -id: 278987
  -bodyTs: "'3':187,210 'account':91 'addit':170 'admin':38 'advic':109 'also':54 'ansibl':141,176 'approach':95,116 'auditd':9 'auth.log':48 'autom':125 'avoid':168 'awar':3,139 'break':155 'call':132 'consid':98 'contain':55 'critic':173 'day':63 'differ':13,88 'easili':156 'els':29 'entri':49,136 'everi':124 'experi':162 'fingerprint':58 'help':22 'honest':145 'host':131 'huge':120 'key':57,83 'last':201 'late':183 'least':73 'left':203 'like':166 'limit':68 'log':10,25,76 'login':6,53,61 'manual':134 'often':158 'one':171,198 'otherwis':35 'particular':178 'password':135 'past':161 'plus':175 'prevent':36 'process':126 'produc':51 'python':149,186,209 'quit':43 'realli':21 'recal':191 'requir':128 'right':101 'say':17 'scale':69 'sceptic':147 'seem':179 'ship':27 'sinc':151 'slow':121 'somewher':28 'ssh':129 'sshd':50 'start':104 'sudo':94,115 'tamper':31 'task':174 'tell':74 'tend':153 'tool':150,202 'transit':188 'uid':7 'uninstal':193 'use':59,113,169 'user':39,130 'whose':82,90 'without':117 'work':207 'would':165"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7081849"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704356374 {#5422
    date: 2024-01-04 09:19:34.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5423
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5279
    +user: Proxies\__CG__\App\Entity\User {#5280 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      Realistically, there is only a trivial pure *security* difference between logging in directly to root vs sudo set up to allow unrestricted NOPASS access to specific users: the attacker might not know the correct username when trying to brute force. That doesn't matter in the slightest unless you have password auth enabled with trivial passwords.\n
      \n
      But there is a difference in the ability to audit what happened after the fact if you have any kind of service storing system logs remotely or in a tamper-proof way. If there's more than one admin user on a service, that is very very important. Knowing where the compromise happened is absolutely essential to make things safe.\n
      \n
      If there's only ever going to be one administrative user (personal machine), logging in directly as root for manual administrative tasks is fine: you already know who the user is. If there's any chance there might be more administrative users later (small but growing business), you should consider doing it right from the start.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704308775 {#5277
      date: 2024-01-03 20:06:15.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5281 …}
    +nested: Doctrine\ORM\PersistentCollection {#5283 …}
    +votes: Doctrine\ORM\PersistentCollection {#5285 …}
    +reports: Doctrine\ORM\PersistentCollection {#5287 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5289 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5291 …}
    -id: 277251
    -bodyTs: "'abil':64 'absolut':112 'access':24 'admin':96 'administr':127,138,158 'allow':21 'alreadi':143 'attack':29 'audit':66 'auth':52 'brute':39 'busi':164 'chanc':153 'compromis':109 'consid':167 'correct':34 'differ':9,61 'direct':13,133 'doesn':42 'enabl':53 'essenti':113 'ever':122 'fact':71 'fine':141 'forc':40 'go':123 'grow':163 'happen':68,110 'import':105 'kind':76 'know':32,106,144 'later':160 'log':11,81,131 'machin':130 'make':115 'manual':137 'matter':44 'might':30,155 'nopass':23 'one':95,126 'password':51,56 'person':129 'proof':88 'pure':7 'realist':1 'remot':82 'right':170 'root':15,135 'safe':117 'secur':8 'servic':78,100 'set':18 'slightest':47 'small':161 'specif':26 'start':173 'store':79 'sudo':17 'system':80 'tamper':87 'tamper-proof':86 'task':139 'thing':116 'tri':37 'trivial':6,55 'unless':48 'unrestrict':22 'user':27,97,128,147,159 'usernam':35 'vs':16 'way':89"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4390220"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704308775 {#5278
      date: 2024-01-03 20:06:15.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    I was aware of the login UID for auditd logging as a difference but as you say, that is only really helpful if the logs are shipped somewhere else or tampering with them is otherwise prevented for admin users. It is not quite the same but the auth.log entries sshd produces on login also contain the key fingerprint used to login these days so on a more limited scale you can at least tell who logged in when from those (or whose key but that is no different than whose account for the sudo approach).\n
    \n
    > you should consider doing it right from the start.\n
    \n
    Do you have any advice on how to use the sudo approach without having a huge slow down in every automated process that requires `ssh user@host ` calls for manual password entry? I am aware of Ansible but I am honestly very sceptical of Python tools since they tend to break easily and often from my past experiences and I would like to avoid using additional ones for critical tasks. Plus Ansible in particular seemed to be very late with their Python 3 transition, as I recall I uninstalled it when it was one of the last tools left that did not work with Python 3.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704356374 {#5421
    date: 2024-01-04 09:19:34.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@chameleon@kbin.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5424 …}
  +nested: Doctrine\ORM\PersistentCollection {#5426 …}
  +votes: Doctrine\ORM\PersistentCollection {#5428 …}
  +reports: Doctrine\ORM\PersistentCollection {#5430 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5432 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5434 …}
  -id: 278987
  -bodyTs: "'3':187,210 'account':91 'addit':170 'admin':38 'advic':109 'also':54 'ansibl':141,176 'approach':95,116 'auditd':9 'auth.log':48 'autom':125 'avoid':168 'awar':3,139 'break':155 'call':132 'consid':98 'contain':55 'critic':173 'day':63 'differ':13,88 'easili':156 'els':29 'entri':49,136 'everi':124 'experi':162 'fingerprint':58 'help':22 'honest':145 'host':131 'huge':120 'key':57,83 'last':201 'late':183 'least':73 'left':203 'like':166 'limit':68 'log':10,25,76 'login':6,53,61 'manual':134 'often':158 'one':171,198 'otherwis':35 'particular':178 'password':135 'past':161 'plus':175 'prevent':36 'process':126 'produc':51 'python':149,186,209 'quit':43 'realli':21 'recal':191 'requir':128 'right':101 'say':17 'scale':69 'sceptic':147 'seem':179 'ship':27 'sinc':151 'slow':121 'somewher':28 'ssh':129 'sshd':50 'start':104 'sudo':94,115 'tamper':31 'task':174 'tell':74 'tend':153 'tool':150,202 'transit':188 'uid':7 'uninstal':193 'use':59,113,169 'user':39,130 'whose':82,90 'without':117 'work':207 'would':165"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7081849"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704356374 {#5422
    date: 2024-01-04 09:19:34.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5423
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5279
    +user: Proxies\__CG__\App\Entity\User {#5280 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5116
      +user: App\Entity\User {#4753 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4937
        +user: Proxies\__CG__\App\Entity\User {#4938 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4869
          +user: App\Entity\User {#4753 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4035
            +user: App\Entity\User {#3983 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: null
            +root: null
            +body: """
              As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
              \n
              By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 13
            +score: 0
            +lastActive: DateTime @1711630376 {#3949
              date: 2024-03-28 13:52:56.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4033 …}
            +nested: Doctrine\ORM\PersistentCollection {#4031 …}
            +votes: Doctrine\ORM\PersistentCollection {#4029 …}
            +reports: Doctrine\ORM\PersistentCollection {#4027 …}
            +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
            +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
            -id: 276053
            -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704277159 {#3985
              date: 2024-01-03 11:19:19.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: """
            > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
            \n
            That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1704278686 {#4867
            date: 2024-01-03 11:44:46.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4870 …}
          +nested: Doctrine\ORM\PersistentCollection {#4872 …}
          +votes: Doctrine\ORM\PersistentCollection {#4874 …}
          +reports: Doctrine\ORM\PersistentCollection {#4876 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
          -id: 276086
          -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://sh.itjust.works/comment/7051439"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704278686 {#4868
            date: 2024-01-03 11:44:46.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285179 {#4935
          date: 2024-01-03 13:32:59.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4939 …}
        +nested: Doctrine\ORM\PersistentCollection {#4941 …}
        +votes: Doctrine\ORM\PersistentCollection {#4943 …}
        +reports: Doctrine\ORM\PersistentCollection {#4945 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
        -id: 276238
        -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://feditown.com/comment/207667"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285179 {#4936
          date: 2024-01-03 13:32:59.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704285432 {#5114
        date: 2024-01-03 13:37:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5117 …}
      +nested: Doctrine\ORM\PersistentCollection {#5119 …}
      +votes: Doctrine\ORM\PersistentCollection {#5121 …}
      +reports: Doctrine\ORM\PersistentCollection {#5123 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
      -id: 276248
      -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sh.itjust.works/comment/7056549"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285432 {#5115
        date: 2024-01-03 13:37:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      Realistically, there is only a trivial pure *security* difference between logging in directly to root vs sudo set up to allow unrestricted NOPASS access to specific users: the attacker might not know the correct username when trying to brute force. That doesn't matter in the slightest unless you have password auth enabled with trivial passwords.\n
      \n
      But there is a difference in the ability to audit what happened after the fact if you have any kind of service storing system logs remotely or in a tamper-proof way. If there's more than one admin user on a service, that is very very important. Knowing where the compromise happened is absolutely essential to make things safe.\n
      \n
      If there's only ever going to be one administrative user (personal machine), logging in directly as root for manual administrative tasks is fine: you already know who the user is. If there's any chance there might be more administrative users later (small but growing business), you should consider doing it right from the start.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704308775 {#5277
      date: 2024-01-03 20:06:15.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5281 …}
    +nested: Doctrine\ORM\PersistentCollection {#5283 …}
    +votes: Doctrine\ORM\PersistentCollection {#5285 …}
    +reports: Doctrine\ORM\PersistentCollection {#5287 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5289 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5291 …}
    -id: 277251
    -bodyTs: "'abil':64 'absolut':112 'access':24 'admin':96 'administr':127,138,158 'allow':21 'alreadi':143 'attack':29 'audit':66 'auth':52 'brute':39 'busi':164 'chanc':153 'compromis':109 'consid':167 'correct':34 'differ':9,61 'direct':13,133 'doesn':42 'enabl':53 'essenti':113 'ever':122 'fact':71 'fine':141 'forc':40 'go':123 'grow':163 'happen':68,110 'import':105 'kind':76 'know':32,106,144 'later':160 'log':11,81,131 'machin':130 'make':115 'manual':137 'matter':44 'might':30,155 'nopass':23 'one':95,126 'password':51,56 'person':129 'proof':88 'pure':7 'realist':1 'remot':82 'right':170 'root':15,135 'safe':117 'secur':8 'servic':78,100 'set':18 'slightest':47 'small':161 'specif':26 'start':173 'store':79 'sudo':17 'system':80 'tamper':87 'tamper-proof':86 'task':139 'thing':116 'tri':37 'trivial':6,55 'unless':48 'unrestrict':22 'user':27,97,128,147,159 'usernam':35 'vs':16 'way':89"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4390220"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704308775 {#5278
      date: 2024-01-03 20:06:15.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: """
    I was aware of the login UID for auditd logging as a difference but as you say, that is only really helpful if the logs are shipped somewhere else or tampering with them is otherwise prevented for admin users. It is not quite the same but the auth.log entries sshd produces on login also contain the key fingerprint used to login these days so on a more limited scale you can at least tell who logged in when from those (or whose key but that is no different than whose account for the sudo approach).\n
    \n
    > you should consider doing it right from the start.\n
    \n
    Do you have any advice on how to use the sudo approach without having a huge slow down in every automated process that requires `ssh user@host ` calls for manual password entry? I am aware of Ansible but I am honestly very sceptical of Python tools since they tend to break easily and often from my past experiences and I would like to avoid using additional ones for critical tasks. Plus Ansible in particular seemed to be very late with their Python 3 transition, as I recall I uninstalled it when it was one of the last tools left that did not work with Python 3.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704356374 {#5421
    date: 2024-01-04 09:19:34.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@chameleon@kbin.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5424 …}
  +nested: Doctrine\ORM\PersistentCollection {#5426 …}
  +votes: Doctrine\ORM\PersistentCollection {#5428 …}
  +reports: Doctrine\ORM\PersistentCollection {#5430 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5432 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5434 …}
  -id: 278987
  -bodyTs: "'3':187,210 'account':91 'addit':170 'admin':38 'advic':109 'also':54 'ansibl':141,176 'approach':95,116 'auditd':9 'auth.log':48 'autom':125 'avoid':168 'awar':3,139 'break':155 'call':132 'consid':98 'contain':55 'critic':173 'day':63 'differ':13,88 'easili':156 'els':29 'entri':49,136 'everi':124 'experi':162 'fingerprint':58 'help':22 'honest':145 'host':131 'huge':120 'key':57,83 'last':201 'late':183 'least':73 'left':203 'like':166 'limit':68 'log':10,25,76 'login':6,53,61 'manual':134 'often':158 'one':171,198 'otherwis':35 'particular':178 'password':135 'past':161 'plus':175 'prevent':36 'process':126 'produc':51 'python':149,186,209 'quit':43 'realli':21 'recal':191 'requir':128 'right':101 'say':17 'scale':69 'sceptic':147 'seem':179 'ship':27 'sinc':151 'slow':121 'somewher':28 'ssh':129 'sshd':50 'start':104 'sudo':94,115 'tamper':31 'task':174 'tell':74 'tend':153 'tool':150,202 'transit':188 'uid':7 'uninstal':193 'use':59,113,169 'user':39,130 'whose':82,90 'without':117 'work':207 'would':165"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7081849"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704356374 {#5422
    date: 2024-01-04 09:19:34.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5461
  +user: Proxies\__CG__\App\Entity\User {#5280 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5423
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5279
      +user: Proxies\__CG__\App\Entity\User {#5280 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5116
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4937
          +user: Proxies\__CG__\App\Entity\User {#4938 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4869
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4035
              +user: App\Entity\User {#3983 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: null
              +root: null
              +body: """
                As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                \n
                By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                """
              +lang: "en"
              +isAdult: false
              +favouriteCount: 13
              +score: 0
              +lastActive: DateTime @1711630376 {#3949
                date: 2024-03-28 13:52:56.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4033 …}
              +nested: Doctrine\ORM\PersistentCollection {#4031 …}
              +votes: Doctrine\ORM\PersistentCollection {#4029 …}
              +reports: Doctrine\ORM\PersistentCollection {#4027 …}
              +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
              +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
              -id: 276053
              -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704277159 {#3985
                date: 2024-01-03 11:19:19.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: """
              > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
              \n
              That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 1
            +score: 0
            +lastActive: DateTime @1704278686 {#4867
              date: 2024-01-03 11:44:46.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4870 …}
            +nested: Doctrine\ORM\PersistentCollection {#4872 …}
            +votes: Doctrine\ORM\PersistentCollection {#4874 …}
            +reports: Doctrine\ORM\PersistentCollection {#4876 …}
            +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
            +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
            -id: 276086
            -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7051439"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704278686 {#4868
              date: 2024-01-03 11:44:46.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704285179 {#4935
            date: 2024-01-03 13:32:59.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4939 …}
          +nested: Doctrine\ORM\PersistentCollection {#4941 …}
          +votes: Doctrine\ORM\PersistentCollection {#4943 …}
          +reports: Doctrine\ORM\PersistentCollection {#4945 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
          -id: 276238
          -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://feditown.com/comment/207667"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704285179 {#4936
            date: 2024-01-03 13:32:59.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704285432 {#5114
          date: 2024-01-03 13:37:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@exu@feditown.com"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5117 …}
        +nested: Doctrine\ORM\PersistentCollection {#5119 …}
        +votes: Doctrine\ORM\PersistentCollection {#5121 …}
        +reports: Doctrine\ORM\PersistentCollection {#5123 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
        -id: 276248
        -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056549"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285432 {#5115
          date: 2024-01-03 13:37:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        Realistically, there is only a trivial pure *security* difference between logging in directly to root vs sudo set up to allow unrestricted NOPASS access to specific users: the attacker might not know the correct username when trying to brute force. That doesn't matter in the slightest unless you have password auth enabled with trivial passwords.\n
        \n
        But there is a difference in the ability to audit what happened after the fact if you have any kind of service storing system logs remotely or in a tamper-proof way. If there's more than one admin user on a service, that is very very important. Knowing where the compromise happened is absolutely essential to make things safe.\n
        \n
        If there's only ever going to be one administrative user (personal machine), logging in directly as root for manual administrative tasks is fine: you already know who the user is. If there's any chance there might be more administrative users later (small but growing business), you should consider doing it right from the start.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 2
      +score: 0
      +lastActive: DateTime @1704308775 {#5277
        date: 2024-01-03 20:06:15.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5281 …}
      +nested: Doctrine\ORM\PersistentCollection {#5283 …}
      +votes: Doctrine\ORM\PersistentCollection {#5285 …}
      +reports: Doctrine\ORM\PersistentCollection {#5287 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5289 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5291 …}
      -id: 277251
      -bodyTs: "'abil':64 'absolut':112 'access':24 'admin':96 'administr':127,138,158 'allow':21 'alreadi':143 'attack':29 'audit':66 'auth':52 'brute':39 'busi':164 'chanc':153 'compromis':109 'consid':167 'correct':34 'differ':9,61 'direct':13,133 'doesn':42 'enabl':53 'essenti':113 'ever':122 'fact':71 'fine':141 'forc':40 'go':123 'grow':163 'happen':68,110 'import':105 'kind':76 'know':32,106,144 'later':160 'log':11,81,131 'machin':130 'make':115 'manual':137 'matter':44 'might':30,155 'nopass':23 'one':95,126 'password':51,56 'person':129 'proof':88 'pure':7 'realist':1 'remot':82 'right':170 'root':15,135 'safe':117 'secur':8 'servic':78,100 'set':18 'slightest':47 'small':161 'specif':26 'start':173 'store':79 'sudo':17 'system':80 'tamper':87 'tamper-proof':86 'task':139 'thing':116 'tri':37 'trivial':6,55 'unless':48 'unrestrict':22 'user':27,97,128,147,159 'usernam':35 'vs':16 'way':89"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4390220"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704308775 {#5278
        date: 2024-01-03 20:06:15.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      I was aware of the login UID for auditd logging as a difference but as you say, that is only really helpful if the logs are shipped somewhere else or tampering with them is otherwise prevented for admin users. It is not quite the same but the auth.log entries sshd produces on login also contain the key fingerprint used to login these days so on a more limited scale you can at least tell who logged in when from those (or whose key but that is no different than whose account for the sudo approach).\n
      \n
      > you should consider doing it right from the start.\n
      \n
      Do you have any advice on how to use the sudo approach without having a huge slow down in every automated process that requires `ssh user@host ` calls for manual password entry? I am aware of Ansible but I am honestly very sceptical of Python tools since they tend to break easily and often from my past experiences and I would like to avoid using additional ones for critical tasks. Plus Ansible in particular seemed to be very late with their Python 3 transition, as I recall I uninstalled it when it was one of the last tools left that did not work with Python 3.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704356374 {#5421
      date: 2024-01-04 09:19:34.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
      "@chameleon@kbin.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5424 …}
    +nested: Doctrine\ORM\PersistentCollection {#5426 …}
    +votes: Doctrine\ORM\PersistentCollection {#5428 …}
    +reports: Doctrine\ORM\PersistentCollection {#5430 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5432 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5434 …}
    -id: 278987
    -bodyTs: "'3':187,210 'account':91 'addit':170 'admin':38 'advic':109 'also':54 'ansibl':141,176 'approach':95,116 'auditd':9 'auth.log':48 'autom':125 'avoid':168 'awar':3,139 'break':155 'call':132 'consid':98 'contain':55 'critic':173 'day':63 'differ':13,88 'easili':156 'els':29 'entri':49,136 'everi':124 'experi':162 'fingerprint':58 'help':22 'honest':145 'host':131 'huge':120 'key':57,83 'last':201 'late':183 'least':73 'left':203 'like':166 'limit':68 'log':10,25,76 'login':6,53,61 'manual':134 'often':158 'one':171,198 'otherwis':35 'particular':178 'password':135 'past':161 'plus':175 'prevent':36 'process':126 'produc':51 'python':149,186,209 'quit':43 'realli':21 'recal':191 'requir':128 'right':101 'say':17 'scale':69 'sceptic':147 'seem':179 'ship':27 'sinc':151 'slow':121 'somewher':28 'ssh':129 'sshd':50 'start':104 'sudo':94,115 'tamper':31 'task':174 'tell':74 'tend':153 'tool':150,202 'transit':188 'uid':7 'uninstal':193 'use':59,113,169 'user':39,130 'whose':82,90 'without':117 'work':207 'would':165"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7081849"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704356374 {#5422
      date: 2024-01-04 09:19:34.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Well, my recommendations for anything semi-automated would be Ansible and Fabric/Invoke. Fabric is also a Python tool (though it's only used on the controlling side, unlike Ansible), so if that's a no-go, I'm afraid I don't have much to offer."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704388225 {#5458
    date: 2024-01-04 18:10:25.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@chameleon@kbin.social"
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@chameleon@kbin.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5462 …}
  +nested: Doctrine\ORM\PersistentCollection {#5464 …}
  +votes: Doctrine\ORM\PersistentCollection {#5466 …}
  +reports: Doctrine\ORM\PersistentCollection {#5468 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5470 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5472 …}
  -id: 280049
  -bodyTs: "'afraid':41 'also':16 'ansibl':11,30 'anyth':5 'autom':8 'control':27 'fabric':14 'fabric/invoke':13 'go':38 'm':40 'much':46 'no-go':36 'offer':48 'python':18 'recommend':3 'semi':7 'semi-autom':6 'side':28 'though':20 'tool':19 'unlik':29 'use':24 'well':1 'would':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4404919"
  +editedAt: DateTimeImmutable @1711630408 {#5459
    date: 2024-03-28 13:53:28.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704388225 {#5460
    date: 2024-01-04 18:10:25.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5461
  +user: Proxies\__CG__\App\Entity\User {#5280 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5423
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5279
      +user: Proxies\__CG__\App\Entity\User {#5280 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5116
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4937
          +user: Proxies\__CG__\App\Entity\User {#4938 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4869
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4035
              +user: App\Entity\User {#3983 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: null
              +root: null
              +body: """
                As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                \n
                By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                """
              +lang: "en"
              +isAdult: false
              +favouriteCount: 13
              +score: 0
              +lastActive: DateTime @1711630376 {#3949
                date: 2024-03-28 13:52:56.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4033 …}
              +nested: Doctrine\ORM\PersistentCollection {#4031 …}
              +votes: Doctrine\ORM\PersistentCollection {#4029 …}
              +reports: Doctrine\ORM\PersistentCollection {#4027 …}
              +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
              +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
              -id: 276053
              -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704277159 {#3985
                date: 2024-01-03 11:19:19.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: """
              > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
              \n
              That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 1
            +score: 0
            +lastActive: DateTime @1704278686 {#4867
              date: 2024-01-03 11:44:46.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4870 …}
            +nested: Doctrine\ORM\PersistentCollection {#4872 …}
            +votes: Doctrine\ORM\PersistentCollection {#4874 …}
            +reports: Doctrine\ORM\PersistentCollection {#4876 …}
            +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
            +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
            -id: 276086
            -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7051439"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704278686 {#4868
              date: 2024-01-03 11:44:46.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704285179 {#4935
            date: 2024-01-03 13:32:59.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4939 …}
          +nested: Doctrine\ORM\PersistentCollection {#4941 …}
          +votes: Doctrine\ORM\PersistentCollection {#4943 …}
          +reports: Doctrine\ORM\PersistentCollection {#4945 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
          -id: 276238
          -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://feditown.com/comment/207667"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704285179 {#4936
            date: 2024-01-03 13:32:59.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704285432 {#5114
          date: 2024-01-03 13:37:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@exu@feditown.com"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5117 …}
        +nested: Doctrine\ORM\PersistentCollection {#5119 …}
        +votes: Doctrine\ORM\PersistentCollection {#5121 …}
        +reports: Doctrine\ORM\PersistentCollection {#5123 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
        -id: 276248
        -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056549"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285432 {#5115
          date: 2024-01-03 13:37:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        Realistically, there is only a trivial pure *security* difference between logging in directly to root vs sudo set up to allow unrestricted NOPASS access to specific users: the attacker might not know the correct username when trying to brute force. That doesn't matter in the slightest unless you have password auth enabled with trivial passwords.\n
        \n
        But there is a difference in the ability to audit what happened after the fact if you have any kind of service storing system logs remotely or in a tamper-proof way. If there's more than one admin user on a service, that is very very important. Knowing where the compromise happened is absolutely essential to make things safe.\n
        \n
        If there's only ever going to be one administrative user (personal machine), logging in directly as root for manual administrative tasks is fine: you already know who the user is. If there's any chance there might be more administrative users later (small but growing business), you should consider doing it right from the start.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 2
      +score: 0
      +lastActive: DateTime @1704308775 {#5277
        date: 2024-01-03 20:06:15.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5281 …}
      +nested: Doctrine\ORM\PersistentCollection {#5283 …}
      +votes: Doctrine\ORM\PersistentCollection {#5285 …}
      +reports: Doctrine\ORM\PersistentCollection {#5287 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5289 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5291 …}
      -id: 277251
      -bodyTs: "'abil':64 'absolut':112 'access':24 'admin':96 'administr':127,138,158 'allow':21 'alreadi':143 'attack':29 'audit':66 'auth':52 'brute':39 'busi':164 'chanc':153 'compromis':109 'consid':167 'correct':34 'differ':9,61 'direct':13,133 'doesn':42 'enabl':53 'essenti':113 'ever':122 'fact':71 'fine':141 'forc':40 'go':123 'grow':163 'happen':68,110 'import':105 'kind':76 'know':32,106,144 'later':160 'log':11,81,131 'machin':130 'make':115 'manual':137 'matter':44 'might':30,155 'nopass':23 'one':95,126 'password':51,56 'person':129 'proof':88 'pure':7 'realist':1 'remot':82 'right':170 'root':15,135 'safe':117 'secur':8 'servic':78,100 'set':18 'slightest':47 'small':161 'specif':26 'start':173 'store':79 'sudo':17 'system':80 'tamper':87 'tamper-proof':86 'task':139 'thing':116 'tri':37 'trivial':6,55 'unless':48 'unrestrict':22 'user':27,97,128,147,159 'usernam':35 'vs':16 'way':89"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4390220"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704308775 {#5278
        date: 2024-01-03 20:06:15.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      I was aware of the login UID for auditd logging as a difference but as you say, that is only really helpful if the logs are shipped somewhere else or tampering with them is otherwise prevented for admin users. It is not quite the same but the auth.log entries sshd produces on login also contain the key fingerprint used to login these days so on a more limited scale you can at least tell who logged in when from those (or whose key but that is no different than whose account for the sudo approach).\n
      \n
      > you should consider doing it right from the start.\n
      \n
      Do you have any advice on how to use the sudo approach without having a huge slow down in every automated process that requires `ssh user@host ` calls for manual password entry? I am aware of Ansible but I am honestly very sceptical of Python tools since they tend to break easily and often from my past experiences and I would like to avoid using additional ones for critical tasks. Plus Ansible in particular seemed to be very late with their Python 3 transition, as I recall I uninstalled it when it was one of the last tools left that did not work with Python 3.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704356374 {#5421
      date: 2024-01-04 09:19:34.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
      "@chameleon@kbin.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5424 …}
    +nested: Doctrine\ORM\PersistentCollection {#5426 …}
    +votes: Doctrine\ORM\PersistentCollection {#5428 …}
    +reports: Doctrine\ORM\PersistentCollection {#5430 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5432 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5434 …}
    -id: 278987
    -bodyTs: "'3':187,210 'account':91 'addit':170 'admin':38 'advic':109 'also':54 'ansibl':141,176 'approach':95,116 'auditd':9 'auth.log':48 'autom':125 'avoid':168 'awar':3,139 'break':155 'call':132 'consid':98 'contain':55 'critic':173 'day':63 'differ':13,88 'easili':156 'els':29 'entri':49,136 'everi':124 'experi':162 'fingerprint':58 'help':22 'honest':145 'host':131 'huge':120 'key':57,83 'last':201 'late':183 'least':73 'left':203 'like':166 'limit':68 'log':10,25,76 'login':6,53,61 'manual':134 'often':158 'one':171,198 'otherwis':35 'particular':178 'password':135 'past':161 'plus':175 'prevent':36 'process':126 'produc':51 'python':149,186,209 'quit':43 'realli':21 'recal':191 'requir':128 'right':101 'say':17 'scale':69 'sceptic':147 'seem':179 'ship':27 'sinc':151 'slow':121 'somewher':28 'ssh':129 'sshd':50 'start':104 'sudo':94,115 'tamper':31 'task':174 'tell':74 'tend':153 'tool':150,202 'transit':188 'uid':7 'uninstal':193 'use':59,113,169 'user':39,130 'whose':82,90 'without':117 'work':207 'would':165"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7081849"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704356374 {#5422
      date: 2024-01-04 09:19:34.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Well, my recommendations for anything semi-automated would be Ansible and Fabric/Invoke. Fabric is also a Python tool (though it's only used on the controlling side, unlike Ansible), so if that's a no-go, I'm afraid I don't have much to offer."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704388225 {#5458
    date: 2024-01-04 18:10:25.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@chameleon@kbin.social"
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@chameleon@kbin.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5462 …}
  +nested: Doctrine\ORM\PersistentCollection {#5464 …}
  +votes: Doctrine\ORM\PersistentCollection {#5466 …}
  +reports: Doctrine\ORM\PersistentCollection {#5468 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5470 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5472 …}
  -id: 280049
  -bodyTs: "'afraid':41 'also':16 'ansibl':11,30 'anyth':5 'autom':8 'control':27 'fabric':14 'fabric/invoke':13 'go':38 'm':40 'much':46 'no-go':36 'offer':48 'python':18 'recommend':3 'semi':7 'semi-autom':6 'side':28 'though':20 'tool':19 'unlik':29 'use':24 'well':1 'would':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4404919"
  +editedAt: DateTimeImmutable @1711630408 {#5459
    date: 2024-03-28 13:53:28.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704388225 {#5460
    date: 2024-01-04 18:10:25.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5461
  +user: Proxies\__CG__\App\Entity\User {#5280 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5423
    +user: App\Entity\User {#4753 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5279
      +user: Proxies\__CG__\App\Entity\User {#5280 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#5116
        +user: App\Entity\User {#4753 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4937
          +user: Proxies\__CG__\App\Entity\User {#4938 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: App\Entity\EntryComment {#4869
            +user: App\Entity\User {#4753 …}
            +entry: App\Entity\Entry {#2400}
            +magazine: App\Entity\Magazine {#265}
            +image: null
            +parent: App\Entity\EntryComment {#4035
              +user: App\Entity\User {#3983 …}
              +entry: App\Entity\Entry {#2400}
              +magazine: App\Entity\Magazine {#265}
              +image: null
              +parent: null
              +root: null
              +body: """
                As a general best practice, you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features offered by your desktop environment. You should be wary of even having an interactive root shell open; usually I would only do so on a VM console, when first setting up a system or debugging it.\n
                \n
                By doing this, you not only guard against other people compromising your system, but also against accidentally running commands as root that could damage your system. It’s always best to only run things with the minimum permissions they need, and then only grant them additional permissions on an as-needed basis.
                """
              +lang: "en"
              +isAdult: false
              +favouriteCount: 13
              +score: 0
              +lastActive: DateTime @1711630376 {#3949
                date: 2024-03-28 13:52:56.0 +01:00
              }
              +ip: null
              +tags: null
              +mentions: [
                "@HiddenLayer5@lemmy.ml"
              ]
              +children: Doctrine\ORM\PersistentCollection {#4033 …}
              +nested: Doctrine\ORM\PersistentCollection {#4031 …}
              +votes: Doctrine\ORM\PersistentCollection {#4029 …}
              +reports: Doctrine\ORM\PersistentCollection {#4027 …}
              +favourites: Doctrine\ORM\PersistentCollection {#3995 …}
              +notifications: Doctrine\ORM\PersistentCollection {#3999 …}
              -id: 276053
              -bodyTs: "'accident':105 'addit':134 'allow':24 'also':103 'alway':33,117 'as-need':138 'basi':141 'best':4,118 'command':45,107 'compromis':99 'configur':21 'connect':26 'consol':79 'could':111 'damag':112 'debug':87 'desktop':56 'direct':9 'environ':57 'even':63 'featur':52 'first':81 'general':3 'grant':132 'guard':95 'interact':66 'log':34 'login':10 'minimum':125 'need':128,140 'never':8 'non':39 'non-root':38 'offer':53 'open':69 'peopl':98 'permiss':126,135 'practic':5 'remot':25 'root':12,29,40,47,67,109 'run':44,106,121 'server':15,18 'set':82 'shell':68 'similar':51 'sudo':49 'system':85,101,114 'thing':122 'use':48 'user':30,41 'usual':70 'vm':78 'wari':61 'would':72"
              +ranking: 0
              +commentCount: 0
              +upVotes: 0
              +downVotes: 0
              +visibility: "visible             "
              +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4384060"
              +editedAt: null
              +createdAt: DateTimeImmutable @1704277159 {#3985
                date: 2024-01-03 11:19:19.0 +01:00
              }
            }
            +root: App\Entity\EntryComment {#4035}
            +body: """
              > you should never directly login as root on any server, and those servers should be configured to not allow remote connections as the root user. You should always log in as a non-root user and only run commands as root using sudo or similar features\n
              \n
              That is commonly recommended but I have yet to see a good solution for sudo authentication in this case that works as well as public key only SSH logins with a passphrase encrypted key and ssh-agent on the client-side. With sudo you constantly have to use passwords anyway which is pretty much unworkable if you work on dozens of servers.
              """
            +lang: "en"
            +isAdult: false
            +favouriteCount: 1
            +score: 0
            +lastActive: DateTime @1704278686 {#4867
              date: 2024-01-03 11:44:46.0 +01:00
            }
            +ip: null
            +tags: null
            +mentions: [
              "@HiddenLayer5@lemmy.ml"
              "@arjache@kbin.social"
            ]
            +children: Doctrine\ORM\PersistentCollection {#4870 …}
            +nested: Doctrine\ORM\PersistentCollection {#4872 …}
            +votes: Doctrine\ORM\PersistentCollection {#4874 …}
            +reports: Doctrine\ORM\PersistentCollection {#4876 …}
            +favourites: Doctrine\ORM\PersistentCollection {#4878 …}
            +notifications: Doctrine\ORM\PersistentCollection {#4880 …}
            -id: 276086
            -bodyTs: "'agent':85 'allow':19 'alway':28 'anyway':99 'authent':63 'case':66 'client':89 'client-sid':88 'command':40 'common':50 'configur':16 'connect':21 'constant':94 'direct':4 'dozen':109 'encrypt':80 'featur':47 'good':59 'key':73,81 'log':29 'login':5,76 'much':103 'never':3 'non':34 'non-root':33 'passphras':79 'password':98 'pretti':102 'public':72 'recommend':51 'remot':20 'root':7,24,35,42 'run':39 'see':57 'server':10,13,111 'side':90 'similar':46 'solut':60 'ssh':75,84 'ssh-agent':83 'sudo':44,62,92 'unwork':104 'use':43,97 'user':25,36 'well':70 'work':68,107 'yet':55"
            +ranking: 0
            +commentCount: 0
            +upVotes: 0
            +downVotes: 0
            +visibility: "visible             "
            +apId: "https://sh.itjust.works/comment/7051439"
            +editedAt: null
            +createdAt: DateTimeImmutable @1704278686 {#4868
              date: 2024-01-03 11:44:46.0 +01:00
            }
          }
          +root: App\Entity\EntryComment {#4035}
          +body: "You could implement NOPASS for the specific commands you need for a service user. Still better than just using root."
          +lang: "en"
          +isAdult: false
          +favouriteCount: 3
          +score: 0
          +lastActive: DateTime @1704285179 {#4935
            date: 2024-01-03 13:32:59.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@arjache@kbin.social"
            "@taladar@sh.itjust.works"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4939 …}
          +nested: Doctrine\ORM\PersistentCollection {#4941 …}
          +votes: Doctrine\ORM\PersistentCollection {#4943 …}
          +reports: Doctrine\ORM\PersistentCollection {#4945 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4947 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4949 …}
          -id: 276238
          -bodyTs: "'better':16 'command':8 'could':2 'implement':3 'need':10 'nopass':4 'root':20 'servic':13 'specif':7 'still':15 'use':19 'user':14"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://feditown.com/comment/207667"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704285179 {#4936
            date: 2024-01-03 13:32:59.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4035}
        +body: "In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1704285432 {#5114
          date: 2024-01-03 13:37:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@arjache@kbin.social"
          "@taladar@sh.itjust.works"
          "@exu@feditown.com"
        ]
        +children: Doctrine\ORM\PersistentCollection {#5117 …}
        +nested: Doctrine\ORM\PersistentCollection {#5119 …}
        +votes: Doctrine\ORM\PersistentCollection {#5121 …}
        +reports: Doctrine\ORM\PersistentCollection {#5123 …}
        +favourites: Doctrine\ORM\PersistentCollection {#5125 …}
        +notifications: Doctrine\ORM\PersistentCollection {#5127 …}
        -id: 276248
        -bodyTs: "'access':15 'account':19 'allow':12 'anyon':13 'command':23 'regular':18 'run':21 'secur':8 'time':26 'way':3 'would':4,10"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sh.itjust.works/comment/7056549"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285432 {#5115
          date: 2024-01-03 13:37:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4035}
      +body: """
        Realistically, there is only a trivial pure *security* difference between logging in directly to root vs sudo set up to allow unrestricted NOPASS access to specific users: the attacker might not know the correct username when trying to brute force. That doesn't matter in the slightest unless you have password auth enabled with trivial passwords.\n
        \n
        But there is a difference in the ability to audit what happened after the fact if you have any kind of service storing system logs remotely or in a tamper-proof way. If there's more than one admin user on a service, that is very very important. Knowing where the compromise happened is absolutely essential to make things safe.\n
        \n
        If there's only ever going to be one administrative user (personal machine), logging in directly as root for manual administrative tasks is fine: you already know who the user is. If there's any chance there might be more administrative users later (small but growing business), you should consider doing it right from the start.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 2
      +score: 0
      +lastActive: DateTime @1704308775 {#5277
        date: 2024-01-03 20:06:15.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@arjache@kbin.social"
        "@taladar@sh.itjust.works"
        "@exu@feditown.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5281 …}
      +nested: Doctrine\ORM\PersistentCollection {#5283 …}
      +votes: Doctrine\ORM\PersistentCollection {#5285 …}
      +reports: Doctrine\ORM\PersistentCollection {#5287 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5289 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5291 …}
      -id: 277251
      -bodyTs: "'abil':64 'absolut':112 'access':24 'admin':96 'administr':127,138,158 'allow':21 'alreadi':143 'attack':29 'audit':66 'auth':52 'brute':39 'busi':164 'chanc':153 'compromis':109 'consid':167 'correct':34 'differ':9,61 'direct':13,133 'doesn':42 'enabl':53 'essenti':113 'ever':122 'fact':71 'fine':141 'forc':40 'go':123 'grow':163 'happen':68,110 'import':105 'kind':76 'know':32,106,144 'later':160 'log':11,81,131 'machin':130 'make':115 'manual':137 'matter':44 'might':30,155 'nopass':23 'one':95,126 'password':51,56 'person':129 'proof':88 'pure':7 'realist':1 'remot':82 'right':170 'root':15,135 'safe':117 'secur':8 'servic':78,100 'set':18 'slightest':47 'small':161 'specif':26 'start':173 'store':79 'sudo':17 'system':80 'tamper':87 'tamper-proof':86 'task':139 'thing':116 'tri':37 'trivial':6,55 'unless':48 'unrestrict':22 'user':27,97,128,147,159 'usernam':35 'vs':16 'way':89"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4390220"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704308775 {#5278
        date: 2024-01-03 20:06:15.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4035}
    +body: """
      I was aware of the login UID for auditd logging as a difference but as you say, that is only really helpful if the logs are shipped somewhere else or tampering with them is otherwise prevented for admin users. It is not quite the same but the auth.log entries sshd produces on login also contain the key fingerprint used to login these days so on a more limited scale you can at least tell who logged in when from those (or whose key but that is no different than whose account for the sudo approach).\n
      \n
      > you should consider doing it right from the start.\n
      \n
      Do you have any advice on how to use the sudo approach without having a huge slow down in every automated process that requires `ssh user@host ` calls for manual password entry? I am aware of Ansible but I am honestly very sceptical of Python tools since they tend to break easily and often from my past experiences and I would like to avoid using additional ones for critical tasks. Plus Ansible in particular seemed to be very late with their Python 3 transition, as I recall I uninstalled it when it was one of the last tools left that did not work with Python 3.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704356374 {#5421
      date: 2024-01-04 09:19:34.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@arjache@kbin.social"
      "@taladar@sh.itjust.works"
      "@exu@feditown.com"
      "@chameleon@kbin.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5424 …}
    +nested: Doctrine\ORM\PersistentCollection {#5426 …}
    +votes: Doctrine\ORM\PersistentCollection {#5428 …}
    +reports: Doctrine\ORM\PersistentCollection {#5430 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5432 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5434 …}
    -id: 278987
    -bodyTs: "'3':187,210 'account':91 'addit':170 'admin':38 'advic':109 'also':54 'ansibl':141,176 'approach':95,116 'auditd':9 'auth.log':48 'autom':125 'avoid':168 'awar':3,139 'break':155 'call':132 'consid':98 'contain':55 'critic':173 'day':63 'differ':13,88 'easili':156 'els':29 'entri':49,136 'everi':124 'experi':162 'fingerprint':58 'help':22 'honest':145 'host':131 'huge':120 'key':57,83 'last':201 'late':183 'least':73 'left':203 'like':166 'limit':68 'log':10,25,76 'login':6,53,61 'manual':134 'often':158 'one':171,198 'otherwis':35 'particular':178 'password':135 'past':161 'plus':175 'prevent':36 'process':126 'produc':51 'python':149,186,209 'quit':43 'realli':21 'recal':191 'requir':128 'right':101 'say':17 'scale':69 'sceptic':147 'seem':179 'ship':27 'sinc':151 'slow':121 'somewher':28 'ssh':129 'sshd':50 'start':104 'sudo':94,115 'tamper':31 'task':174 'tell':74 'tend':153 'tool':150,202 'transit':188 'uid':7 'uninstal':193 'use':59,113,169 'user':39,130 'whose':82,90 'without':117 'work':207 'would':165"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sh.itjust.works/comment/7081849"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704356374 {#5422
      date: 2024-01-04 09:19:34.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4035}
  +body: "Well, my recommendations for anything semi-automated would be Ansible and Fabric/Invoke. Fabric is also a Python tool (though it's only used on the controlling side, unlike Ansible), so if that's a no-go, I'm afraid I don't have much to offer."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704388225 {#5458
    date: 2024-01-04 18:10:25.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@chameleon@kbin.social"
    "@HiddenLayer5@lemmy.ml"
    "@arjache@kbin.social"
    "@taladar@sh.itjust.works"
    "@exu@feditown.com"
    "@chameleon@kbin.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5462 …}
  +nested: Doctrine\ORM\PersistentCollection {#5464 …}
  +votes: Doctrine\ORM\PersistentCollection {#5466 …}
  +reports: Doctrine\ORM\PersistentCollection {#5468 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5470 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5472 …}
  -id: 280049
  -bodyTs: "'afraid':41 'also':16 'ansibl':11,30 'anyth':5 'autom':8 'control':27 'fabric':14 'fabric/invoke':13 'go':38 'm':40 'much':46 'no-go':36 'offer':48 'python':18 'recommend':3 'semi':7 'semi-autom':6 'side':28 'though':20 'tool':19 'unlik':29 'use':24 'well':1 'would':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://kbin.social/m/linux@lemmy.ml/t/737763/-/comment/4404919"
  +editedAt: DateTimeImmutable @1711630408 {#5459
    date: 2024-03-28 13:53:28.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704388225 {#5460
    date: 2024-01-04 18:10:25.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4073
  +user: App\Entity\User {#4056 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    On a typical home user desktop linux setup, there’s virtually no difference between your regular user and root.\n
    \n
    Access to your data, emails, passwords, installing software (in /home), access to LAN and so on are already possible without root permissions, so there really is not a whole lot that an attacker cannot do even without root.\n
    \n
    And then, if you use sudo or su (or whatever) to switch to root with a password, escalating to root privileges is basically trivial for an attacker. An attacker can divert your PATH to compromised binaries. They could just replace “sudo” with their own little script that steals your password.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704276999 {#4080
    date: 2024-01-03 11:16:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4066 …}
  +nested: Doctrine\ORM\PersistentCollection {#4069 …}
  +votes: Doctrine\ORM\PersistentCollection {#4067 …}
  +reports: Doctrine\ORM\PersistentCollection {#4065 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4062 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4058 …}
  -id: 276047
  -bodyTs: "'/home':29 'access':20,30 'alreadi':37 'attack':52,84,86 'basic':80 'binari':93 'cannot':53 'compromis':92 'could':95 'data':23 'desktop':6 'differ':13 'divert':88 'email':24 'escal':75 'even':55 'home':4 'instal':26 'lan':32 'linux':7 'littl':102 'lot':49 'password':25,74,107 'path':90 'permiss':41 'possibl':38 'privileg':78 'realli':44 'regular':16 'replac':97 'root':19,40,57,71,77 'script':103 'setup':8 'softwar':27 'steal':105 'su':65 'sudo':63,98 'switch':69 'trivial':81 'typic':3 'use':62 'user':5,17 'virtual':11 'whatev':67 'whole':48 'without':39,56"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7038752"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704276999 {#4072
    date: 2024-01-03 11:16:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4073
  +user: App\Entity\User {#4056 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    On a typical home user desktop linux setup, there’s virtually no difference between your regular user and root.\n
    \n
    Access to your data, emails, passwords, installing software (in /home), access to LAN and so on are already possible without root permissions, so there really is not a whole lot that an attacker cannot do even without root.\n
    \n
    And then, if you use sudo or su (or whatever) to switch to root with a password, escalating to root privileges is basically trivial for an attacker. An attacker can divert your PATH to compromised binaries. They could just replace “sudo” with their own little script that steals your password.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704276999 {#4080
    date: 2024-01-03 11:16:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4066 …}
  +nested: Doctrine\ORM\PersistentCollection {#4069 …}
  +votes: Doctrine\ORM\PersistentCollection {#4067 …}
  +reports: Doctrine\ORM\PersistentCollection {#4065 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4062 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4058 …}
  -id: 276047
  -bodyTs: "'/home':29 'access':20,30 'alreadi':37 'attack':52,84,86 'basic':80 'binari':93 'cannot':53 'compromis':92 'could':95 'data':23 'desktop':6 'differ':13 'divert':88 'email':24 'escal':75 'even':55 'home':4 'instal':26 'lan':32 'linux':7 'littl':102 'lot':49 'password':25,74,107 'path':90 'permiss':41 'possibl':38 'privileg':78 'realli':44 'regular':16 'replac':97 'root':19,40,57,71,77 'script':103 'setup':8 'softwar':27 'steal':105 'su':65 'sudo':63,98 'switch':69 'trivial':81 'typic':3 'use':62 'user':5,17 'virtual':11 'whatev':67 'whole':48 'without':39,56"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7038752"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704276999 {#4072
    date: 2024-01-03 11:16:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4073
  +user: App\Entity\User {#4056 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    On a typical home user desktop linux setup, there’s virtually no difference between your regular user and root.\n
    \n
    Access to your data, emails, passwords, installing software (in /home), access to LAN and so on are already possible without root permissions, so there really is not a whole lot that an attacker cannot do even without root.\n
    \n
    And then, if you use sudo or su (or whatever) to switch to root with a password, escalating to root privileges is basically trivial for an attacker. An attacker can divert your PATH to compromised binaries. They could just replace “sudo” with their own little script that steals your password.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704276999 {#4080
    date: 2024-01-03 11:16:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4066 …}
  +nested: Doctrine\ORM\PersistentCollection {#4069 …}
  +votes: Doctrine\ORM\PersistentCollection {#4067 …}
  +reports: Doctrine\ORM\PersistentCollection {#4065 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4062 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4058 …}
  -id: 276047
  -bodyTs: "'/home':29 'access':20,30 'alreadi':37 'attack':52,84,86 'basic':80 'binari':93 'cannot':53 'compromis':92 'could':95 'data':23 'desktop':6 'differ':13 'divert':88 'email':24 'escal':75 'even':55 'home':4 'instal':26 'lan':32 'linux':7 'littl':102 'lot':49 'password':25,74,107 'path':90 'permiss':41 'possibl':38 'privileg':78 'realli':44 'regular':16 'replac':97 'root':19,40,57,71,77 'script':103 'setup':8 'softwar':27 'steal':105 'su':65 'sudo':63,98 'switch':69 'trivial':81 'typic':3 'use':62 'user':5,17 'virtual':11 'whatev':67 'whole':48 'without':39,56"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7038752"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704276999 {#4072
    date: 2024-01-03 11:16:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4151
  +user: App\Entity\User {#4164 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    Yes. Running anything as root is potentially dangerous. And a browser is a complex and big piece of software with many security issues that can be (potentially) triggered remotely. So it’s bad because of two reasons.\n
    \n
    Btw a desktop environment also is a complex and big piece of software with potential issues. Running the whole desktop as root is another thing you wouldn’t do for extra security.\n
    \n
    The proper way is to just create a user account and run the desktop and browser as a user. Open a terminal and ‘su’ or ‘sudo’ to limit root rights to the operations that actually need those permissions.\n
    \n
    Just running everything as root certainly works. But you do away with all the extra layers of security and end up with something as secure as MS-DOS or a Windows in the 90s or early 2000s.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704276769 {#4145
    date: 2024-01-03 11:12:49.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4152 …}
  +nested: Doctrine\ORM\PersistentCollection {#4154 …}
  +votes: Doctrine\ORM\PersistentCollection {#4156 …}
  +reports: Doctrine\ORM\PersistentCollection {#4158 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4160 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4162 …}
  -id: 287121
  -bodyTs: "'2000s':145 '90s':142 'account':79 'actual':104 'also':42 'anoth':61 'anyth':3 'away':118 'bad':33 'big':16,47 'browser':11,85 'btw':38 'certain':113 'complex':14,45 'creat':76 'danger':8 'desktop':40,57,83 'dos':136 'earli':144 'end':127 'environ':41 'everyth':110 'extra':68,122 'issu':23,53 'layer':123 'limit':97 'mani':21 'ms':135 'ms-dos':134 'need':105 'open':89 'oper':102 'permiss':107 'piec':17,48 'potenti':7,27,52 'proper':71 'reason':37 'remot':29 'right':99 'root':5,59,98,112 'run':2,54,81,109 'secur':22,69,125,132 'softwar':19,50 'someth':130 'su':93 'sudo':95 'termin':91 'thing':62 'trigger':28 'two':36 'user':78,88 'way':72 'whole':56 'window':139 'work':114 'wouldn':64 'yes':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://discuss.tchncs.de/comment/6096233"
  +editedAt: DateTimeImmutable @1712572070 {#4146
    date: 2024-04-08 12:27:50.0 +02:00
  }
  +createdAt: DateTimeImmutable @1704276769 {#4147
    date: 2024-01-03 11:12:49.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4151
  +user: App\Entity\User {#4164 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    Yes. Running anything as root is potentially dangerous. And a browser is a complex and big piece of software with many security issues that can be (potentially) triggered remotely. So it’s bad because of two reasons.\n
    \n
    Btw a desktop environment also is a complex and big piece of software with potential issues. Running the whole desktop as root is another thing you wouldn’t do for extra security.\n
    \n
    The proper way is to just create a user account and run the desktop and browser as a user. Open a terminal and ‘su’ or ‘sudo’ to limit root rights to the operations that actually need those permissions.\n
    \n
    Just running everything as root certainly works. But you do away with all the extra layers of security and end up with something as secure as MS-DOS or a Windows in the 90s or early 2000s.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704276769 {#4145
    date: 2024-01-03 11:12:49.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4152 …}
  +nested: Doctrine\ORM\PersistentCollection {#4154 …}
  +votes: Doctrine\ORM\PersistentCollection {#4156 …}
  +reports: Doctrine\ORM\PersistentCollection {#4158 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4160 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4162 …}
  -id: 287121
  -bodyTs: "'2000s':145 '90s':142 'account':79 'actual':104 'also':42 'anoth':61 'anyth':3 'away':118 'bad':33 'big':16,47 'browser':11,85 'btw':38 'certain':113 'complex':14,45 'creat':76 'danger':8 'desktop':40,57,83 'dos':136 'earli':144 'end':127 'environ':41 'everyth':110 'extra':68,122 'issu':23,53 'layer':123 'limit':97 'mani':21 'ms':135 'ms-dos':134 'need':105 'open':89 'oper':102 'permiss':107 'piec':17,48 'potenti':7,27,52 'proper':71 'reason':37 'remot':29 'right':99 'root':5,59,98,112 'run':2,54,81,109 'secur':22,69,125,132 'softwar':19,50 'someth':130 'su':93 'sudo':95 'termin':91 'thing':62 'trigger':28 'two':36 'user':78,88 'way':72 'whole':56 'window':139 'work':114 'wouldn':64 'yes':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://discuss.tchncs.de/comment/6096233"
  +editedAt: DateTimeImmutable @1712572070 {#4146
    date: 2024-04-08 12:27:50.0 +02:00
  }
  +createdAt: DateTimeImmutable @1704276769 {#4147
    date: 2024-01-03 11:12:49.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4151
  +user: App\Entity\User {#4164 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    Yes. Running anything as root is potentially dangerous. And a browser is a complex and big piece of software with many security issues that can be (potentially) triggered remotely. So it’s bad because of two reasons.\n
    \n
    Btw a desktop environment also is a complex and big piece of software with potential issues. Running the whole desktop as root is another thing you wouldn’t do for extra security.\n
    \n
    The proper way is to just create a user account and run the desktop and browser as a user. Open a terminal and ‘su’ or ‘sudo’ to limit root rights to the operations that actually need those permissions.\n
    \n
    Just running everything as root certainly works. But you do away with all the extra layers of security and end up with something as secure as MS-DOS or a Windows in the 90s or early 2000s.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704276769 {#4145
    date: 2024-01-03 11:12:49.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4152 …}
  +nested: Doctrine\ORM\PersistentCollection {#4154 …}
  +votes: Doctrine\ORM\PersistentCollection {#4156 …}
  +reports: Doctrine\ORM\PersistentCollection {#4158 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4160 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4162 …}
  -id: 287121
  -bodyTs: "'2000s':145 '90s':142 'account':79 'actual':104 'also':42 'anoth':61 'anyth':3 'away':118 'bad':33 'big':16,47 'browser':11,85 'btw':38 'certain':113 'complex':14,45 'creat':76 'danger':8 'desktop':40,57,83 'dos':136 'earli':144 'end':127 'environ':41 'everyth':110 'extra':68,122 'issu':23,53 'layer':123 'limit':97 'mani':21 'ms':135 'ms-dos':134 'need':105 'open':89 'oper':102 'permiss':107 'piec':17,48 'potenti':7,27,52 'proper':71 'reason':37 'remot':29 'right':99 'root':5,59,98,112 'run':2,54,81,109 'secur':22,69,125,132 'softwar':19,50 'someth':130 'su':93 'sudo':95 'termin':91 'thing':62 'trigger':28 'two':36 'user':78,88 'way':72 'whole':56 'window':139 'work':114 'wouldn':64 'yes':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://discuss.tchncs.de/comment/6096233"
  +editedAt: DateTimeImmutable @1712572070 {#4146
    date: 2024-04-08 12:27:50.0 +02:00
  }
  +createdAt: DateTimeImmutable @1704276769 {#4147
    date: 2024-01-03 11:12:49.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4225
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
    \n
    You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
    \n
    It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
    \n
    If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
    \n
    As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 23
  +score: 0
  +lastActive: DateTime @1711286285 {#4219
    date: 2024-03-24 14:18:05.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4226 …}
  +nested: Doctrine\ORM\PersistentCollection {#4228 …}
  +votes: Doctrine\ORM\PersistentCollection {#4230 …}
  +reports: Doctrine\ORM\PersistentCollection {#4232 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
  -id: 276034
  -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5047325"
  +editedAt: DateTimeImmutable @1711178131 {#4220
    date: 2024-03-23 08:15:31.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704276432 {#4221
    date: 2024-01-03 11:07:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4225
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
    \n
    You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
    \n
    It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
    \n
    If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
    \n
    As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 23
  +score: 0
  +lastActive: DateTime @1711286285 {#4219
    date: 2024-03-24 14:18:05.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4226 …}
  +nested: Doctrine\ORM\PersistentCollection {#4228 …}
  +votes: Doctrine\ORM\PersistentCollection {#4230 …}
  +reports: Doctrine\ORM\PersistentCollection {#4232 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
  -id: 276034
  -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5047325"
  +editedAt: DateTimeImmutable @1711178131 {#4220
    date: 2024-03-23 08:15:31.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704276432 {#4221
    date: 2024-01-03 11:07:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4225
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
    \n
    You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
    \n
    It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
    \n
    If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
    \n
    As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 23
  +score: 0
  +lastActive: DateTime @1711286285 {#4219
    date: 2024-03-24 14:18:05.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4226 …}
  +nested: Doctrine\ORM\PersistentCollection {#4228 …}
  +votes: Doctrine\ORM\PersistentCollection {#4230 …}
  +reports: Doctrine\ORM\PersistentCollection {#4232 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
  -id: 276034
  -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5047325"
  +editedAt: DateTimeImmutable @1711178131 {#4220
    date: 2024-03-23 08:15:31.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704276432 {#4221
    date: 2024-01-03 11:07:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4854
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4225
    +user: App\Entity\User {#4238 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
      \n
      You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
      \n
      It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
      \n
      If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
      \n
      As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 23
    +score: 0
    +lastActive: DateTime @1711286285 {#4219
      date: 2024-03-24 14:18:05.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4226 …}
    +nested: Doctrine\ORM\PersistentCollection {#4228 …}
    +votes: Doctrine\ORM\PersistentCollection {#4230 …}
    +reports: Doctrine\ORM\PersistentCollection {#4232 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
    -id: 276034
    -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://pawb.social/comment/5047325"
    +editedAt: DateTimeImmutable @1711178131 {#4220
      date: 2024-03-23 08:15:31.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704276432 {#4221
      date: 2024-01-03 11:07:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
    \n
    I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
    \n
    Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
    \n
    I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704285301 {#4851
    date: 2024-01-03 13:35:01.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4855 …}
  +nested: Doctrine\ORM\PersistentCollection {#4857 …}
  +votes: Doctrine\ORM\PersistentCollection {#4859 …}
  +reports: Doctrine\ORM\PersistentCollection {#4861 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
  -id: 276244
  -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042465"
  +editedAt: DateTimeImmutable @1711208197 {#4852
    date: 2024-03-23 16:36:37.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704285301 {#4853
    date: 2024-01-03 13:35:01.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4854
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4225
    +user: App\Entity\User {#4238 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
      \n
      You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
      \n
      It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
      \n
      If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
      \n
      As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 23
    +score: 0
    +lastActive: DateTime @1711286285 {#4219
      date: 2024-03-24 14:18:05.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4226 …}
    +nested: Doctrine\ORM\PersistentCollection {#4228 …}
    +votes: Doctrine\ORM\PersistentCollection {#4230 …}
    +reports: Doctrine\ORM\PersistentCollection {#4232 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
    -id: 276034
    -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://pawb.social/comment/5047325"
    +editedAt: DateTimeImmutable @1711178131 {#4220
      date: 2024-03-23 08:15:31.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704276432 {#4221
      date: 2024-01-03 11:07:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
    \n
    I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
    \n
    Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
    \n
    I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704285301 {#4851
    date: 2024-01-03 13:35:01.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4855 …}
  +nested: Doctrine\ORM\PersistentCollection {#4857 …}
  +votes: Doctrine\ORM\PersistentCollection {#4859 …}
  +reports: Doctrine\ORM\PersistentCollection {#4861 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
  -id: 276244
  -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042465"
  +editedAt: DateTimeImmutable @1711208197 {#4852
    date: 2024-03-23 16:36:37.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704285301 {#4853
    date: 2024-01-03 13:35:01.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4854
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4225
    +user: App\Entity\User {#4238 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
      \n
      You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
      \n
      It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
      \n
      If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
      \n
      As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 23
    +score: 0
    +lastActive: DateTime @1711286285 {#4219
      date: 2024-03-24 14:18:05.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4226 …}
    +nested: Doctrine\ORM\PersistentCollection {#4228 …}
    +votes: Doctrine\ORM\PersistentCollection {#4230 …}
    +reports: Doctrine\ORM\PersistentCollection {#4232 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
    -id: 276034
    -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://pawb.social/comment/5047325"
    +editedAt: DateTimeImmutable @1711178131 {#4220
      date: 2024-03-23 08:15:31.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704276432 {#4221
      date: 2024-01-03 11:07:12.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
    \n
    I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
    \n
    Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
    \n
    I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704285301 {#4851
    date: 2024-01-03 13:35:01.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4855 …}
  +nested: Doctrine\ORM\PersistentCollection {#4857 …}
  +votes: Doctrine\ORM\PersistentCollection {#4859 …}
  +reports: Doctrine\ORM\PersistentCollection {#4861 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
  -id: 276244
  -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042465"
  +editedAt: DateTimeImmutable @1711208197 {#4852
    date: 2024-03-23 16:36:37.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704285301 {#4853
    date: 2024-01-03 13:35:01.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5030
  +user: Proxies\__CG__\App\Entity\User {#5031 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4854
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4225
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
        \n
        You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
        \n
        It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
        \n
        If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
        \n
        As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 23
      +score: 0
      +lastActive: DateTime @1711286285 {#4219
        date: 2024-03-24 14:18:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4226 …}
      +nested: Doctrine\ORM\PersistentCollection {#4228 …}
      +votes: Doctrine\ORM\PersistentCollection {#4230 …}
      +reports: Doctrine\ORM\PersistentCollection {#4232 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
      -id: 276034
      -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5047325"
      +editedAt: DateTimeImmutable @1711178131 {#4220
        date: 2024-03-23 08:15:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704276432 {#4221
        date: 2024-01-03 11:07:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
      \n
      I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
      \n
      Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
      \n
      I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704285301 {#4851
      date: 2024-01-03 13:35:01.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4855 …}
    +nested: Doctrine\ORM\PersistentCollection {#4857 …}
    +votes: Doctrine\ORM\PersistentCollection {#4859 …}
    +reports: Doctrine\ORM\PersistentCollection {#4861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
    -id: 276244
    -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042465"
    +editedAt: DateTimeImmutable @1711208197 {#4852
      date: 2024-03-23 16:36:37.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285301 {#4853
      date: 2024-01-03 13:35:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    I’d go for remoting in as not root as the first (and maybe only) step for better security.\n
    \n
    From there, running the services in VMs would probably be the next step. Docker might be better, but I have gotten into that yet myself.\n
    \n
    As for hypervisor, KVM has worked great for me.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704286228 {#5028
    date: 2024-01-03 13:50:28.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5032 …}
  +nested: Doctrine\ORM\PersistentCollection {#5034 …}
  +votes: Doctrine\ORM\PersistentCollection {#5036 …}
  +reports: Doctrine\ORM\PersistentCollection {#5038 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5040 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5042 …}
  -id: 276267
  -bodyTs: "'better':18,36 'd':2 'docker':33 'first':12 'go':3 'gotten':40 'great':51 'hypervisor':47 'kvm':48 'mayb':14 'might':34 'next':31 'probabl':28 'remot':5 'root':9 'run':22 'secur':19 'servic':24 'step':16,32 'vms':26 'work':50 'would':27 'yet':43"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://beehaw.org/comment/1941821"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704286228 {#5029
    date: 2024-01-03 13:50:28.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5030
  +user: Proxies\__CG__\App\Entity\User {#5031 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4854
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4225
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
        \n
        You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
        \n
        It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
        \n
        If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
        \n
        As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 23
      +score: 0
      +lastActive: DateTime @1711286285 {#4219
        date: 2024-03-24 14:18:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4226 …}
      +nested: Doctrine\ORM\PersistentCollection {#4228 …}
      +votes: Doctrine\ORM\PersistentCollection {#4230 …}
      +reports: Doctrine\ORM\PersistentCollection {#4232 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
      -id: 276034
      -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5047325"
      +editedAt: DateTimeImmutable @1711178131 {#4220
        date: 2024-03-23 08:15:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704276432 {#4221
        date: 2024-01-03 11:07:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
      \n
      I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
      \n
      Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
      \n
      I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704285301 {#4851
      date: 2024-01-03 13:35:01.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4855 …}
    +nested: Doctrine\ORM\PersistentCollection {#4857 …}
    +votes: Doctrine\ORM\PersistentCollection {#4859 …}
    +reports: Doctrine\ORM\PersistentCollection {#4861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
    -id: 276244
    -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042465"
    +editedAt: DateTimeImmutable @1711208197 {#4852
      date: 2024-03-23 16:36:37.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285301 {#4853
      date: 2024-01-03 13:35:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    I’d go for remoting in as not root as the first (and maybe only) step for better security.\n
    \n
    From there, running the services in VMs would probably be the next step. Docker might be better, but I have gotten into that yet myself.\n
    \n
    As for hypervisor, KVM has worked great for me.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704286228 {#5028
    date: 2024-01-03 13:50:28.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5032 …}
  +nested: Doctrine\ORM\PersistentCollection {#5034 …}
  +votes: Doctrine\ORM\PersistentCollection {#5036 …}
  +reports: Doctrine\ORM\PersistentCollection {#5038 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5040 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5042 …}
  -id: 276267
  -bodyTs: "'better':18,36 'd':2 'docker':33 'first':12 'go':3 'gotten':40 'great':51 'hypervisor':47 'kvm':48 'mayb':14 'might':34 'next':31 'probabl':28 'remot':5 'root':9 'run':22 'secur':19 'servic':24 'step':16,32 'vms':26 'work':50 'would':27 'yet':43"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://beehaw.org/comment/1941821"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704286228 {#5029
    date: 2024-01-03 13:50:28.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5030
  +user: Proxies\__CG__\App\Entity\User {#5031 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4854
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4225
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
        \n
        You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
        \n
        It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
        \n
        If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
        \n
        As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 23
      +score: 0
      +lastActive: DateTime @1711286285 {#4219
        date: 2024-03-24 14:18:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4226 …}
      +nested: Doctrine\ORM\PersistentCollection {#4228 …}
      +votes: Doctrine\ORM\PersistentCollection {#4230 …}
      +reports: Doctrine\ORM\PersistentCollection {#4232 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
      -id: 276034
      -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5047325"
      +editedAt: DateTimeImmutable @1711178131 {#4220
        date: 2024-03-23 08:15:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704276432 {#4221
        date: 2024-01-03 11:07:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
      \n
      I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
      \n
      Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
      \n
      I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704285301 {#4851
      date: 2024-01-03 13:35:01.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4855 …}
    +nested: Doctrine\ORM\PersistentCollection {#4857 …}
    +votes: Doctrine\ORM\PersistentCollection {#4859 …}
    +reports: Doctrine\ORM\PersistentCollection {#4861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
    -id: 276244
    -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042465"
    +editedAt: DateTimeImmutable @1711208197 {#4852
      date: 2024-03-23 16:36:37.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285301 {#4853
      date: 2024-01-03 13:35:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    I’d go for remoting in as not root as the first (and maybe only) step for better security.\n
    \n
    From there, running the services in VMs would probably be the next step. Docker might be better, but I have gotten into that yet myself.\n
    \n
    As for hypervisor, KVM has worked great for me.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704286228 {#5028
    date: 2024-01-03 13:50:28.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5032 …}
  +nested: Doctrine\ORM\PersistentCollection {#5034 …}
  +votes: Doctrine\ORM\PersistentCollection {#5036 …}
  +reports: Doctrine\ORM\PersistentCollection {#5038 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5040 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5042 …}
  -id: 276267
  -bodyTs: "'better':18,36 'd':2 'docker':33 'first':12 'go':3 'gotten':40 'great':51 'hypervisor':47 'kvm':48 'mayb':14 'might':34 'next':31 'probabl':28 'remot':5 'root':9 'run':22 'secur':19 'servic':24 'step':16,32 'vms':26 'work':50 'would':27 'yet':43"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://beehaw.org/comment/1941821"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704286228 {#5029
    date: 2024-01-03 13:50:28.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5147
  +user: Proxies\__CG__\App\Entity\User {#5148 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5030
    +user: Proxies\__CG__\App\Entity\User {#5031 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4854
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4225
        +user: App\Entity\User {#4238 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
          \n
          You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
          \n
          It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
          \n
          If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
          \n
          As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 23
        +score: 0
        +lastActive: DateTime @1711286285 {#4219
          date: 2024-03-24 14:18:05.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4226 …}
        +nested: Doctrine\ORM\PersistentCollection {#4228 …}
        +votes: Doctrine\ORM\PersistentCollection {#4230 …}
        +reports: Doctrine\ORM\PersistentCollection {#4232 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
        -id: 276034
        -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://pawb.social/comment/5047325"
        +editedAt: DateTimeImmutable @1711178131 {#4220
          date: 2024-03-23 08:15:31.0 +01:00
        }
        +createdAt: DateTimeImmutable @1704276432 {#4221
          date: 2024-01-03 11:07:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4225}
      +body: """
        I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
        \n
        I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
        \n
        Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
        \n
        I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 2
      +score: 0
      +lastActive: DateTime @1704285301 {#4851
        date: 2024-01-03 13:35:01.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@amju_wolf@pawb.social"
        "@HiddenLayer5@lemmy.ml"
        "@amju_wolf@pawb.social"
        "@HiddenLayer5@lemmy.ml"
        "@amju_wolf@pawb.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4855 …}
      +nested: Doctrine\ORM\PersistentCollection {#4857 …}
      +votes: Doctrine\ORM\PersistentCollection {#4859 …}
      +reports: Doctrine\ORM\PersistentCollection {#4861 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
      -id: 276244
      -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042465"
      +editedAt: DateTimeImmutable @1711208197 {#4852
        date: 2024-03-23 16:36:37.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704285301 {#4853
        date: 2024-01-03 13:35:01.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I’d go for remoting in as not root as the first (and maybe only) step for better security.\n
      \n
      From there, running the services in VMs would probably be the next step. Docker might be better, but I have gotten into that yet myself.\n
      \n
      As for hypervisor, KVM has worked great for me.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704286228 {#5028
      date: 2024-01-03 13:50:28.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5032 …}
    +nested: Doctrine\ORM\PersistentCollection {#5034 …}
    +votes: Doctrine\ORM\PersistentCollection {#5036 …}
    +reports: Doctrine\ORM\PersistentCollection {#5038 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5040 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5042 …}
    -id: 276267
    -bodyTs: "'better':18,36 'd':2 'docker':33 'first':12 'go':3 'gotten':40 'great':51 'hypervisor':47 'kvm':48 'mayb':14 'might':34 'next':31 'probabl':28 'remot':5 'root':9 'run':22 'secur':19 'servic':24 'step':16,32 'vms':26 'work':50 'would':27 'yet':43"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://beehaw.org/comment/1941821"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704286228 {#5029
      date: 2024-01-03 13:50:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: "KVM is awesome. It is the core of Proxmox which is my preferred way to manage VMs and LXC containers now. I used to run debian+KVM+virt-manager or cockpit but Proxmox does all the noodling setup for me and then just works."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704302356 {#5145
    date: 2024-01-03 18:19:16.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@giloronfoo@beehaw.org"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5149 …}
  +nested: Doctrine\ORM\PersistentCollection {#5151 …}
  +votes: Doctrine\ORM\PersistentCollection {#5153 …}
  +reports: Doctrine\ORM\PersistentCollection {#5155 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5157 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5159 …}
  -id: 276978
  -bodyTs: "'awesom':3 'cockpit':32 'contain':20 'core':7 'debian':26 'kvm':1,27 'lxc':19 'manag':16,30 'noodl':38 'prefer':13 'proxmox':9,34 'run':25 'setup':39 'use':23 'virt':29 'virt-manag':28 'vms':17 'way':14 'work':45"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://beehaw.org/comment/1942399"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704302356 {#5146
    date: 2024-01-03 18:19:16.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5147
  +user: Proxies\__CG__\App\Entity\User {#5148 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5030
    +user: Proxies\__CG__\App\Entity\User {#5031 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4854
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4225
        +user: App\Entity\User {#4238 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
          \n
          You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
          \n
          It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
          \n
          If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
          \n
          As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 23
        +score: 0
        +lastActive: DateTime @1711286285 {#4219
          date: 2024-03-24 14:18:05.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4226 …}
        +nested: Doctrine\ORM\PersistentCollection {#4228 …}
        +votes: Doctrine\ORM\PersistentCollection {#4230 …}
        +reports: Doctrine\ORM\PersistentCollection {#4232 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
        -id: 276034
        -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://pawb.social/comment/5047325"
        +editedAt: DateTimeImmutable @1711178131 {#4220
          date: 2024-03-23 08:15:31.0 +01:00
        }
        +createdAt: DateTimeImmutable @1704276432 {#4221
          date: 2024-01-03 11:07:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4225}
      +body: """
        I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
        \n
        I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
        \n
        Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
        \n
        I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 2
      +score: 0
      +lastActive: DateTime @1704285301 {#4851
        date: 2024-01-03 13:35:01.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@amju_wolf@pawb.social"
        "@HiddenLayer5@lemmy.ml"
        "@amju_wolf@pawb.social"
        "@HiddenLayer5@lemmy.ml"
        "@amju_wolf@pawb.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4855 …}
      +nested: Doctrine\ORM\PersistentCollection {#4857 …}
      +votes: Doctrine\ORM\PersistentCollection {#4859 …}
      +reports: Doctrine\ORM\PersistentCollection {#4861 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
      -id: 276244
      -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042465"
      +editedAt: DateTimeImmutable @1711208197 {#4852
        date: 2024-03-23 16:36:37.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704285301 {#4853
        date: 2024-01-03 13:35:01.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I’d go for remoting in as not root as the first (and maybe only) step for better security.\n
      \n
      From there, running the services in VMs would probably be the next step. Docker might be better, but I have gotten into that yet myself.\n
      \n
      As for hypervisor, KVM has worked great for me.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704286228 {#5028
      date: 2024-01-03 13:50:28.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5032 …}
    +nested: Doctrine\ORM\PersistentCollection {#5034 …}
    +votes: Doctrine\ORM\PersistentCollection {#5036 …}
    +reports: Doctrine\ORM\PersistentCollection {#5038 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5040 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5042 …}
    -id: 276267
    -bodyTs: "'better':18,36 'd':2 'docker':33 'first':12 'go':3 'gotten':40 'great':51 'hypervisor':47 'kvm':48 'mayb':14 'might':34 'next':31 'probabl':28 'remot':5 'root':9 'run':22 'secur':19 'servic':24 'step':16,32 'vms':26 'work':50 'would':27 'yet':43"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://beehaw.org/comment/1941821"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704286228 {#5029
      date: 2024-01-03 13:50:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: "KVM is awesome. It is the core of Proxmox which is my preferred way to manage VMs and LXC containers now. I used to run debian+KVM+virt-manager or cockpit but Proxmox does all the noodling setup for me and then just works."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704302356 {#5145
    date: 2024-01-03 18:19:16.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@giloronfoo@beehaw.org"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5149 …}
  +nested: Doctrine\ORM\PersistentCollection {#5151 …}
  +votes: Doctrine\ORM\PersistentCollection {#5153 …}
  +reports: Doctrine\ORM\PersistentCollection {#5155 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5157 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5159 …}
  -id: 276978
  -bodyTs: "'awesom':3 'cockpit':32 'contain':20 'core':7 'debian':26 'kvm':1,27 'lxc':19 'manag':16,30 'noodl':38 'prefer':13 'proxmox':9,34 'run':25 'setup':39 'use':23 'virt':29 'virt-manag':28 'vms':17 'way':14 'work':45"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://beehaw.org/comment/1942399"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704302356 {#5146
    date: 2024-01-03 18:19:16.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5147
  +user: Proxies\__CG__\App\Entity\User {#5148 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5030
    +user: Proxies\__CG__\App\Entity\User {#5031 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4854
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4225
        +user: App\Entity\User {#4238 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
          \n
          You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
          \n
          It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
          \n
          If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
          \n
          As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 23
        +score: 0
        +lastActive: DateTime @1711286285 {#4219
          date: 2024-03-24 14:18:05.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4226 …}
        +nested: Doctrine\ORM\PersistentCollection {#4228 …}
        +votes: Doctrine\ORM\PersistentCollection {#4230 …}
        +reports: Doctrine\ORM\PersistentCollection {#4232 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
        -id: 276034
        -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://pawb.social/comment/5047325"
        +editedAt: DateTimeImmutable @1711178131 {#4220
          date: 2024-03-23 08:15:31.0 +01:00
        }
        +createdAt: DateTimeImmutable @1704276432 {#4221
          date: 2024-01-03 11:07:12.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4225}
      +body: """
        I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
        \n
        I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
        \n
        Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
        \n
        I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 2
      +score: 0
      +lastActive: DateTime @1704285301 {#4851
        date: 2024-01-03 13:35:01.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@amju_wolf@pawb.social"
        "@HiddenLayer5@lemmy.ml"
        "@amju_wolf@pawb.social"
        "@HiddenLayer5@lemmy.ml"
        "@amju_wolf@pawb.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4855 …}
      +nested: Doctrine\ORM\PersistentCollection {#4857 …}
      +votes: Doctrine\ORM\PersistentCollection {#4859 …}
      +reports: Doctrine\ORM\PersistentCollection {#4861 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
      -id: 276244
      -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042465"
      +editedAt: DateTimeImmutable @1711208197 {#4852
        date: 2024-03-23 16:36:37.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704285301 {#4853
        date: 2024-01-03 13:35:01.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I’d go for remoting in as not root as the first (and maybe only) step for better security.\n
      \n
      From there, running the services in VMs would probably be the next step. Docker might be better, but I have gotten into that yet myself.\n
      \n
      As for hypervisor, KVM has worked great for me.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704286228 {#5028
      date: 2024-01-03 13:50:28.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5032 …}
    +nested: Doctrine\ORM\PersistentCollection {#5034 …}
    +votes: Doctrine\ORM\PersistentCollection {#5036 …}
    +reports: Doctrine\ORM\PersistentCollection {#5038 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5040 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5042 …}
    -id: 276267
    -bodyTs: "'better':18,36 'd':2 'docker':33 'first':12 'go':3 'gotten':40 'great':51 'hypervisor':47 'kvm':48 'mayb':14 'might':34 'next':31 'probabl':28 'remot':5 'root':9 'run':22 'secur':19 'servic':24 'step':16,32 'vms':26 'work':50 'would':27 'yet':43"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://beehaw.org/comment/1941821"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704286228 {#5029
      date: 2024-01-03 13:50:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: "KVM is awesome. It is the core of Proxmox which is my preferred way to manage VMs and LXC containers now. I used to run debian+KVM+virt-manager or cockpit but Proxmox does all the noodling setup for me and then just works."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704302356 {#5145
    date: 2024-01-03 18:19:16.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@giloronfoo@beehaw.org"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5149 …}
  +nested: Doctrine\ORM\PersistentCollection {#5151 …}
  +votes: Doctrine\ORM\PersistentCollection {#5153 …}
  +reports: Doctrine\ORM\PersistentCollection {#5155 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5157 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5159 …}
  -id: 276978
  -bodyTs: "'awesom':3 'cockpit':32 'contain':20 'core':7 'debian':26 'kvm':1,27 'lxc':19 'manag':16,30 'noodl':38 'prefer':13 'proxmox':9,34 'run':25 'setup':39 'use':23 'virt':29 'virt-manag':28 'vms':17 'way':14 'work':45"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://beehaw.org/comment/1942399"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704302356 {#5146
    date: 2024-01-03 18:19:16.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5047
  +user: App\Entity\User {#4312 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4854
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4225
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
        \n
        You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
        \n
        It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
        \n
        If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
        \n
        As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 23
      +score: 0
      +lastActive: DateTime @1711286285 {#4219
        date: 2024-03-24 14:18:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4226 …}
      +nested: Doctrine\ORM\PersistentCollection {#4228 …}
      +votes: Doctrine\ORM\PersistentCollection {#4230 …}
      +reports: Doctrine\ORM\PersistentCollection {#4232 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
      -id: 276034
      -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5047325"
      +editedAt: DateTimeImmutable @1711178131 {#4220
        date: 2024-03-23 08:15:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704276432 {#4221
        date: 2024-01-03 11:07:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
      \n
      I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
      \n
      Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
      \n
      I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704285301 {#4851
      date: 2024-01-03 13:35:01.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4855 …}
    +nested: Doctrine\ORM\PersistentCollection {#4857 …}
    +votes: Doctrine\ORM\PersistentCollection {#4859 …}
    +reports: Doctrine\ORM\PersistentCollection {#4861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
    -id: 276244
    -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042465"
    +editedAt: DateTimeImmutable @1711208197 {#4852
      date: 2024-03-23 16:36:37.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285301 {#4853
      date: 2024-01-03 13:35:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    Sorry, this is very much a PEBKAC issue. This is a excerpt from my `tmux` config:\n
    \n
    ```\n
    \n
    <span style="color:#323232;"># Start windows and panes at 1, not 0\n
    </span><span style="color:#323232;">set -g base-index 1\n
    </span><span style="color:#323232;">setw -g pane-base-index 1\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Use Alt-arrow keys without prefix key to switch panes\n
    </span><span style="color:#323232;">bind -n M-Left select-pane -L\n
    </span><span style="color:#323232;">bind -n M-Right select-pane -R\n
    </span><span style="color:#323232;">bind -n M-Up select-pane -U\n
    </span><span style="color:#323232;">bind -n M-Down select-pane -D\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Shift arrow to switch windows\n
    </span><span style="color:#323232;">bind -n S-Left  previous-window\n
    </span><span style="color:#323232;">bind -n S-Right next-window\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># No delay for escape key press\n
    </span><span style="color:#323232;">set -sg escape-time 0\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Increase scrollback buffer size from 2000 to 50000 lines\n
    </span><span style="color:#323232;">set -g history-limit 50000\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Increase tmux messages display duration from 750ms to 4s\n
    </span><span style="color:#323232;">set -g display-time 4000\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Bind pane creation keys to reuse current directory\n
    </span><span style="color:#323232;">bind % split-window -h -c "#{pane_current_path}"\n
    </span><span style="color:#323232;">bind '"' split-window -v -c "#{pane_current_path}"\n
    </span>\n
    ```\n
    \n
    I hope the comments are self explanatory.\n
    \n
    Scrolling works with `Ctrl+b Page Up/Down`. There are other shortcuts, but this is probably the most obvious. `q` to quit scrolling.\n
    \n
    `Ctrl+b d` to detach from a session. `tmux a` to attach. As always, many options are available to have many named sessions running simultaneously, but that is for a later time.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 7
  +score: 0
  +lastActive: DateTime @1704286679 {#5044
    date: 2024-01-03 13:57:59.0 +01:00
  }
  +ip: null
  +tags: [
    "323232"
  ]
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5048 …}
  +nested: Doctrine\ORM\PersistentCollection {#5050 …}
  +votes: Doctrine\ORM\PersistentCollection {#5052 …}
  +reports: Doctrine\ORM\PersistentCollection {#5054 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5056 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5058 …}
  -id: 276289
  -bodyTs: "'0':24,117 '1':22,30,37 '2000':123 '4000':147 '4s':141 '50000':125,132 '750ms':139 'alt':40 'alt-arrow':39 'alway':216 'arrow':41,86 'attach':214 'avail':220 'b':185,204 'base':28,35 'base-index':27 'bind':49,58,67,76,90,98,148,156,165 'buffer':120 'c':161,170 'comment':177 'config':16 'creation':150 'ctrl':184,203 'current':154,163,172 'd':84,205 'delay':107 'detach':207 'directori':155 'display':136,145 'display-tim':144 'durat':137 'escap':109,115 'escape-tim':114 'excerpt':12 'explanatori':180 'g':26,32,128,143 'h':160 'histori':130 'history-limit':129 'hope':175 'increas':118,133 'index':29,36 'issu':8 'key':42,45,110,151 'l':57 'later':233 'left':53,94 'limit':131 'line':126 'm':52,61,70,79 'm-down':78 'm-left':51 'm-right':60 'm-up':69 'mani':217,223 'messag':135 'much':5 'n':50,59,68,77,91,99 'name':224 'next':104 'next-window':103 'obvious':198 'option':218 'page':186 'pane':20,34,48,56,65,74,83,149,162,171 'pane-base-index':33 'path':164,173 'pebkac':7 'prefix':44 'press':111 'previous':96 'previous-window':95 'probabl':195 'q':199 'quit':201 'r':66 'reus':153 'right':62,102 'run':226 's-left':92 's-right':100 'scroll':181,202 'scrollback':119 'select':55,64,73,82 'select-pan':54,63,72,81 'self':179 'session':210,225 'set':25,112,127,142 'setw':31 'sg':113 'shift':85 'shortcut':191 'simultan':227 'size':121 'sorri':1 'split':158,167 'split-window':157,166 'start':17 'switch':47,88 'time':116,146,234 'tmux':15,134,211 'u':75 'up/down':187 'use':38 'v':169 'window':18,89,97,105,159,168 'without':43 'work':182"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.cafe/comment/3798422"
  +editedAt: DateTimeImmutable @1711213723 {#5045
    date: 2024-03-23 18:08:43.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704286679 {#5046
    date: 2024-01-03 13:57:59.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5047
  +user: App\Entity\User {#4312 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4854
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4225
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
        \n
        You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
        \n
        It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
        \n
        If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
        \n
        As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 23
      +score: 0
      +lastActive: DateTime @1711286285 {#4219
        date: 2024-03-24 14:18:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4226 …}
      +nested: Doctrine\ORM\PersistentCollection {#4228 …}
      +votes: Doctrine\ORM\PersistentCollection {#4230 …}
      +reports: Doctrine\ORM\PersistentCollection {#4232 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
      -id: 276034
      -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5047325"
      +editedAt: DateTimeImmutable @1711178131 {#4220
        date: 2024-03-23 08:15:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704276432 {#4221
        date: 2024-01-03 11:07:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
      \n
      I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
      \n
      Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
      \n
      I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704285301 {#4851
      date: 2024-01-03 13:35:01.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4855 …}
    +nested: Doctrine\ORM\PersistentCollection {#4857 …}
    +votes: Doctrine\ORM\PersistentCollection {#4859 …}
    +reports: Doctrine\ORM\PersistentCollection {#4861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
    -id: 276244
    -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042465"
    +editedAt: DateTimeImmutable @1711208197 {#4852
      date: 2024-03-23 16:36:37.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285301 {#4853
      date: 2024-01-03 13:35:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    Sorry, this is very much a PEBKAC issue. This is a excerpt from my `tmux` config:\n
    \n
    ```\n
    \n
    <span style="color:#323232;"># Start windows and panes at 1, not 0\n
    </span><span style="color:#323232;">set -g base-index 1\n
    </span><span style="color:#323232;">setw -g pane-base-index 1\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Use Alt-arrow keys without prefix key to switch panes\n
    </span><span style="color:#323232;">bind -n M-Left select-pane -L\n
    </span><span style="color:#323232;">bind -n M-Right select-pane -R\n
    </span><span style="color:#323232;">bind -n M-Up select-pane -U\n
    </span><span style="color:#323232;">bind -n M-Down select-pane -D\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Shift arrow to switch windows\n
    </span><span style="color:#323232;">bind -n S-Left  previous-window\n
    </span><span style="color:#323232;">bind -n S-Right next-window\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># No delay for escape key press\n
    </span><span style="color:#323232;">set -sg escape-time 0\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Increase scrollback buffer size from 2000 to 50000 lines\n
    </span><span style="color:#323232;">set -g history-limit 50000\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Increase tmux messages display duration from 750ms to 4s\n
    </span><span style="color:#323232;">set -g display-time 4000\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Bind pane creation keys to reuse current directory\n
    </span><span style="color:#323232;">bind % split-window -h -c "#{pane_current_path}"\n
    </span><span style="color:#323232;">bind '"' split-window -v -c "#{pane_current_path}"\n
    </span>\n
    ```\n
    \n
    I hope the comments are self explanatory.\n
    \n
    Scrolling works with `Ctrl+b Page Up/Down`. There are other shortcuts, but this is probably the most obvious. `q` to quit scrolling.\n
    \n
    `Ctrl+b d` to detach from a session. `tmux a` to attach. As always, many options are available to have many named sessions running simultaneously, but that is for a later time.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 7
  +score: 0
  +lastActive: DateTime @1704286679 {#5044
    date: 2024-01-03 13:57:59.0 +01:00
  }
  +ip: null
  +tags: [
    "323232"
  ]
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5048 …}
  +nested: Doctrine\ORM\PersistentCollection {#5050 …}
  +votes: Doctrine\ORM\PersistentCollection {#5052 …}
  +reports: Doctrine\ORM\PersistentCollection {#5054 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5056 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5058 …}
  -id: 276289
  -bodyTs: "'0':24,117 '1':22,30,37 '2000':123 '4000':147 '4s':141 '50000':125,132 '750ms':139 'alt':40 'alt-arrow':39 'alway':216 'arrow':41,86 'attach':214 'avail':220 'b':185,204 'base':28,35 'base-index':27 'bind':49,58,67,76,90,98,148,156,165 'buffer':120 'c':161,170 'comment':177 'config':16 'creation':150 'ctrl':184,203 'current':154,163,172 'd':84,205 'delay':107 'detach':207 'directori':155 'display':136,145 'display-tim':144 'durat':137 'escap':109,115 'escape-tim':114 'excerpt':12 'explanatori':180 'g':26,32,128,143 'h':160 'histori':130 'history-limit':129 'hope':175 'increas':118,133 'index':29,36 'issu':8 'key':42,45,110,151 'l':57 'later':233 'left':53,94 'limit':131 'line':126 'm':52,61,70,79 'm-down':78 'm-left':51 'm-right':60 'm-up':69 'mani':217,223 'messag':135 'much':5 'n':50,59,68,77,91,99 'name':224 'next':104 'next-window':103 'obvious':198 'option':218 'page':186 'pane':20,34,48,56,65,74,83,149,162,171 'pane-base-index':33 'path':164,173 'pebkac':7 'prefix':44 'press':111 'previous':96 'previous-window':95 'probabl':195 'q':199 'quit':201 'r':66 'reus':153 'right':62,102 'run':226 's-left':92 's-right':100 'scroll':181,202 'scrollback':119 'select':55,64,73,82 'select-pan':54,63,72,81 'self':179 'session':210,225 'set':25,112,127,142 'setw':31 'sg':113 'shift':85 'shortcut':191 'simultan':227 'size':121 'sorri':1 'split':158,167 'split-window':157,166 'start':17 'switch':47,88 'time':116,146,234 'tmux':15,134,211 'u':75 'up/down':187 'use':38 'v':169 'window':18,89,97,105,159,168 'without':43 'work':182"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.cafe/comment/3798422"
  +editedAt: DateTimeImmutable @1711213723 {#5045
    date: 2024-03-23 18:08:43.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704286679 {#5046
    date: 2024-01-03 13:57:59.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5047
  +user: App\Entity\User {#4312 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4854
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4225
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
        \n
        You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
        \n
        It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
        \n
        If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
        \n
        As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 23
      +score: 0
      +lastActive: DateTime @1711286285 {#4219
        date: 2024-03-24 14:18:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4226 …}
      +nested: Doctrine\ORM\PersistentCollection {#4228 …}
      +votes: Doctrine\ORM\PersistentCollection {#4230 …}
      +reports: Doctrine\ORM\PersistentCollection {#4232 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
      -id: 276034
      -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5047325"
      +editedAt: DateTimeImmutable @1711178131 {#4220
        date: 2024-03-23 08:15:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704276432 {#4221
        date: 2024-01-03 11:07:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
      \n
      I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
      \n
      Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
      \n
      I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704285301 {#4851
      date: 2024-01-03 13:35:01.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4855 …}
    +nested: Doctrine\ORM\PersistentCollection {#4857 …}
    +votes: Doctrine\ORM\PersistentCollection {#4859 …}
    +reports: Doctrine\ORM\PersistentCollection {#4861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
    -id: 276244
    -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042465"
    +editedAt: DateTimeImmutable @1711208197 {#4852
      date: 2024-03-23 16:36:37.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285301 {#4853
      date: 2024-01-03 13:35:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    Sorry, this is very much a PEBKAC issue. This is a excerpt from my `tmux` config:\n
    \n
    ```\n
    \n
    <span style="color:#323232;"># Start windows and panes at 1, not 0\n
    </span><span style="color:#323232;">set -g base-index 1\n
    </span><span style="color:#323232;">setw -g pane-base-index 1\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Use Alt-arrow keys without prefix key to switch panes\n
    </span><span style="color:#323232;">bind -n M-Left select-pane -L\n
    </span><span style="color:#323232;">bind -n M-Right select-pane -R\n
    </span><span style="color:#323232;">bind -n M-Up select-pane -U\n
    </span><span style="color:#323232;">bind -n M-Down select-pane -D\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Shift arrow to switch windows\n
    </span><span style="color:#323232;">bind -n S-Left  previous-window\n
    </span><span style="color:#323232;">bind -n S-Right next-window\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># No delay for escape key press\n
    </span><span style="color:#323232;">set -sg escape-time 0\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Increase scrollback buffer size from 2000 to 50000 lines\n
    </span><span style="color:#323232;">set -g history-limit 50000\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Increase tmux messages display duration from 750ms to 4s\n
    </span><span style="color:#323232;">set -g display-time 4000\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;"># Bind pane creation keys to reuse current directory\n
    </span><span style="color:#323232;">bind % split-window -h -c "#{pane_current_path}"\n
    </span><span style="color:#323232;">bind '"' split-window -v -c "#{pane_current_path}"\n
    </span>\n
    ```\n
    \n
    I hope the comments are self explanatory.\n
    \n
    Scrolling works with `Ctrl+b Page Up/Down`. There are other shortcuts, but this is probably the most obvious. `q` to quit scrolling.\n
    \n
    `Ctrl+b d` to detach from a session. `tmux a` to attach. As always, many options are available to have many named sessions running simultaneously, but that is for a later time.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 7
  +score: 0
  +lastActive: DateTime @1704286679 {#5044
    date: 2024-01-03 13:57:59.0 +01:00
  }
  +ip: null
  +tags: [
    "323232"
  ]
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5048 …}
  +nested: Doctrine\ORM\PersistentCollection {#5050 …}
  +votes: Doctrine\ORM\PersistentCollection {#5052 …}
  +reports: Doctrine\ORM\PersistentCollection {#5054 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5056 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5058 …}
  -id: 276289
  -bodyTs: "'0':24,117 '1':22,30,37 '2000':123 '4000':147 '4s':141 '50000':125,132 '750ms':139 'alt':40 'alt-arrow':39 'alway':216 'arrow':41,86 'attach':214 'avail':220 'b':185,204 'base':28,35 'base-index':27 'bind':49,58,67,76,90,98,148,156,165 'buffer':120 'c':161,170 'comment':177 'config':16 'creation':150 'ctrl':184,203 'current':154,163,172 'd':84,205 'delay':107 'detach':207 'directori':155 'display':136,145 'display-tim':144 'durat':137 'escap':109,115 'escape-tim':114 'excerpt':12 'explanatori':180 'g':26,32,128,143 'h':160 'histori':130 'history-limit':129 'hope':175 'increas':118,133 'index':29,36 'issu':8 'key':42,45,110,151 'l':57 'later':233 'left':53,94 'limit':131 'line':126 'm':52,61,70,79 'm-down':78 'm-left':51 'm-right':60 'm-up':69 'mani':217,223 'messag':135 'much':5 'n':50,59,68,77,91,99 'name':224 'next':104 'next-window':103 'obvious':198 'option':218 'page':186 'pane':20,34,48,56,65,74,83,149,162,171 'pane-base-index':33 'path':164,173 'pebkac':7 'prefix':44 'press':111 'previous':96 'previous-window':95 'probabl':195 'q':199 'quit':201 'r':66 'reus':153 'right':62,102 'run':226 's-left':92 's-right':100 'scroll':181,202 'scrollback':119 'select':55,64,73,82 'select-pan':54,63,72,81 'self':179 'session':210,225 'set':25,112,127,142 'setw':31 'sg':113 'shift':85 'shortcut':191 'simultan':227 'size':121 'sorri':1 'split':158,167 'split-window':157,166 'start':17 'switch':47,88 'time':116,146,234 'tmux':15,134,211 'u':75 'up/down':187 'use':38 'v':169 'window':18,89,97,105,159,168 'without':43 'work':182"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.cafe/comment/3798422"
  +editedAt: DateTimeImmutable @1711213723 {#5045
    date: 2024-03-23 18:08:43.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704286679 {#5046
    date: 2024-01-03 13:57:59.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5063
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4854
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4225
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
        \n
        You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
        \n
        It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
        \n
        If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
        \n
        As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 23
      +score: 0
      +lastActive: DateTime @1711286285 {#4219
        date: 2024-03-24 14:18:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4226 …}
      +nested: Doctrine\ORM\PersistentCollection {#4228 …}
      +votes: Doctrine\ORM\PersistentCollection {#4230 …}
      +reports: Doctrine\ORM\PersistentCollection {#4232 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
      -id: 276034
      -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5047325"
      +editedAt: DateTimeImmutable @1711178131 {#4220
        date: 2024-03-23 08:15:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704276432 {#4221
        date: 2024-01-03 11:07:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
      \n
      I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
      \n
      Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
      \n
      I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704285301 {#4851
      date: 2024-01-03 13:35:01.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4855 …}
    +nested: Doctrine\ORM\PersistentCollection {#4857 …}
    +votes: Doctrine\ORM\PersistentCollection {#4859 …}
    +reports: Doctrine\ORM\PersistentCollection {#4861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
    -id: 276244
    -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042465"
    +editedAt: DateTimeImmutable @1711208197 {#4852
      date: 2024-03-23 16:36:37.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285301 {#4853
      date: 2024-01-03 13:35:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    I see. In that case you should really try tmux; I didn’t vibe with screen either but I find tmux quite usable.\n
    \n
    For the most part I just open several terminal windows/tabs on my local machine and remote with each one to the server, and I use tmux only when I explicitly need to keep something running. Since that’s usually just one thing I can use like two tmux commands and don’t need anything else.\n
    \n
    Oh and for stuff like copying and such I’d use `rsync` instead of primitive `cp` so that in case it gets interrupted I only copy what’s needed.\n
    \n
    I wouldn’t bother with virtualization and such; you’d only complicate things for yourself. Try to keep it simple but do it properly: learn some command line basics and you’ll see that in a year it’ll become second nature.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 8
  +score: 0
  +lastActive: DateTime @1704291637 {#5060
    date: 2024-01-03 15:20:37.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5064 …}
  +nested: Doctrine\ORM\PersistentCollection {#5066 …}
  +votes: Doctrine\ORM\PersistentCollection {#5068 …}
  +reports: Doctrine\ORM\PersistentCollection {#5070 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5072 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5074 …}
  -id: 276493
  -bodyTs: "'anyth':77 'basic':136 'becom':147 'bother':111 'case':5,98 'command':72,134 'complic':119 'copi':84,104 'cp':94 'd':88,117 'didn':12 'either':17 'els':78 'explicit':53 'find':20 'get':100 'instead':91 'interrupt':101 'keep':56,125 'learn':132 'like':69,83 'line':135 'll':139,146 'local':36 'machin':37 'natur':149 'need':54,76,107 'oh':79 'one':42,64 'open':30 'part':27 'primit':93 'proper':131 'quit':22 'realli':8 'remot':39 'rsync':90 'run':58 'screen':16 'second':148 'see':2,140 'server':45 'sever':31 'simpl':127 'sinc':59 'someth':57 'stuff':82 'termin':32 'thing':65,120 'tmux':10,21,49,71 'tri':9,123 'two':70 'usabl':23 'use':48,68,89 'usual':62 'vibe':14 'virtual':113 'windows/tabs':33 'wouldn':109 'year':144"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5052253"
  +editedAt: DateTimeImmutable @1711233242 {#5061
    date: 2024-03-23 23:34:02.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704291637 {#5062
    date: 2024-01-03 15:20:37.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5063
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4854
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4225
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
        \n
        You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
        \n
        It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
        \n
        If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
        \n
        As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 23
      +score: 0
      +lastActive: DateTime @1711286285 {#4219
        date: 2024-03-24 14:18:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4226 …}
      +nested: Doctrine\ORM\PersistentCollection {#4228 …}
      +votes: Doctrine\ORM\PersistentCollection {#4230 …}
      +reports: Doctrine\ORM\PersistentCollection {#4232 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
      -id: 276034
      -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5047325"
      +editedAt: DateTimeImmutable @1711178131 {#4220
        date: 2024-03-23 08:15:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704276432 {#4221
        date: 2024-01-03 11:07:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
      \n
      I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
      \n
      Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
      \n
      I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704285301 {#4851
      date: 2024-01-03 13:35:01.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4855 …}
    +nested: Doctrine\ORM\PersistentCollection {#4857 …}
    +votes: Doctrine\ORM\PersistentCollection {#4859 …}
    +reports: Doctrine\ORM\PersistentCollection {#4861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
    -id: 276244
    -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042465"
    +editedAt: DateTimeImmutable @1711208197 {#4852
      date: 2024-03-23 16:36:37.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285301 {#4853
      date: 2024-01-03 13:35:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    I see. In that case you should really try tmux; I didn’t vibe with screen either but I find tmux quite usable.\n
    \n
    For the most part I just open several terminal windows/tabs on my local machine and remote with each one to the server, and I use tmux only when I explicitly need to keep something running. Since that’s usually just one thing I can use like two tmux commands and don’t need anything else.\n
    \n
    Oh and for stuff like copying and such I’d use `rsync` instead of primitive `cp` so that in case it gets interrupted I only copy what’s needed.\n
    \n
    I wouldn’t bother with virtualization and such; you’d only complicate things for yourself. Try to keep it simple but do it properly: learn some command line basics and you’ll see that in a year it’ll become second nature.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 8
  +score: 0
  +lastActive: DateTime @1704291637 {#5060
    date: 2024-01-03 15:20:37.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5064 …}
  +nested: Doctrine\ORM\PersistentCollection {#5066 …}
  +votes: Doctrine\ORM\PersistentCollection {#5068 …}
  +reports: Doctrine\ORM\PersistentCollection {#5070 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5072 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5074 …}
  -id: 276493
  -bodyTs: "'anyth':77 'basic':136 'becom':147 'bother':111 'case':5,98 'command':72,134 'complic':119 'copi':84,104 'cp':94 'd':88,117 'didn':12 'either':17 'els':78 'explicit':53 'find':20 'get':100 'instead':91 'interrupt':101 'keep':56,125 'learn':132 'like':69,83 'line':135 'll':139,146 'local':36 'machin':37 'natur':149 'need':54,76,107 'oh':79 'one':42,64 'open':30 'part':27 'primit':93 'proper':131 'quit':22 'realli':8 'remot':39 'rsync':90 'run':58 'screen':16 'second':148 'see':2,140 'server':45 'sever':31 'simpl':127 'sinc':59 'someth':57 'stuff':82 'termin':32 'thing':65,120 'tmux':10,21,49,71 'tri':9,123 'two':70 'usabl':23 'use':48,68,89 'usual':62 'vibe':14 'virtual':113 'windows/tabs':33 'wouldn':109 'year':144"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5052253"
  +editedAt: DateTimeImmutable @1711233242 {#5061
    date: 2024-03-23 23:34:02.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704291637 {#5062
    date: 2024-01-03 15:20:37.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5063
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4854
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4225
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        I don’t want to step on your workflow too much since it somehow seems to work for you but your main issue stems from the fact that you clearly don’t work with your server as if it actually was a server.\n
        \n
        You shouldn’t really have a desktop interface running there in the first place (let alone as root and then using it as a regular user). You should ask yourself what it actually solves for you and be open to trying different (and more standard) solutions to what you’re trying to achieve.\n
        \n
        It’d probably consist of less clicking and using the CLI a bit more, but for stuff like file management you can still easily use [`mc`](https://linux.die.net/man/1/mc).\n
        \n
        If you need terminal sessions that keep scrollback and don’t stop when you disconnect you should learn to use `tmux` or `screen` or something like that. But then again if you’re running actual software in there then you should probably use a service (daemon) for that.\n
        \n
        As for whether it’s a security issue, yeah it most definitely is. Just like it’s a security issue to run literally any networked application as root. Security isn’t black and white and there are trade offs to be made but most people wouldn’t consider what you’re doing a reasonable tradeoff.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 23
      +score: 0
      +lastActive: DateTime @1711286285 {#4219
        date: 2024-03-24 14:18:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4226 …}
      +nested: Doctrine\ORM\PersistentCollection {#4228 …}
      +votes: Doctrine\ORM\PersistentCollection {#4230 …}
      +reports: Doctrine\ORM\PersistentCollection {#4232 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4234 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4236 …}
      -id: 276034
      -bodyTs: "'/man/1/mc).':125 'achiev':96 'actual':40,76,160 'alon':59 'applic':199 'ask':72 'bit':109 'black':205 'clear':30 'cli':107 'click':103 'consid':221 'consist':100 'd':98 'daemon':171 'definit':185 'desktop':50 'differ':85 'disconnect':140 'easili':120 'fact':27 'file':115 'first':56 'interfac':51 'isn':203 'issu':23,181,193 'keep':132 'learn':143 'less':102 'let':58 'like':114,151,188 'linux.die.net':124 'linux.die.net/man/1/mc).':123 'liter':196 'made':215 'main':22 'manag':116 'mc':122 'much':11 'need':128 'network':198 'off':212 'open':82 'peopl':218 'place':57 'probabl':99,167 're':93,158,224 'realli':47 'reason':227 'regular':68 'root':61,201 'run':52,159,195 'screen':148 'scrollback':133 'secur':180,192,202 'seem':15 'server':36,43 'servic':170 'session':130 'shouldn':45 'sinc':12 'softwar':161 'solut':89 'solv':77 'somehow':14 'someth':150 'standard':88 'stem':24 'step':6 'still':119 'stop':137 'stuff':113 'termin':129 'tmux':146 'trade':211 'tradeoff':228 'tri':84,94 'use':64,105,121,145,168 'user':69 'want':4 'whether':176 'white':207 'work':17,33 'workflow':9 'wouldn':219 'yeah':182"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5047325"
      +editedAt: DateTimeImmutable @1711178131 {#4220
        date: 2024-03-23 08:15:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704276432 {#4221
        date: 2024-01-03 11:07:12.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4225}
    +body: """
      I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.\n
      \n
      I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.\n
      \n
      Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.\n
      \n
      I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704285301 {#4851
      date: 2024-01-03 13:35:01.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4855 …}
    +nested: Doctrine\ORM\PersistentCollection {#4857 …}
    +votes: Doctrine\ORM\PersistentCollection {#4859 …}
    +reports: Doctrine\ORM\PersistentCollection {#4861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4863 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4865 …}
    -id: 276244
    -bodyTs: "'access':226 'activ':139 'actual':3,218,335 'affect':86 'also':99,158 'away':278 'back':154 'bad':202 'benefit':246 'board':22 'centr':337 'cli':8,125 'command':74,180 'compress':48 'comput':23 'copi':46 'could':245 'cycl':177 'd':211 'data':336 'desktop':15,265 'due':133 'emul':170 'even':164 'excus':191 'explain':195 'feel':325 'file':49 'find':129 'full':14 'fulli':7 'get':277 'go':153,309 'happen':100 'hypervisor':293 'id':148 'idea':297 'issu':27 'kind':249 'know':199 'known':314 'lan':229 'lax':237 'let':260 'like':318,326 'long':43 'lot':120,235 'm':241,302 'machin':108,269 'make':190 'manag':137,216 'meant':329 'most':50 'move':4,45,183 'multipl':138 'nas':35 'need':55 'never':290 'none':205 'occasion':112 'offload':42 'one':11,317 'open':315 'oper':44,88 'outsid':333 'pc':59,80,97 'practic':203 'product':219 'realli':131,321,324 'reason':197 'recent':179 'refus':161 'regular':38 'remot':67,262,281 'root':285 'run':166 'screen':111,151 'scroll':163,173,185 'second':96 'seem':320 'separ':254 'server':9,104,220,256 'setup':252 'sinc':222,310 'singl':21 'someth':327 'sourc':316 'still':259 'stuff':257,272 'support':172 'sure':304 'technic':322 'tend':231 'termin':140,169 'thing':209 'though':287 'tri':188,193 'turn':78 'type':71,145 'unwieldi':132 'upgrad':18 'use':39,57,110,115,117,291,332 'user':286 've':289 'virtual':251 'way':92 'well':306,313 'well-known':312 'whatev':84 'wheel':186 'without':85 'wonder':242 'would':308 'x86':25 'xen':319"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042465"
    +editedAt: DateTimeImmutable @1711208197 {#4852
      date: 2024-03-23 16:36:37.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285301 {#4853
      date: 2024-01-03 13:35:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4225}
  +body: """
    I see. In that case you should really try tmux; I didn’t vibe with screen either but I find tmux quite usable.\n
    \n
    For the most part I just open several terminal windows/tabs on my local machine and remote with each one to the server, and I use tmux only when I explicitly need to keep something running. Since that’s usually just one thing I can use like two tmux commands and don’t need anything else.\n
    \n
    Oh and for stuff like copying and such I’d use `rsync` instead of primitive `cp` so that in case it gets interrupted I only copy what’s needed.\n
    \n
    I wouldn’t bother with virtualization and such; you’d only complicate things for yourself. Try to keep it simple but do it properly: learn some command line basics and you’ll see that in a year it’ll become second nature.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 8
  +score: 0
  +lastActive: DateTime @1704291637 {#5060
    date: 2024-01-03 15:20:37.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5064 …}
  +nested: Doctrine\ORM\PersistentCollection {#5066 …}
  +votes: Doctrine\ORM\PersistentCollection {#5068 …}
  +reports: Doctrine\ORM\PersistentCollection {#5070 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5072 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5074 …}
  -id: 276493
  -bodyTs: "'anyth':77 'basic':136 'becom':147 'bother':111 'case':5,98 'command':72,134 'complic':119 'copi':84,104 'cp':94 'd':88,117 'didn':12 'either':17 'els':78 'explicit':53 'find':20 'get':100 'instead':91 'interrupt':101 'keep':56,125 'learn':132 'like':69,83 'line':135 'll':139,146 'local':36 'machin':37 'natur':149 'need':54,76,107 'oh':79 'one':42,64 'open':30 'part':27 'primit':93 'proper':131 'quit':22 'realli':8 'remot':39 'rsync':90 'run':58 'screen':16 'second':148 'see':2,140 'server':45 'sever':31 'simpl':127 'sinc':59 'someth':57 'stuff':82 'termin':32 'thing':65,120 'tmux':10,21,49,71 'tri':9,123 'two':70 'usabl':23 'use':48,68,89 'usual':62 'vibe':14 'virtual':113 'windows/tabs':33 'wouldn':109 'year':144"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5052253"
  +editedAt: DateTimeImmutable @1711233242 {#5061
    date: 2024-03-23 23:34:02.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704291637 {#5062
    date: 2024-01-03 15:20:37.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4299
  +user: App\Entity\User {#4312 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    > Is it actually dangerous to run Firefox as root?\n
    \n
    Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
    \n
    > usually logged into KDE Plasma as root.\n
    \n
    Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 68
  +score: 0
  +lastActive: DateTime @1711456001 {#4294
    date: 2024-03-26 13:26:41.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4300 …}
  +nested: Doctrine\ORM\PersistentCollection {#4302 …}
  +votes: Doctrine\ORM\PersistentCollection {#4304 …}
  +reports: Doctrine\ORM\PersistentCollection {#4306 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
  -id: 276028
  -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.cafe/comment/3797028"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704276284 {#4295
    date: 2024-01-03 11:04:44.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4299
  +user: App\Entity\User {#4312 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    > Is it actually dangerous to run Firefox as root?\n
    \n
    Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
    \n
    > usually logged into KDE Plasma as root.\n
    \n
    Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 68
  +score: 0
  +lastActive: DateTime @1711456001 {#4294
    date: 2024-03-26 13:26:41.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4300 …}
  +nested: Doctrine\ORM\PersistentCollection {#4302 …}
  +votes: Doctrine\ORM\PersistentCollection {#4304 …}
  +reports: Doctrine\ORM\PersistentCollection {#4306 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
  -id: 276028
  -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.cafe/comment/3797028"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704276284 {#4295
    date: 2024-01-03 11:04:44.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4299
  +user: App\Entity\User {#4312 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    > Is it actually dangerous to run Firefox as root?\n
    \n
    Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
    \n
    > usually logged into KDE Plasma as root.\n
    \n
    Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 68
  +score: 0
  +lastActive: DateTime @1711456001 {#4294
    date: 2024-03-26 13:26:41.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4300 …}
  +nested: Doctrine\ORM\PersistentCollection {#4302 …}
  +votes: Doctrine\ORM\PersistentCollection {#4304 …}
  +reports: Doctrine\ORM\PersistentCollection {#4306 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
  -id: 276028
  -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.cafe/comment/3797028"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704276284 {#4295
    date: 2024-01-03 11:04:44.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4838
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4299
    +user: App\Entity\User {#4312 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      > Is it actually dangerous to run Firefox as root?\n
      \n
      Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
      \n
      > usually logged into KDE Plasma as root.\n
      \n
      Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 68
    +score: 0
    +lastActive: DateTime @1711456001 {#4294
      date: 2024-03-26 13:26:41.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4300 …}
    +nested: Doctrine\ORM\PersistentCollection {#4302 …}
    +votes: Doctrine\ORM\PersistentCollection {#4304 …}
    +reports: Doctrine\ORM\PersistentCollection {#4306 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
    -id: 276028
    -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.cafe/comment/3797028"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704276284 {#4295
      date: 2024-01-03 11:04:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
    \n
    Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704285378 {#4836
    date: 2024-01-03 13:36:18.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4839 …}
  +nested: Doctrine\ORM\PersistentCollection {#4841 …}
  +votes: Doctrine\ORM\PersistentCollection {#4843 …}
  +reports: Doctrine\ORM\PersistentCollection {#4845 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
  -id: 276247
  -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042493"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285378 {#4837
    date: 2024-01-03 13:36:18.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4838
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4299
    +user: App\Entity\User {#4312 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      > Is it actually dangerous to run Firefox as root?\n
      \n
      Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
      \n
      > usually logged into KDE Plasma as root.\n
      \n
      Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 68
    +score: 0
    +lastActive: DateTime @1711456001 {#4294
      date: 2024-03-26 13:26:41.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4300 …}
    +nested: Doctrine\ORM\PersistentCollection {#4302 …}
    +votes: Doctrine\ORM\PersistentCollection {#4304 …}
    +reports: Doctrine\ORM\PersistentCollection {#4306 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
    -id: 276028
    -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.cafe/comment/3797028"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704276284 {#4295
      date: 2024-01-03 11:04:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
    \n
    Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704285378 {#4836
    date: 2024-01-03 13:36:18.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4839 …}
  +nested: Doctrine\ORM\PersistentCollection {#4841 …}
  +votes: Doctrine\ORM\PersistentCollection {#4843 …}
  +reports: Doctrine\ORM\PersistentCollection {#4845 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
  -id: 276247
  -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042493"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285378 {#4837
    date: 2024-01-03 13:36:18.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4838
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4299
    +user: App\Entity\User {#4312 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      > Is it actually dangerous to run Firefox as root?\n
      \n
      Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
      \n
      > usually logged into KDE Plasma as root.\n
      \n
      Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 68
    +score: 0
    +lastActive: DateTime @1711456001 {#4294
      date: 2024-03-26 13:26:41.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4300 …}
    +nested: Doctrine\ORM\PersistentCollection {#4302 …}
    +votes: Doctrine\ORM\PersistentCollection {#4304 …}
    +reports: Doctrine\ORM\PersistentCollection {#4306 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
    -id: 276028
    -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.cafe/comment/3797028"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704276284 {#4295
      date: 2024-01-03 11:04:44.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
    \n
    Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 5
  +score: 0
  +lastActive: DateTime @1704285378 {#4836
    date: 2024-01-03 13:36:18.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4839 …}
  +nested: Doctrine\ORM\PersistentCollection {#4841 …}
  +votes: Doctrine\ORM\PersistentCollection {#4843 …}
  +reports: Doctrine\ORM\PersistentCollection {#4845 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
  -id: 276247
  -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042493"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285378 {#4837
    date: 2024-01-03 13:36:18.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5079
  +user: App\Entity\User {#4312 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4838
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4299
      +user: App\Entity\User {#4312 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        > Is it actually dangerous to run Firefox as root?\n
        \n
        Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
        \n
        > usually logged into KDE Plasma as root.\n
        \n
        Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 68
      +score: 0
      +lastActive: DateTime @1711456001 {#4294
        date: 2024-03-26 13:26:41.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4300 …}
      +nested: Doctrine\ORM\PersistentCollection {#4302 …}
      +votes: Doctrine\ORM\PersistentCollection {#4304 …}
      +reports: Doctrine\ORM\PersistentCollection {#4306 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
      -id: 276028
      -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.cafe/comment/3797028"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704276284 {#4295
        date: 2024-01-03 11:04:44.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
      \n
      Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704285378 {#4836
      date: 2024-01-03 13:36:18.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4839 …}
    +nested: Doctrine\ORM\PersistentCollection {#4841 …}
    +votes: Doctrine\ORM\PersistentCollection {#4843 …}
    +reports: Doctrine\ORM\PersistentCollection {#4845 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
    -id: 276247
    -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042493"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285378 {#4837
      date: 2024-01-03 13:36:18.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
    \n
    Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
    \n
    Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 27
  +score: 0
  +lastActive: DateTime @1704285945 {#5076
    date: 2024-01-03 13:45:45.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5080 …}
  +nested: Doctrine\ORM\PersistentCollection {#5082 …}
  +votes: Doctrine\ORM\PersistentCollection {#5084 …}
  +reports: Doctrine\ORM\PersistentCollection {#5086 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
  -id: 276263
  -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.cafe/comment/3798284"
  +editedAt: DateTimeImmutable @1711210951 {#5077
    date: 2024-03-23 17:22:31.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704285945 {#5078
    date: 2024-01-03 13:45:45.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5079
  +user: App\Entity\User {#4312 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4838
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4299
      +user: App\Entity\User {#4312 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        > Is it actually dangerous to run Firefox as root?\n
        \n
        Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
        \n
        > usually logged into KDE Plasma as root.\n
        \n
        Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 68
      +score: 0
      +lastActive: DateTime @1711456001 {#4294
        date: 2024-03-26 13:26:41.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4300 …}
      +nested: Doctrine\ORM\PersistentCollection {#4302 …}
      +votes: Doctrine\ORM\PersistentCollection {#4304 …}
      +reports: Doctrine\ORM\PersistentCollection {#4306 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
      -id: 276028
      -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.cafe/comment/3797028"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704276284 {#4295
        date: 2024-01-03 11:04:44.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
      \n
      Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704285378 {#4836
      date: 2024-01-03 13:36:18.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4839 …}
    +nested: Doctrine\ORM\PersistentCollection {#4841 …}
    +votes: Doctrine\ORM\PersistentCollection {#4843 …}
    +reports: Doctrine\ORM\PersistentCollection {#4845 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
    -id: 276247
    -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042493"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285378 {#4837
      date: 2024-01-03 13:36:18.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
    \n
    Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
    \n
    Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 27
  +score: 0
  +lastActive: DateTime @1704285945 {#5076
    date: 2024-01-03 13:45:45.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5080 …}
  +nested: Doctrine\ORM\PersistentCollection {#5082 …}
  +votes: Doctrine\ORM\PersistentCollection {#5084 …}
  +reports: Doctrine\ORM\PersistentCollection {#5086 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
  -id: 276263
  -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.cafe/comment/3798284"
  +editedAt: DateTimeImmutable @1711210951 {#5077
    date: 2024-03-23 17:22:31.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704285945 {#5078
    date: 2024-01-03 13:45:45.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5079
  +user: App\Entity\User {#4312 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4838
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4299
      +user: App\Entity\User {#4312 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        > Is it actually dangerous to run Firefox as root?\n
        \n
        Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
        \n
        > usually logged into KDE Plasma as root.\n
        \n
        Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 68
      +score: 0
      +lastActive: DateTime @1711456001 {#4294
        date: 2024-03-26 13:26:41.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4300 …}
      +nested: Doctrine\ORM\PersistentCollection {#4302 …}
      +votes: Doctrine\ORM\PersistentCollection {#4304 …}
      +reports: Doctrine\ORM\PersistentCollection {#4306 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
      -id: 276028
      -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.cafe/comment/3797028"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704276284 {#4295
        date: 2024-01-03 11:04:44.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
      \n
      Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 5
    +score: 0
    +lastActive: DateTime @1704285378 {#4836
      date: 2024-01-03 13:36:18.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4839 …}
    +nested: Doctrine\ORM\PersistentCollection {#4841 …}
    +votes: Doctrine\ORM\PersistentCollection {#4843 …}
    +reports: Doctrine\ORM\PersistentCollection {#4845 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
    -id: 276247
    -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042493"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704285378 {#4837
      date: 2024-01-03 13:36:18.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
    \n
    Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
    \n
    Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 27
  +score: 0
  +lastActive: DateTime @1704285945 {#5076
    date: 2024-01-03 13:45:45.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5080 …}
  +nested: Doctrine\ORM\PersistentCollection {#5082 …}
  +votes: Doctrine\ORM\PersistentCollection {#5084 …}
  +reports: Doctrine\ORM\PersistentCollection {#5086 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
  -id: 276263
  -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.cafe/comment/3798284"
  +editedAt: DateTimeImmutable @1711210951 {#5077
    date: 2024-03-23 17:22:31.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704285945 {#5078
    date: 2024-01-03 13:45:45.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5132
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5079
    +user: App\Entity\User {#4312 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4838
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4299
        +user: App\Entity\User {#4312 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          > Is it actually dangerous to run Firefox as root?\n
          \n
          Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
          \n
          > usually logged into KDE Plasma as root.\n
          \n
          Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 68
        +score: 0
        +lastActive: DateTime @1711456001 {#4294
          date: 2024-03-26 13:26:41.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4300 …}
        +nested: Doctrine\ORM\PersistentCollection {#4302 …}
        +votes: Doctrine\ORM\PersistentCollection {#4304 …}
        +reports: Doctrine\ORM\PersistentCollection {#4306 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
        -id: 276028
        -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.cafe/comment/3797028"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704276284 {#4295
          date: 2024-01-03 11:04:44.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4299}
      +body: """
        > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
        \n
        Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704285378 {#4836
        date: 2024-01-03 13:36:18.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4839 …}
      +nested: Doctrine\ORM\PersistentCollection {#4841 …}
      +votes: Doctrine\ORM\PersistentCollection {#4843 …}
      +reports: Doctrine\ORM\PersistentCollection {#4845 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
      -id: 276247
      -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042493"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285378 {#4837
        date: 2024-01-03 13:36:18.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
      \n
      Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
      \n
      Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 27
    +score: 0
    +lastActive: DateTime @1704285945 {#5076
      date: 2024-01-03 13:45:45.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5080 …}
    +nested: Doctrine\ORM\PersistentCollection {#5082 …}
    +votes: Doctrine\ORM\PersistentCollection {#5084 …}
    +reports: Doctrine\ORM\PersistentCollection {#5086 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
    -id: 276263
    -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.cafe/comment/3798284"
    +editedAt: DateTimeImmutable @1711210951 {#5077
      date: 2024-03-23 17:22:31.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285945 {#5078
      date: 2024-01-03 13:45:45.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    Thank you.\n
    \n
    > Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.\n
    \n
    This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?\n
    \n
    Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?\n
    \n
    How does a “professional” NAS setup handle this?
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704287212 {#5129
    date: 2024-01-03 14:06:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5133 …}
  +nested: Doctrine\ORM\PersistentCollection {#5135 …}
  +votes: Doctrine\ORM\PersistentCollection {#5137 …}
  +reports: Doctrine\ORM\PersistentCollection {#5139 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5141 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5143 …}
  -id: 276307
  -bodyTs: "'100':265 'abl':229 'absolut':207 'access':55,87,102,110,117,167,273,278 'allow':9 'also':72,155,193 'applic':64 'back':211 'bad':59,244,290 'becom':36 'breach':221 'case':294 'come':66 'compon':11 'compromis':194 'comput':99,279 'config':57,60 'danger':145 'data':122 'databas':65 'drive':81,125,161 'either':138 'els':209,282 'even':149,197 'everyth':31,50,69,115,281 'exploit':7 'fair':37 'fall':284 'feel':259 'file':20,61,148,196,204,233,268 'firefox':141,214,251 'game':38,48 'go':210 'handl':319 'hard':80 'homedir':35 'host':202 'internet':277 'kde':13,139 'keep':266 'like':260 'm':75,105,299 'mayb':297 'mind':68 'miss':300 'mount':82,162 'nas':317 'never':272 'non':310 'non-root':309 'noth':208 'one':108,119 'paranoid':306 'pc':158,176,192,224 'profession':316 'program':184 'protect':131 'read':18,231 'realli':258 'regular':91,153,170,188 'right':237 'root':44,253,311 'run':24,42,150,185,250 'safe':269 'sandbox':220 'say':3 'scenario':295,312 'server':85,113,165,200,236,256 'setup':318 'short':285 'simpli':47 'sinc':156 'someth':73,301 'still':227 'suck':30 'system':53 'thank':1 'thing':215 'think':76 'though':296 'unprivileg':27 'use':16,100,174 'user':28,33,92,120,154,171,189 'vulner':136,181 'want':129 'way':263 'worst':293 'would':226 'wouldn':133,178,238"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042899"
  +editedAt: DateTimeImmutable @1711217670 {#5130
    date: 2024-03-23 19:14:30.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704287212 {#5131
    date: 2024-01-03 14:06:52.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5132
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5079
    +user: App\Entity\User {#4312 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4838
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4299
        +user: App\Entity\User {#4312 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          > Is it actually dangerous to run Firefox as root?\n
          \n
          Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
          \n
          > usually logged into KDE Plasma as root.\n
          \n
          Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 68
        +score: 0
        +lastActive: DateTime @1711456001 {#4294
          date: 2024-03-26 13:26:41.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4300 …}
        +nested: Doctrine\ORM\PersistentCollection {#4302 …}
        +votes: Doctrine\ORM\PersistentCollection {#4304 …}
        +reports: Doctrine\ORM\PersistentCollection {#4306 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
        -id: 276028
        -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.cafe/comment/3797028"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704276284 {#4295
          date: 2024-01-03 11:04:44.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4299}
      +body: """
        > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
        \n
        Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704285378 {#4836
        date: 2024-01-03 13:36:18.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4839 …}
      +nested: Doctrine\ORM\PersistentCollection {#4841 …}
      +votes: Doctrine\ORM\PersistentCollection {#4843 …}
      +reports: Doctrine\ORM\PersistentCollection {#4845 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
      -id: 276247
      -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042493"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285378 {#4837
        date: 2024-01-03 13:36:18.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
      \n
      Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
      \n
      Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 27
    +score: 0
    +lastActive: DateTime @1704285945 {#5076
      date: 2024-01-03 13:45:45.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5080 …}
    +nested: Doctrine\ORM\PersistentCollection {#5082 …}
    +votes: Doctrine\ORM\PersistentCollection {#5084 …}
    +reports: Doctrine\ORM\PersistentCollection {#5086 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
    -id: 276263
    -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.cafe/comment/3798284"
    +editedAt: DateTimeImmutable @1711210951 {#5077
      date: 2024-03-23 17:22:31.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285945 {#5078
      date: 2024-01-03 13:45:45.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    Thank you.\n
    \n
    > Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.\n
    \n
    This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?\n
    \n
    Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?\n
    \n
    How does a “professional” NAS setup handle this?
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704287212 {#5129
    date: 2024-01-03 14:06:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5133 …}
  +nested: Doctrine\ORM\PersistentCollection {#5135 …}
  +votes: Doctrine\ORM\PersistentCollection {#5137 …}
  +reports: Doctrine\ORM\PersistentCollection {#5139 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5141 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5143 …}
  -id: 276307
  -bodyTs: "'100':265 'abl':229 'absolut':207 'access':55,87,102,110,117,167,273,278 'allow':9 'also':72,155,193 'applic':64 'back':211 'bad':59,244,290 'becom':36 'breach':221 'case':294 'come':66 'compon':11 'compromis':194 'comput':99,279 'config':57,60 'danger':145 'data':122 'databas':65 'drive':81,125,161 'either':138 'els':209,282 'even':149,197 'everyth':31,50,69,115,281 'exploit':7 'fair':37 'fall':284 'feel':259 'file':20,61,148,196,204,233,268 'firefox':141,214,251 'game':38,48 'go':210 'handl':319 'hard':80 'homedir':35 'host':202 'internet':277 'kde':13,139 'keep':266 'like':260 'm':75,105,299 'mayb':297 'mind':68 'miss':300 'mount':82,162 'nas':317 'never':272 'non':310 'non-root':309 'noth':208 'one':108,119 'paranoid':306 'pc':158,176,192,224 'profession':316 'program':184 'protect':131 'read':18,231 'realli':258 'regular':91,153,170,188 'right':237 'root':44,253,311 'run':24,42,150,185,250 'safe':269 'sandbox':220 'say':3 'scenario':295,312 'server':85,113,165,200,236,256 'setup':318 'short':285 'simpli':47 'sinc':156 'someth':73,301 'still':227 'suck':30 'system':53 'thank':1 'thing':215 'think':76 'though':296 'unprivileg':27 'use':16,100,174 'user':28,33,92,120,154,171,189 'vulner':136,181 'want':129 'way':263 'worst':293 'would':226 'wouldn':133,178,238"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042899"
  +editedAt: DateTimeImmutable @1711217670 {#5130
    date: 2024-03-23 19:14:30.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704287212 {#5131
    date: 2024-01-03 14:06:52.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5132
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5079
    +user: App\Entity\User {#4312 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4838
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4299
        +user: App\Entity\User {#4312 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          > Is it actually dangerous to run Firefox as root?\n
          \n
          Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
          \n
          > usually logged into KDE Plasma as root.\n
          \n
          Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 68
        +score: 0
        +lastActive: DateTime @1711456001 {#4294
          date: 2024-03-26 13:26:41.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4300 …}
        +nested: Doctrine\ORM\PersistentCollection {#4302 …}
        +votes: Doctrine\ORM\PersistentCollection {#4304 …}
        +reports: Doctrine\ORM\PersistentCollection {#4306 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
        -id: 276028
        -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.cafe/comment/3797028"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704276284 {#4295
          date: 2024-01-03 11:04:44.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4299}
      +body: """
        > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
        \n
        Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 5
      +score: 0
      +lastActive: DateTime @1704285378 {#4836
        date: 2024-01-03 13:36:18.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4839 …}
      +nested: Doctrine\ORM\PersistentCollection {#4841 …}
      +votes: Doctrine\ORM\PersistentCollection {#4843 …}
      +reports: Doctrine\ORM\PersistentCollection {#4845 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
      -id: 276247
      -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042493"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285378 {#4837
        date: 2024-01-03 13:36:18.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
      \n
      Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
      \n
      Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 27
    +score: 0
    +lastActive: DateTime @1704285945 {#5076
      date: 2024-01-03 13:45:45.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5080 …}
    +nested: Doctrine\ORM\PersistentCollection {#5082 …}
    +votes: Doctrine\ORM\PersistentCollection {#5084 …}
    +reports: Doctrine\ORM\PersistentCollection {#5086 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
    -id: 276263
    -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.cafe/comment/3798284"
    +editedAt: DateTimeImmutable @1711210951 {#5077
      date: 2024-03-23 17:22:31.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704285945 {#5078
      date: 2024-01-03 13:45:45.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    Thank you.\n
    \n
    > Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.\n
    \n
    This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?\n
    \n
    Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?\n
    \n
    How does a “professional” NAS setup handle this?
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704287212 {#5129
    date: 2024-01-03 14:06:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5133 …}
  +nested: Doctrine\ORM\PersistentCollection {#5135 …}
  +votes: Doctrine\ORM\PersistentCollection {#5137 …}
  +reports: Doctrine\ORM\PersistentCollection {#5139 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5141 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5143 …}
  -id: 276307
  -bodyTs: "'100':265 'abl':229 'absolut':207 'access':55,87,102,110,117,167,273,278 'allow':9 'also':72,155,193 'applic':64 'back':211 'bad':59,244,290 'becom':36 'breach':221 'case':294 'come':66 'compon':11 'compromis':194 'comput':99,279 'config':57,60 'danger':145 'data':122 'databas':65 'drive':81,125,161 'either':138 'els':209,282 'even':149,197 'everyth':31,50,69,115,281 'exploit':7 'fair':37 'fall':284 'feel':259 'file':20,61,148,196,204,233,268 'firefox':141,214,251 'game':38,48 'go':210 'handl':319 'hard':80 'homedir':35 'host':202 'internet':277 'kde':13,139 'keep':266 'like':260 'm':75,105,299 'mayb':297 'mind':68 'miss':300 'mount':82,162 'nas':317 'never':272 'non':310 'non-root':309 'noth':208 'one':108,119 'paranoid':306 'pc':158,176,192,224 'profession':316 'program':184 'protect':131 'read':18,231 'realli':258 'regular':91,153,170,188 'right':237 'root':44,253,311 'run':24,42,150,185,250 'safe':269 'sandbox':220 'say':3 'scenario':295,312 'server':85,113,165,200,236,256 'setup':318 'short':285 'simpli':47 'sinc':156 'someth':73,301 'still':227 'suck':30 'system':53 'thank':1 'thing':215 'think':76 'though':296 'unprivileg':27 'use':16,100,174 'user':28,33,92,120,154,171,189 'vulner':136,181 'want':129 'way':263 'worst':293 'would':226 'wouldn':133,178,238"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042899"
  +editedAt: DateTimeImmutable @1711217670 {#5130
    date: 2024-03-23 19:14:30.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704287212 {#5131
    date: 2024-01-03 14:06:52.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5295
  +user: Proxies\__CG__\App\Entity\User {#5218 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5132
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5079
      +user: App\Entity\User {#4312 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4838
        +user: Proxies\__CG__\App\Entity\User {#1978 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4299
          +user: App\Entity\User {#4312 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            > Is it actually dangerous to run Firefox as root?\n
            \n
            Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
            \n
            > usually logged into KDE Plasma as root.\n
            \n
            Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 68
          +score: 0
          +lastActive: DateTime @1711456001 {#4294
            date: 2024-03-26 13:26:41.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4300 …}
          +nested: Doctrine\ORM\PersistentCollection {#4302 …}
          +votes: Doctrine\ORM\PersistentCollection {#4304 …}
          +reports: Doctrine\ORM\PersistentCollection {#4306 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
          -id: 276028
          -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.cafe/comment/3797028"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704276284 {#4295
            date: 2024-01-03 11:04:44.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4299}
        +body: """
          > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
          \n
          Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704285378 {#4836
          date: 2024-01-03 13:36:18.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@Illecors@lemmy.cafe"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4839 …}
        +nested: Doctrine\ORM\PersistentCollection {#4841 …}
        +votes: Doctrine\ORM\PersistentCollection {#4843 …}
        +reports: Doctrine\ORM\PersistentCollection {#4845 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
        -id: 276247
        -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7042493"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285378 {#4837
          date: 2024-01-03 13:36:18.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4299}
      +body: """
        I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
        \n
        Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
        \n
        Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 27
      +score: 0
      +lastActive: DateTime @1704285945 {#5076
        date: 2024-01-03 13:45:45.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5080 …}
      +nested: Doctrine\ORM\PersistentCollection {#5082 …}
      +votes: Doctrine\ORM\PersistentCollection {#5084 …}
      +reports: Doctrine\ORM\PersistentCollection {#5086 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
      -id: 276263
      -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.cafe/comment/3798284"
      +editedAt: DateTimeImmutable @1711210951 {#5077
        date: 2024-03-23 17:22:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704285945 {#5078
        date: 2024-01-03 13:45:45.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      Thank you.\n
      \n
      > Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.\n
      \n
      This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?\n
      \n
      Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?\n
      \n
      How does a “professional” NAS setup handle this?
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704287212 {#5129
      date: 2024-01-03 14:06:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5133 …}
    +nested: Doctrine\ORM\PersistentCollection {#5135 …}
    +votes: Doctrine\ORM\PersistentCollection {#5137 …}
    +reports: Doctrine\ORM\PersistentCollection {#5139 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5141 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5143 …}
    -id: 276307
    -bodyTs: "'100':265 'abl':229 'absolut':207 'access':55,87,102,110,117,167,273,278 'allow':9 'also':72,155,193 'applic':64 'back':211 'bad':59,244,290 'becom':36 'breach':221 'case':294 'come':66 'compon':11 'compromis':194 'comput':99,279 'config':57,60 'danger':145 'data':122 'databas':65 'drive':81,125,161 'either':138 'els':209,282 'even':149,197 'everyth':31,50,69,115,281 'exploit':7 'fair':37 'fall':284 'feel':259 'file':20,61,148,196,204,233,268 'firefox':141,214,251 'game':38,48 'go':210 'handl':319 'hard':80 'homedir':35 'host':202 'internet':277 'kde':13,139 'keep':266 'like':260 'm':75,105,299 'mayb':297 'mind':68 'miss':300 'mount':82,162 'nas':317 'never':272 'non':310 'non-root':309 'noth':208 'one':108,119 'paranoid':306 'pc':158,176,192,224 'profession':316 'program':184 'protect':131 'read':18,231 'realli':258 'regular':91,153,170,188 'right':237 'root':44,253,311 'run':24,42,150,185,250 'safe':269 'sandbox':220 'say':3 'scenario':295,312 'server':85,113,165,200,236,256 'setup':318 'short':285 'simpli':47 'sinc':156 'someth':73,301 'still':227 'suck':30 'system':53 'thank':1 'thing':215 'think':76 'though':296 'unprivileg':27 'use':16,100,174 'user':28,33,92,120,154,171,189 'vulner':136,181 'want':129 'way':263 'worst':293 'would':226 'wouldn':133,178,238"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042899"
    +editedAt: DateTimeImmutable @1711217670 {#5130
      date: 2024-03-23 19:14:30.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704287212 {#5131
      date: 2024-01-03 14:06:52.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    You never log in as root. On every new VM/LXC I create, I delete the root password after setting it up so that my regular user can use sudo.\n
    \n
    Run as your regular user and sudo the commands that need privileges.\n
    \n
    Also if these are servers, run them headless. There’s no need for a GUI or a browser (use wget or curl for downloads, use your local browser for browsing)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 12
  +score: 0
  +lastActive: DateTime @1704289959 {#5293
    date: 2024-01-03 14:52:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5296 …}
  +nested: Doctrine\ORM\PersistentCollection {#5298 …}
  +votes: Doctrine\ORM\PersistentCollection {#5300 …}
  +reports: Doctrine\ORM\PersistentCollection {#5302 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5304 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5306 …}
  -id: 276418
  -bodyTs: "'also':42 'brows':71 'browser':59,69 'command':38 'creat':12 'curl':63 'delet':14 'download':65 'everi':8 'gui':56 'headless':49 'local':68 'log':3 'need':40,53 'never':2 'new':9 'password':17 'privileg':41 'regular':25,33 'root':6,16 'run':30,47 'server':46 'set':19 'sudo':29,36 'use':28,60,66 'user':26,34 'vm/lxc':10 'wget':61"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7837370"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704289959 {#5294
    date: 2024-01-03 14:52:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5295
  +user: Proxies\__CG__\App\Entity\User {#5218 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5132
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5079
      +user: App\Entity\User {#4312 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4838
        +user: Proxies\__CG__\App\Entity\User {#1978 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4299
          +user: App\Entity\User {#4312 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            > Is it actually dangerous to run Firefox as root?\n
            \n
            Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
            \n
            > usually logged into KDE Plasma as root.\n
            \n
            Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 68
          +score: 0
          +lastActive: DateTime @1711456001 {#4294
            date: 2024-03-26 13:26:41.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4300 …}
          +nested: Doctrine\ORM\PersistentCollection {#4302 …}
          +votes: Doctrine\ORM\PersistentCollection {#4304 …}
          +reports: Doctrine\ORM\PersistentCollection {#4306 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
          -id: 276028
          -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.cafe/comment/3797028"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704276284 {#4295
            date: 2024-01-03 11:04:44.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4299}
        +body: """
          > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
          \n
          Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704285378 {#4836
          date: 2024-01-03 13:36:18.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@Illecors@lemmy.cafe"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4839 …}
        +nested: Doctrine\ORM\PersistentCollection {#4841 …}
        +votes: Doctrine\ORM\PersistentCollection {#4843 …}
        +reports: Doctrine\ORM\PersistentCollection {#4845 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
        -id: 276247
        -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7042493"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285378 {#4837
          date: 2024-01-03 13:36:18.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4299}
      +body: """
        I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
        \n
        Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
        \n
        Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 27
      +score: 0
      +lastActive: DateTime @1704285945 {#5076
        date: 2024-01-03 13:45:45.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5080 …}
      +nested: Doctrine\ORM\PersistentCollection {#5082 …}
      +votes: Doctrine\ORM\PersistentCollection {#5084 …}
      +reports: Doctrine\ORM\PersistentCollection {#5086 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
      -id: 276263
      -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.cafe/comment/3798284"
      +editedAt: DateTimeImmutable @1711210951 {#5077
        date: 2024-03-23 17:22:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704285945 {#5078
        date: 2024-01-03 13:45:45.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      Thank you.\n
      \n
      > Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.\n
      \n
      This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?\n
      \n
      Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?\n
      \n
      How does a “professional” NAS setup handle this?
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704287212 {#5129
      date: 2024-01-03 14:06:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5133 …}
    +nested: Doctrine\ORM\PersistentCollection {#5135 …}
    +votes: Doctrine\ORM\PersistentCollection {#5137 …}
    +reports: Doctrine\ORM\PersistentCollection {#5139 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5141 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5143 …}
    -id: 276307
    -bodyTs: "'100':265 'abl':229 'absolut':207 'access':55,87,102,110,117,167,273,278 'allow':9 'also':72,155,193 'applic':64 'back':211 'bad':59,244,290 'becom':36 'breach':221 'case':294 'come':66 'compon':11 'compromis':194 'comput':99,279 'config':57,60 'danger':145 'data':122 'databas':65 'drive':81,125,161 'either':138 'els':209,282 'even':149,197 'everyth':31,50,69,115,281 'exploit':7 'fair':37 'fall':284 'feel':259 'file':20,61,148,196,204,233,268 'firefox':141,214,251 'game':38,48 'go':210 'handl':319 'hard':80 'homedir':35 'host':202 'internet':277 'kde':13,139 'keep':266 'like':260 'm':75,105,299 'mayb':297 'mind':68 'miss':300 'mount':82,162 'nas':317 'never':272 'non':310 'non-root':309 'noth':208 'one':108,119 'paranoid':306 'pc':158,176,192,224 'profession':316 'program':184 'protect':131 'read':18,231 'realli':258 'regular':91,153,170,188 'right':237 'root':44,253,311 'run':24,42,150,185,250 'safe':269 'sandbox':220 'say':3 'scenario':295,312 'server':85,113,165,200,236,256 'setup':318 'short':285 'simpli':47 'sinc':156 'someth':73,301 'still':227 'suck':30 'system':53 'thank':1 'thing':215 'think':76 'though':296 'unprivileg':27 'use':16,100,174 'user':28,33,92,120,154,171,189 'vulner':136,181 'want':129 'way':263 'worst':293 'would':226 'wouldn':133,178,238"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042899"
    +editedAt: DateTimeImmutable @1711217670 {#5130
      date: 2024-03-23 19:14:30.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704287212 {#5131
      date: 2024-01-03 14:06:52.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    You never log in as root. On every new VM/LXC I create, I delete the root password after setting it up so that my regular user can use sudo.\n
    \n
    Run as your regular user and sudo the commands that need privileges.\n
    \n
    Also if these are servers, run them headless. There’s no need for a GUI or a browser (use wget or curl for downloads, use your local browser for browsing)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 12
  +score: 0
  +lastActive: DateTime @1704289959 {#5293
    date: 2024-01-03 14:52:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5296 …}
  +nested: Doctrine\ORM\PersistentCollection {#5298 …}
  +votes: Doctrine\ORM\PersistentCollection {#5300 …}
  +reports: Doctrine\ORM\PersistentCollection {#5302 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5304 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5306 …}
  -id: 276418
  -bodyTs: "'also':42 'brows':71 'browser':59,69 'command':38 'creat':12 'curl':63 'delet':14 'download':65 'everi':8 'gui':56 'headless':49 'local':68 'log':3 'need':40,53 'never':2 'new':9 'password':17 'privileg':41 'regular':25,33 'root':6,16 'run':30,47 'server':46 'set':19 'sudo':29,36 'use':28,60,66 'user':26,34 'vm/lxc':10 'wget':61"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7837370"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704289959 {#5294
    date: 2024-01-03 14:52:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5295
  +user: Proxies\__CG__\App\Entity\User {#5218 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5132
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5079
      +user: App\Entity\User {#4312 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4838
        +user: Proxies\__CG__\App\Entity\User {#1978 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4299
          +user: App\Entity\User {#4312 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            > Is it actually dangerous to run Firefox as root?\n
            \n
            Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
            \n
            > usually logged into KDE Plasma as root.\n
            \n
            Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 68
          +score: 0
          +lastActive: DateTime @1711456001 {#4294
            date: 2024-03-26 13:26:41.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4300 …}
          +nested: Doctrine\ORM\PersistentCollection {#4302 …}
          +votes: Doctrine\ORM\PersistentCollection {#4304 …}
          +reports: Doctrine\ORM\PersistentCollection {#4306 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
          -id: 276028
          -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.cafe/comment/3797028"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704276284 {#4295
            date: 2024-01-03 11:04:44.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4299}
        +body: """
          > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
          \n
          Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704285378 {#4836
          date: 2024-01-03 13:36:18.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@Illecors@lemmy.cafe"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4839 …}
        +nested: Doctrine\ORM\PersistentCollection {#4841 …}
        +votes: Doctrine\ORM\PersistentCollection {#4843 …}
        +reports: Doctrine\ORM\PersistentCollection {#4845 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
        -id: 276247
        -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7042493"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285378 {#4837
          date: 2024-01-03 13:36:18.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4299}
      +body: """
        I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
        \n
        Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
        \n
        Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 27
      +score: 0
      +lastActive: DateTime @1704285945 {#5076
        date: 2024-01-03 13:45:45.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5080 …}
      +nested: Doctrine\ORM\PersistentCollection {#5082 …}
      +votes: Doctrine\ORM\PersistentCollection {#5084 …}
      +reports: Doctrine\ORM\PersistentCollection {#5086 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
      -id: 276263
      -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.cafe/comment/3798284"
      +editedAt: DateTimeImmutable @1711210951 {#5077
        date: 2024-03-23 17:22:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704285945 {#5078
        date: 2024-01-03 13:45:45.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      Thank you.\n
      \n
      > Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.\n
      \n
      This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?\n
      \n
      Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?\n
      \n
      How does a “professional” NAS setup handle this?
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704287212 {#5129
      date: 2024-01-03 14:06:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5133 …}
    +nested: Doctrine\ORM\PersistentCollection {#5135 …}
    +votes: Doctrine\ORM\PersistentCollection {#5137 …}
    +reports: Doctrine\ORM\PersistentCollection {#5139 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5141 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5143 …}
    -id: 276307
    -bodyTs: "'100':265 'abl':229 'absolut':207 'access':55,87,102,110,117,167,273,278 'allow':9 'also':72,155,193 'applic':64 'back':211 'bad':59,244,290 'becom':36 'breach':221 'case':294 'come':66 'compon':11 'compromis':194 'comput':99,279 'config':57,60 'danger':145 'data':122 'databas':65 'drive':81,125,161 'either':138 'els':209,282 'even':149,197 'everyth':31,50,69,115,281 'exploit':7 'fair':37 'fall':284 'feel':259 'file':20,61,148,196,204,233,268 'firefox':141,214,251 'game':38,48 'go':210 'handl':319 'hard':80 'homedir':35 'host':202 'internet':277 'kde':13,139 'keep':266 'like':260 'm':75,105,299 'mayb':297 'mind':68 'miss':300 'mount':82,162 'nas':317 'never':272 'non':310 'non-root':309 'noth':208 'one':108,119 'paranoid':306 'pc':158,176,192,224 'profession':316 'program':184 'protect':131 'read':18,231 'realli':258 'regular':91,153,170,188 'right':237 'root':44,253,311 'run':24,42,150,185,250 'safe':269 'sandbox':220 'say':3 'scenario':295,312 'server':85,113,165,200,236,256 'setup':318 'short':285 'simpli':47 'sinc':156 'someth':73,301 'still':227 'suck':30 'system':53 'thank':1 'thing':215 'think':76 'though':296 'unprivileg':27 'use':16,100,174 'user':28,33,92,120,154,171,189 'vulner':136,181 'want':129 'way':263 'worst':293 'would':226 'wouldn':133,178,238"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042899"
    +editedAt: DateTimeImmutable @1711217670 {#5130
      date: 2024-03-23 19:14:30.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704287212 {#5131
      date: 2024-01-03 14:06:52.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: """
    You never log in as root. On every new VM/LXC I create, I delete the root password after setting it up so that my regular user can use sudo.\n
    \n
    Run as your regular user and sudo the commands that need privileges.\n
    \n
    Also if these are servers, run them headless. There’s no need for a GUI or a browser (use wget or curl for downloads, use your local browser for browsing)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 12
  +score: 0
  +lastActive: DateTime @1704289959 {#5293
    date: 2024-01-03 14:52:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5296 …}
  +nested: Doctrine\ORM\PersistentCollection {#5298 …}
  +votes: Doctrine\ORM\PersistentCollection {#5300 …}
  +reports: Doctrine\ORM\PersistentCollection {#5302 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5304 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5306 …}
  -id: 276418
  -bodyTs: "'also':42 'brows':71 'browser':59,69 'command':38 'creat':12 'curl':63 'delet':14 'download':65 'everi':8 'gui':56 'headless':49 'local':68 'log':3 'need':40,53 'never':2 'new':9 'password':17 'privileg':41 'regular':25,33 'root':6,16 'run':30,47 'server':46 'set':19 'sudo':29,36 'use':28,60,66 'user':26,34 'vm/lxc':10 'wget':61"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7837370"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704289959 {#5294
    date: 2024-01-03 14:52:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5310
  +user: Proxies\__CG__\App\Entity\User {#5311 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5132
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5079
      +user: App\Entity\User {#4312 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4838
        +user: Proxies\__CG__\App\Entity\User {#1978 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4299
          +user: App\Entity\User {#4312 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            > Is it actually dangerous to run Firefox as root?\n
            \n
            Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
            \n
            > usually logged into KDE Plasma as root.\n
            \n
            Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 68
          +score: 0
          +lastActive: DateTime @1711456001 {#4294
            date: 2024-03-26 13:26:41.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4300 …}
          +nested: Doctrine\ORM\PersistentCollection {#4302 …}
          +votes: Doctrine\ORM\PersistentCollection {#4304 …}
          +reports: Doctrine\ORM\PersistentCollection {#4306 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
          -id: 276028
          -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.cafe/comment/3797028"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704276284 {#4295
            date: 2024-01-03 11:04:44.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4299}
        +body: """
          > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
          \n
          Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704285378 {#4836
          date: 2024-01-03 13:36:18.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@Illecors@lemmy.cafe"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4839 …}
        +nested: Doctrine\ORM\PersistentCollection {#4841 …}
        +votes: Doctrine\ORM\PersistentCollection {#4843 …}
        +reports: Doctrine\ORM\PersistentCollection {#4845 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
        -id: 276247
        -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7042493"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285378 {#4837
          date: 2024-01-03 13:36:18.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4299}
      +body: """
        I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
        \n
        Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
        \n
        Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 27
      +score: 0
      +lastActive: DateTime @1704285945 {#5076
        date: 2024-01-03 13:45:45.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5080 …}
      +nested: Doctrine\ORM\PersistentCollection {#5082 …}
      +votes: Doctrine\ORM\PersistentCollection {#5084 …}
      +reports: Doctrine\ORM\PersistentCollection {#5086 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
      -id: 276263
      -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.cafe/comment/3798284"
      +editedAt: DateTimeImmutable @1711210951 {#5077
        date: 2024-03-23 17:22:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704285945 {#5078
        date: 2024-01-03 13:45:45.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      Thank you.\n
      \n
      > Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.\n
      \n
      This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?\n
      \n
      Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?\n
      \n
      How does a “professional” NAS setup handle this?
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704287212 {#5129
      date: 2024-01-03 14:06:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5133 …}
    +nested: Doctrine\ORM\PersistentCollection {#5135 …}
    +votes: Doctrine\ORM\PersistentCollection {#5137 …}
    +reports: Doctrine\ORM\PersistentCollection {#5139 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5141 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5143 …}
    -id: 276307
    -bodyTs: "'100':265 'abl':229 'absolut':207 'access':55,87,102,110,117,167,273,278 'allow':9 'also':72,155,193 'applic':64 'back':211 'bad':59,244,290 'becom':36 'breach':221 'case':294 'come':66 'compon':11 'compromis':194 'comput':99,279 'config':57,60 'danger':145 'data':122 'databas':65 'drive':81,125,161 'either':138 'els':209,282 'even':149,197 'everyth':31,50,69,115,281 'exploit':7 'fair':37 'fall':284 'feel':259 'file':20,61,148,196,204,233,268 'firefox':141,214,251 'game':38,48 'go':210 'handl':319 'hard':80 'homedir':35 'host':202 'internet':277 'kde':13,139 'keep':266 'like':260 'm':75,105,299 'mayb':297 'mind':68 'miss':300 'mount':82,162 'nas':317 'never':272 'non':310 'non-root':309 'noth':208 'one':108,119 'paranoid':306 'pc':158,176,192,224 'profession':316 'program':184 'protect':131 'read':18,231 'realli':258 'regular':91,153,170,188 'right':237 'root':44,253,311 'run':24,42,150,185,250 'safe':269 'sandbox':220 'say':3 'scenario':295,312 'server':85,113,165,200,236,256 'setup':318 'short':285 'simpli':47 'sinc':156 'someth':73,301 'still':227 'suck':30 'system':53 'thank':1 'thing':215 'think':76 'though':296 'unprivileg':27 'use':16,100,174 'user':28,33,92,120,154,171,189 'vulner':136,181 'want':129 'way':263 'worst':293 'would':226 'wouldn':133,178,238"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042899"
    +editedAt: DateTimeImmutable @1711217670 {#5130
      date: 2024-03-23 19:14:30.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704287212 {#5131
      date: 2024-01-03 14:06:52.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: "You keep your files safe by having backups. Multiple copies. Set up the backups to gets copied to another server or other system your regular user doesn’t have access to. Ideally, you follow the 3-2-1 backup standard if the files are important. That is 3 copies, on 2 different media, and 1 offsite. There are many ways of accomplishing that and its up to you to figure out what works best."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1704338587 {#5308
    date: 2024-01-04 04:23:07.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5312 …}
  +nested: Doctrine\ORM\PersistentCollection {#5314 …}
  +votes: Doctrine\ORM\PersistentCollection {#5316 …}
  +reports: Doctrine\ORM\PersistentCollection {#5318 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5320 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5322 …}
  -id: 278514
  -bodyTs: "'-1':38 '-2':37 '1':55 '2':51 '3':36,48 'access':30 'accomplish':62 'anoth':19 'backup':8,14,39 'best':74 'copi':10,17,49 'differ':52 'doesn':27 'figur':70 'file':4,43 'follow':34 'get':16 'ideal':32 'import':45 'keep':2 'mani':59 'media':53 'multipl':9 'offsit':56 'regular':25 'safe':5 'server':20 'set':11 'standard':40 'system':23 'user':26 'way':60 'work':73"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7858403"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704338587 {#5309
    date: 2024-01-04 04:23:07.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5310
  +user: Proxies\__CG__\App\Entity\User {#5311 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5132
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5079
      +user: App\Entity\User {#4312 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4838
        +user: Proxies\__CG__\App\Entity\User {#1978 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4299
          +user: App\Entity\User {#4312 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            > Is it actually dangerous to run Firefox as root?\n
            \n
            Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
            \n
            > usually logged into KDE Plasma as root.\n
            \n
            Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 68
          +score: 0
          +lastActive: DateTime @1711456001 {#4294
            date: 2024-03-26 13:26:41.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4300 …}
          +nested: Doctrine\ORM\PersistentCollection {#4302 …}
          +votes: Doctrine\ORM\PersistentCollection {#4304 …}
          +reports: Doctrine\ORM\PersistentCollection {#4306 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
          -id: 276028
          -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.cafe/comment/3797028"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704276284 {#4295
            date: 2024-01-03 11:04:44.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4299}
        +body: """
          > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
          \n
          Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704285378 {#4836
          date: 2024-01-03 13:36:18.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@Illecors@lemmy.cafe"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4839 …}
        +nested: Doctrine\ORM\PersistentCollection {#4841 …}
        +votes: Doctrine\ORM\PersistentCollection {#4843 …}
        +reports: Doctrine\ORM\PersistentCollection {#4845 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
        -id: 276247
        -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7042493"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285378 {#4837
          date: 2024-01-03 13:36:18.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4299}
      +body: """
        I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
        \n
        Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
        \n
        Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 27
      +score: 0
      +lastActive: DateTime @1704285945 {#5076
        date: 2024-01-03 13:45:45.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5080 …}
      +nested: Doctrine\ORM\PersistentCollection {#5082 …}
      +votes: Doctrine\ORM\PersistentCollection {#5084 …}
      +reports: Doctrine\ORM\PersistentCollection {#5086 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
      -id: 276263
      -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.cafe/comment/3798284"
      +editedAt: DateTimeImmutable @1711210951 {#5077
        date: 2024-03-23 17:22:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704285945 {#5078
        date: 2024-01-03 13:45:45.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      Thank you.\n
      \n
      > Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.\n
      \n
      This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?\n
      \n
      Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?\n
      \n
      How does a “professional” NAS setup handle this?
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704287212 {#5129
      date: 2024-01-03 14:06:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5133 …}
    +nested: Doctrine\ORM\PersistentCollection {#5135 …}
    +votes: Doctrine\ORM\PersistentCollection {#5137 …}
    +reports: Doctrine\ORM\PersistentCollection {#5139 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5141 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5143 …}
    -id: 276307
    -bodyTs: "'100':265 'abl':229 'absolut':207 'access':55,87,102,110,117,167,273,278 'allow':9 'also':72,155,193 'applic':64 'back':211 'bad':59,244,290 'becom':36 'breach':221 'case':294 'come':66 'compon':11 'compromis':194 'comput':99,279 'config':57,60 'danger':145 'data':122 'databas':65 'drive':81,125,161 'either':138 'els':209,282 'even':149,197 'everyth':31,50,69,115,281 'exploit':7 'fair':37 'fall':284 'feel':259 'file':20,61,148,196,204,233,268 'firefox':141,214,251 'game':38,48 'go':210 'handl':319 'hard':80 'homedir':35 'host':202 'internet':277 'kde':13,139 'keep':266 'like':260 'm':75,105,299 'mayb':297 'mind':68 'miss':300 'mount':82,162 'nas':317 'never':272 'non':310 'non-root':309 'noth':208 'one':108,119 'paranoid':306 'pc':158,176,192,224 'profession':316 'program':184 'protect':131 'read':18,231 'realli':258 'regular':91,153,170,188 'right':237 'root':44,253,311 'run':24,42,150,185,250 'safe':269 'sandbox':220 'say':3 'scenario':295,312 'server':85,113,165,200,236,256 'setup':318 'short':285 'simpli':47 'sinc':156 'someth':73,301 'still':227 'suck':30 'system':53 'thank':1 'thing':215 'think':76 'though':296 'unprivileg':27 'use':16,100,174 'user':28,33,92,120,154,171,189 'vulner':136,181 'want':129 'way':263 'worst':293 'would':226 'wouldn':133,178,238"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042899"
    +editedAt: DateTimeImmutable @1711217670 {#5130
      date: 2024-03-23 19:14:30.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704287212 {#5131
      date: 2024-01-03 14:06:52.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: "You keep your files safe by having backups. Multiple copies. Set up the backups to gets copied to another server or other system your regular user doesn’t have access to. Ideally, you follow the 3-2-1 backup standard if the files are important. That is 3 copies, on 2 different media, and 1 offsite. There are many ways of accomplishing that and its up to you to figure out what works best."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1704338587 {#5308
    date: 2024-01-04 04:23:07.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5312 …}
  +nested: Doctrine\ORM\PersistentCollection {#5314 …}
  +votes: Doctrine\ORM\PersistentCollection {#5316 …}
  +reports: Doctrine\ORM\PersistentCollection {#5318 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5320 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5322 …}
  -id: 278514
  -bodyTs: "'-1':38 '-2':37 '1':55 '2':51 '3':36,48 'access':30 'accomplish':62 'anoth':19 'backup':8,14,39 'best':74 'copi':10,17,49 'differ':52 'doesn':27 'figur':70 'file':4,43 'follow':34 'get':16 'ideal':32 'import':45 'keep':2 'mani':59 'media':53 'multipl':9 'offsit':56 'regular':25 'safe':5 'server':20 'set':11 'standard':40 'system':23 'user':26 'way':60 'work':73"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7858403"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704338587 {#5309
    date: 2024-01-04 04:23:07.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5310
  +user: Proxies\__CG__\App\Entity\User {#5311 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5132
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#5079
      +user: App\Entity\User {#4312 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4838
        +user: Proxies\__CG__\App\Entity\User {#1978 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4299
          +user: App\Entity\User {#4312 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            > Is it actually dangerous to run Firefox as root?\n
            \n
            Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.\n
            \n
            > usually logged into KDE Plasma as root.\n
            \n
            Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 68
          +score: 0
          +lastActive: DateTime @1711456001 {#4294
            date: 2024-03-26 13:26:41.0 +01:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4300 …}
          +nested: Doctrine\ORM\PersistentCollection {#4302 …}
          +votes: Doctrine\ORM\PersistentCollection {#4304 …}
          +reports: Doctrine\ORM\PersistentCollection {#4306 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4308 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4310 …}
          -id: 276028
          -bodyTs: "'access':24,72,89 'actual':3 'anyth':19,74 'appli':100 'built':84 'bust':40 'code':66 'danger':4 'des':53 'everyth':26 'expect':68 'fail':86 'firefox':7,17,102 'first':96 'get':23,39 'go':32 'kde':44 'line':64 'log':42 'might':82 'million':62 'one':28 'place':97 'plasma':45 'pleas':48 'quiet':87 'realli':103 'root':9,22,47,61 'run':6,20,59 'shouldn':76,92 'someth':90 'specif':15 'system':37 'test':56 'thing':29,99 'usual':41 'whole':36 'wrong':33 'yes':10"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://lemmy.cafe/comment/3797028"
          +editedAt: null
          +createdAt: DateTimeImmutable @1704276284 {#4295
            date: 2024-01-03 11:04:44.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4299}
        +body: """
          > Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.\n
          \n
          Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 5
        +score: 0
        +lastActive: DateTime @1704285378 {#4836
          date: 2024-01-03 13:36:18.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@Illecors@lemmy.cafe"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4839 …}
        +nested: Doctrine\ORM\PersistentCollection {#4841 …}
        +votes: Doctrine\ORM\PersistentCollection {#4843 …}
        +reports: Doctrine\ORM\PersistentCollection {#4845 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4847 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4849 …}
        -id: 276247
        -bodyTs: "'access':25,42 'alway':88 'anyth':27 'appli':53 'ask':69 'assum':90 'built':37 'code':19 'could':57 'des':6 'elabor':59 'expect':21 'fail':39 'fedora':67 'firefox':55 'first':49 'genuin':64 'instal':85 'intend':94 'kde':83 'line':17 'log':79 'm':63 'might':35 'million':15 'option':77 'place':50 'pleas':1 'quiet':40 'realli':56 'root':14,81 'run':12 'shouldn':29,45 'someth':43 'surpris':65 'test':9 'thing':52 'use':97 'want':73 'way':99"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7042493"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285378 {#4837
          date: 2024-01-03 13:36:18.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4299}
      +body: """
        I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.\n
        \n
        Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.\n
        \n
        Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. *Everything* on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 27
      +score: 0
      +lastActive: DateTime @1704285945 {#5076
        date: 2024-01-03 13:45:45.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
        "@HiddenLayer5@lemmy.ml"
        "@Illecors@lemmy.cafe"
      ]
      +children: Doctrine\ORM\PersistentCollection {#5080 …}
      +nested: Doctrine\ORM\PersistentCollection {#5082 …}
      +votes: Doctrine\ORM\PersistentCollection {#5084 …}
      +reports: Doctrine\ORM\PersistentCollection {#5086 …}
      +favourites: Doctrine\ORM\PersistentCollection {#5088 …}
      +notifications: Doctrine\ORM\PersistentCollection {#5090 …}
      -id: 276263
      -bodyTs: "'access':113 'account':19 'allow':67 'applic':122 'bad':117 'becom':52,94 'bunch':35 'class':49 'code':37 'come':124 'compon':69 'config':115,118 'databas':123 'de':24 'disabl':17 'elabor':30 'els':28 'everyth':89,108,127 'exploit':51,65 'fair':95 'fedora':8 'file':78,119 'game':96,106 'homedir':93 'instal':10 'kde':71 'know':4 'log':21 'mind':126 'normal':12 'question':14 'read':76 'root':18,46,102 'run':44,82,100 'say':61 'simpli':105 'specif':6 'stick':56 'suck':88 'sure':26 'system':111 'test':41 'unavail':53 'unprivileg':59,85 'use':74 'user':60,86,91 'whole':48"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.cafe/comment/3798284"
      +editedAt: DateTimeImmutable @1711210951 {#5077
        date: 2024-03-23 17:22:31.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704285945 {#5078
        date: 2024-01-03 13:45:45.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4299}
    +body: """
      Thank you.\n
      \n
      > Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.\n
      \n
      This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?\n
      \n
      Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?\n
      \n
      How does a “professional” NAS setup handle this?
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1704287212 {#5129
      date: 2024-01-03 14:06:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
      "@HiddenLayer5@lemmy.ml"
      "@Illecors@lemmy.cafe"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5133 …}
    +nested: Doctrine\ORM\PersistentCollection {#5135 …}
    +votes: Doctrine\ORM\PersistentCollection {#5137 …}
    +reports: Doctrine\ORM\PersistentCollection {#5139 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5141 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5143 …}
    -id: 276307
    -bodyTs: "'100':265 'abl':229 'absolut':207 'access':55,87,102,110,117,167,273,278 'allow':9 'also':72,155,193 'applic':64 'back':211 'bad':59,244,290 'becom':36 'breach':221 'case':294 'come':66 'compon':11 'compromis':194 'comput':99,279 'config':57,60 'danger':145 'data':122 'databas':65 'drive':81,125,161 'either':138 'els':209,282 'even':149,197 'everyth':31,50,69,115,281 'exploit':7 'fair':37 'fall':284 'feel':259 'file':20,61,148,196,204,233,268 'firefox':141,214,251 'game':38,48 'go':210 'handl':319 'hard':80 'homedir':35 'host':202 'internet':277 'kde':13,139 'keep':266 'like':260 'm':75,105,299 'mayb':297 'mind':68 'miss':300 'mount':82,162 'nas':317 'never':272 'non':310 'non-root':309 'noth':208 'one':108,119 'paranoid':306 'pc':158,176,192,224 'profession':316 'program':184 'protect':131 'read':18,231 'realli':258 'regular':91,153,170,188 'right':237 'root':44,253,311 'run':24,42,150,185,250 'safe':269 'sandbox':220 'say':3 'scenario':295,312 'server':85,113,165,200,236,256 'setup':318 'short':285 'simpli':47 'sinc':156 'someth':73,301 'still':227 'suck':30 'system':53 'thank':1 'thing':215 'think':76 'though':296 'unprivileg':27 'use':16,100,174 'user':28,33,92,120,154,171,189 'vulner':136,181 'want':129 'way':263 'worst':293 'would':226 'wouldn':133,178,238"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042899"
    +editedAt: DateTimeImmutable @1711217670 {#5130
      date: 2024-03-23 19:14:30.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704287212 {#5131
      date: 2024-01-03 14:06:52.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4299}
  +body: "You keep your files safe by having backups. Multiple copies. Set up the backups to gets copied to another server or other system your regular user doesn’t have access to. Ideally, you follow the 3-2-1 backup standard if the files are important. That is 3 copies, on 2 different media, and 1 offsite. There are many ways of accomplishing that and its up to you to figure out what works best."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1704338587 {#5308
    date: 2024-01-04 04:23:07.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@Illecors@lemmy.cafe"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5312 …}
  +nested: Doctrine\ORM\PersistentCollection {#5314 …}
  +votes: Doctrine\ORM\PersistentCollection {#5316 …}
  +reports: Doctrine\ORM\PersistentCollection {#5318 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5320 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5322 …}
  -id: 278514
  -bodyTs: "'-1':38 '-2':37 '1':55 '2':51 '3':36,48 'access':30 'accomplish':62 'anoth':19 'backup':8,14,39 'best':74 'copi':10,17,49 'differ':52 'doesn':27 'figur':70 'file':4,43 'follow':34 'get':16 'ideal':32 'import':45 'keep':2 'mani':59 'media':53 'multipl':9 'offsit':56 'regular':25 'safe':5 'server':20 'set':11 'standard':40 'system':23 'user':26 'way':60 'work':73"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemm.ee/comment/7858403"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704338587 {#5309
    date: 2024-01-04 04:23:07.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4372
  +user: App\Entity\User {#4385 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    [www.mozilla.org/en-US/security/…/mfsa2023-56/](https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/)\n
    \n
    That’s a link to the most recent release of Firefox and the security vulnerabilities that were fixed.\n
    \n
    You’ll notice the first one listed says, “This issue could allow an attacker to perform remote code execution and sandbox escape.”\n
    \n
    So if you visited a site that exploited that bug, it escaped the sandbox and ran whatever code it wanted to. Since you were running as root it could do anything it wants. Your device is now the property of someone else. Potentially all your data has been stolen. You probably didn’t even notice.\n
    \n
    Now. Realistically. You probably didn’t get exploited. Your device may not be vulnerable to that particular bug. But new bugs are found, and fixed, and created every day. Can you be sure you weren’t exploited?\n
    \n
    Let’s look at it a different way. Think of it like driving a car with no seatbelt or airbags. As long as you don’t crash, you’re fine. The car still works fine without seatbelts and you have more freedom to move your arms around.\n
    \n
    Let’s look at it a different way. Do you ever lock the door to your home/apartment? Heck do you even close the door? Why not leave it wide open?\n
    \n
    At the end of the day security is about layers and the trade offs for convenience. You can run KDE as root, and you can run Firefox as root. You’ll probably be fine. It’s like driving without a seatbelt or leaving your front door wide open, but you can do it. If you do drive with a seatbelt and at least close your front door, you can probably run KDE and Firefox as a regular user.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 61
  +score: 0
  +lastActive: DateTime @1704276047 {#4367
    date: 2024-01-03 11:00:47.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4373 …}
  +nested: Doctrine\ORM\PersistentCollection {#4375 …}
  +votes: Doctrine\ORM\PersistentCollection {#4377 …}
  +reports: Doctrine\ORM\PersistentCollection {#4379 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
  -id: 276021
  -bodyTs: "'/en-us/security/':3 '/en-us/security/advisories/mfsa2023-56/)':7 '/mfsa2023-56':4 'airbag':159 'allow':37 'anyth':78 'arm':185 'around':186 'attack':39 'bug':57,120,123 'car':154,171 'close':208,280 'code':43,65 'conveni':232 'could':36,76 'crash':166 'creat':129 'data':93 'day':131,222 'devic':82,112 'didn':99,107 'differ':146,193 'door':200,210,262,283 'drive':152,254,273 'els':89 'end':219 'escap':47,59 'even':101,207 'ever':197 'everi':130 'execut':44 'exploit':55,110,139 'fine':169,174,250 'firefox':18,243,290 'first':30 'fix':25,127 'found':125 'freedom':181 'front':261,282 'get':109 'heck':204 'home/apartment':203 'issu':35 'kde':236,288 'layer':226 'least':279 'leav':213,259 'let':140,187 'like':151,253 'link':11 'list':32 'll':27,247 'lock':198 'long':161 'look':142,189 'may':113 'move':183 'new':122 'notic':28,102 'off':230 'one':31 'open':216,264 'particular':119 'perform':41 'potenti':90 'probabl':98,106,248,286 'properti':86 'ran':63 're':168 'realist':104 'recent':15 'regular':293 'releas':16 'remot':42 'root':74,238,245 'run':72,235,242,287 'sandbox':46,61 'say':33 'seatbelt':157,176,257,276 'secur':21,223 'sinc':69 'site':53 'someon':88 'still':172 'stolen':96 'sure':135 'think':148 'trade':229 'user':294 'visit':51 'vulner':22,116 'want':67,80 'way':147,194 'weren':137 'whatev':64 'wide':215,263 'without':175,255 'work':173 'www.mozilla.org':2,6 'www.mozilla.org/en-us/security/':1 'www.mozilla.org/en-us/security/advisories/mfsa2023-56/)':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6375764"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704276047 {#4368
    date: 2024-01-03 11:00:47.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4372
  +user: App\Entity\User {#4385 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    [www.mozilla.org/en-US/security/…/mfsa2023-56/](https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/)\n
    \n
    That’s a link to the most recent release of Firefox and the security vulnerabilities that were fixed.\n
    \n
    You’ll notice the first one listed says, “This issue could allow an attacker to perform remote code execution and sandbox escape.”\n
    \n
    So if you visited a site that exploited that bug, it escaped the sandbox and ran whatever code it wanted to. Since you were running as root it could do anything it wants. Your device is now the property of someone else. Potentially all your data has been stolen. You probably didn’t even notice.\n
    \n
    Now. Realistically. You probably didn’t get exploited. Your device may not be vulnerable to that particular bug. But new bugs are found, and fixed, and created every day. Can you be sure you weren’t exploited?\n
    \n
    Let’s look at it a different way. Think of it like driving a car with no seatbelt or airbags. As long as you don’t crash, you’re fine. The car still works fine without seatbelts and you have more freedom to move your arms around.\n
    \n
    Let’s look at it a different way. Do you ever lock the door to your home/apartment? Heck do you even close the door? Why not leave it wide open?\n
    \n
    At the end of the day security is about layers and the trade offs for convenience. You can run KDE as root, and you can run Firefox as root. You’ll probably be fine. It’s like driving without a seatbelt or leaving your front door wide open, but you can do it. If you do drive with a seatbelt and at least close your front door, you can probably run KDE and Firefox as a regular user.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 61
  +score: 0
  +lastActive: DateTime @1704276047 {#4367
    date: 2024-01-03 11:00:47.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4373 …}
  +nested: Doctrine\ORM\PersistentCollection {#4375 …}
  +votes: Doctrine\ORM\PersistentCollection {#4377 …}
  +reports: Doctrine\ORM\PersistentCollection {#4379 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
  -id: 276021
  -bodyTs: "'/en-us/security/':3 '/en-us/security/advisories/mfsa2023-56/)':7 '/mfsa2023-56':4 'airbag':159 'allow':37 'anyth':78 'arm':185 'around':186 'attack':39 'bug':57,120,123 'car':154,171 'close':208,280 'code':43,65 'conveni':232 'could':36,76 'crash':166 'creat':129 'data':93 'day':131,222 'devic':82,112 'didn':99,107 'differ':146,193 'door':200,210,262,283 'drive':152,254,273 'els':89 'end':219 'escap':47,59 'even':101,207 'ever':197 'everi':130 'execut':44 'exploit':55,110,139 'fine':169,174,250 'firefox':18,243,290 'first':30 'fix':25,127 'found':125 'freedom':181 'front':261,282 'get':109 'heck':204 'home/apartment':203 'issu':35 'kde':236,288 'layer':226 'least':279 'leav':213,259 'let':140,187 'like':151,253 'link':11 'list':32 'll':27,247 'lock':198 'long':161 'look':142,189 'may':113 'move':183 'new':122 'notic':28,102 'off':230 'one':31 'open':216,264 'particular':119 'perform':41 'potenti':90 'probabl':98,106,248,286 'properti':86 'ran':63 're':168 'realist':104 'recent':15 'regular':293 'releas':16 'remot':42 'root':74,238,245 'run':72,235,242,287 'sandbox':46,61 'say':33 'seatbelt':157,176,257,276 'secur':21,223 'sinc':69 'site':53 'someon':88 'still':172 'stolen':96 'sure':135 'think':148 'trade':229 'user':294 'visit':51 'vulner':22,116 'want':67,80 'way':147,194 'weren':137 'whatev':64 'wide':215,263 'without':175,255 'work':173 'www.mozilla.org':2,6 'www.mozilla.org/en-us/security/':1 'www.mozilla.org/en-us/security/advisories/mfsa2023-56/)':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6375764"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704276047 {#4368
    date: 2024-01-03 11:00:47.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4372
  +user: App\Entity\User {#4385 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    [www.mozilla.org/en-US/security/…/mfsa2023-56/](https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/)\n
    \n
    That’s a link to the most recent release of Firefox and the security vulnerabilities that were fixed.\n
    \n
    You’ll notice the first one listed says, “This issue could allow an attacker to perform remote code execution and sandbox escape.”\n
    \n
    So if you visited a site that exploited that bug, it escaped the sandbox and ran whatever code it wanted to. Since you were running as root it could do anything it wants. Your device is now the property of someone else. Potentially all your data has been stolen. You probably didn’t even notice.\n
    \n
    Now. Realistically. You probably didn’t get exploited. Your device may not be vulnerable to that particular bug. But new bugs are found, and fixed, and created every day. Can you be sure you weren’t exploited?\n
    \n
    Let’s look at it a different way. Think of it like driving a car with no seatbelt or airbags. As long as you don’t crash, you’re fine. The car still works fine without seatbelts and you have more freedom to move your arms around.\n
    \n
    Let’s look at it a different way. Do you ever lock the door to your home/apartment? Heck do you even close the door? Why not leave it wide open?\n
    \n
    At the end of the day security is about layers and the trade offs for convenience. You can run KDE as root, and you can run Firefox as root. You’ll probably be fine. It’s like driving without a seatbelt or leaving your front door wide open, but you can do it. If you do drive with a seatbelt and at least close your front door, you can probably run KDE and Firefox as a regular user.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 61
  +score: 0
  +lastActive: DateTime @1704276047 {#4367
    date: 2024-01-03 11:00:47.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4373 …}
  +nested: Doctrine\ORM\PersistentCollection {#4375 …}
  +votes: Doctrine\ORM\PersistentCollection {#4377 …}
  +reports: Doctrine\ORM\PersistentCollection {#4379 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
  -id: 276021
  -bodyTs: "'/en-us/security/':3 '/en-us/security/advisories/mfsa2023-56/)':7 '/mfsa2023-56':4 'airbag':159 'allow':37 'anyth':78 'arm':185 'around':186 'attack':39 'bug':57,120,123 'car':154,171 'close':208,280 'code':43,65 'conveni':232 'could':36,76 'crash':166 'creat':129 'data':93 'day':131,222 'devic':82,112 'didn':99,107 'differ':146,193 'door':200,210,262,283 'drive':152,254,273 'els':89 'end':219 'escap':47,59 'even':101,207 'ever':197 'everi':130 'execut':44 'exploit':55,110,139 'fine':169,174,250 'firefox':18,243,290 'first':30 'fix':25,127 'found':125 'freedom':181 'front':261,282 'get':109 'heck':204 'home/apartment':203 'issu':35 'kde':236,288 'layer':226 'least':279 'leav':213,259 'let':140,187 'like':151,253 'link':11 'list':32 'll':27,247 'lock':198 'long':161 'look':142,189 'may':113 'move':183 'new':122 'notic':28,102 'off':230 'one':31 'open':216,264 'particular':119 'perform':41 'potenti':90 'probabl':98,106,248,286 'properti':86 'ran':63 're':168 'realist':104 'recent':15 'regular':293 'releas':16 'remot':42 'root':74,238,245 'run':72,235,242,287 'sandbox':46,61 'say':33 'seatbelt':157,176,257,276 'secur':21,223 'sinc':69 'site':53 'someon':88 'still':172 'stolen':96 'sure':135 'think':148 'trade':229 'user':294 'visit':51 'vulner':22,116 'want':67,80 'way':147,194 'weren':137 'whatev':64 'wide':215,263 'without':175,255 'work':173 'www.mozilla.org':2,6 'www.mozilla.org/en-us/security/':1 'www.mozilla.org/en-us/security/advisories/mfsa2023-56/)':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6375764"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704276047 {#4368
    date: 2024-01-03 11:00:47.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4447
  +user: App\Entity\User {#4460 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
    \n
    I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
    \n
    I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
    \n
    > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
    \n
    To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
    \n
    But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
    \n
    You’re probably OK and that’s just paranoia.\n
    \n
    But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
    \n
    Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1711894974 {#4441
    date: 2024-03-31 16:22:54.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4448 …}
  +nested: Doctrine\ORM\PersistentCollection {#4450 …}
  +votes: Doctrine\ORM\PersistentCollection {#4452 …}
  +reports: Doctrine\ORM\PersistentCollection {#4454 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
  -id: 276015
  -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://beehaw.org/comment/1938830"
  +editedAt: DateTimeImmutable @1711178223 {#4442
    date: 2024-03-23 08:17:03.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704275913 {#4443
    date: 2024-01-03 10:58:33.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4447
  +user: App\Entity\User {#4460 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
    \n
    I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
    \n
    I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
    \n
    > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
    \n
    To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
    \n
    But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
    \n
    You’re probably OK and that’s just paranoia.\n
    \n
    But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
    \n
    Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1711894974 {#4441
    date: 2024-03-31 16:22:54.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4448 …}
  +nested: Doctrine\ORM\PersistentCollection {#4450 …}
  +votes: Doctrine\ORM\PersistentCollection {#4452 …}
  +reports: Doctrine\ORM\PersistentCollection {#4454 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
  -id: 276015
  -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://beehaw.org/comment/1938830"
  +editedAt: DateTimeImmutable @1711178223 {#4442
    date: 2024-03-23 08:17:03.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704275913 {#4443
    date: 2024-01-03 10:58:33.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4447
  +user: App\Entity\User {#4460 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
    \n
    I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
    \n
    I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
    \n
    > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
    \n
    To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
    \n
    But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
    \n
    You’re probably OK and that’s just paranoia.\n
    \n
    But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
    \n
    Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1711894974 {#4441
    date: 2024-03-31 16:22:54.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4448 …}
  +nested: Doctrine\ORM\PersistentCollection {#4450 …}
  +votes: Doctrine\ORM\PersistentCollection {#4452 …}
  +reports: Doctrine\ORM\PersistentCollection {#4454 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
  -id: 276015
  -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://beehaw.org/comment/1938830"
  +editedAt: DateTimeImmutable @1711178223 {#4442
    date: 2024-03-23 08:17:03.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704275913 {#4443
    date: 2024-01-03 10:58:33.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4828
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4447
    +user: App\Entity\User {#4460 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
      \n
      I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
      \n
      I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
      \n
      > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
      \n
      To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
      \n
      But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
      \n
      You’re probably OK and that’s just paranoia.\n
      \n
      But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
      \n
      Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1711894974 {#4441
      date: 2024-03-31 16:22:54.0 +02:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@HiddenLayer5@lemmy.ml"
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4448 …}
    +nested: Doctrine\ORM\PersistentCollection {#4450 …}
    +votes: Doctrine\ORM\PersistentCollection {#4452 …}
    +reports: Doctrine\ORM\PersistentCollection {#4454 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
    -id: 276015
    -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://beehaw.org/comment/1938830"
    +editedAt: DateTimeImmutable @1711178223 {#4442
      date: 2024-03-23 08:17:03.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704275913 {#4443
      date: 2024-01-03 10:58:33.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: """
    > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
    \n
    I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
    \n
    > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
    \n
    Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704283195 {#4829
    date: 2024-01-03 12:59:55.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4821 …}
  +nested: Doctrine\ORM\PersistentCollection {#4819 …}
  +votes: Doctrine\ORM\PersistentCollection {#4817 …}
  +reports: Doctrine\ORM\PersistentCollection {#4830 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
  -id: 276184
  -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042039"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283195 {#4826
    date: 2024-01-03 12:59:55.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4828
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4447
    +user: App\Entity\User {#4460 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
      \n
      I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
      \n
      I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
      \n
      > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
      \n
      To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
      \n
      But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
      \n
      You’re probably OK and that’s just paranoia.\n
      \n
      But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
      \n
      Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1711894974 {#4441
      date: 2024-03-31 16:22:54.0 +02:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@HiddenLayer5@lemmy.ml"
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4448 …}
    +nested: Doctrine\ORM\PersistentCollection {#4450 …}
    +votes: Doctrine\ORM\PersistentCollection {#4452 …}
    +reports: Doctrine\ORM\PersistentCollection {#4454 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
    -id: 276015
    -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://beehaw.org/comment/1938830"
    +editedAt: DateTimeImmutable @1711178223 {#4442
      date: 2024-03-23 08:17:03.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704275913 {#4443
      date: 2024-01-03 10:58:33.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: """
    > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
    \n
    I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
    \n
    > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
    \n
    Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704283195 {#4829
    date: 2024-01-03 12:59:55.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4821 …}
  +nested: Doctrine\ORM\PersistentCollection {#4819 …}
  +votes: Doctrine\ORM\PersistentCollection {#4817 …}
  +reports: Doctrine\ORM\PersistentCollection {#4830 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
  -id: 276184
  -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042039"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283195 {#4826
    date: 2024-01-03 12:59:55.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4828
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4447
    +user: App\Entity\User {#4460 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
      \n
      I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
      \n
      I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
      \n
      > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
      \n
      To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
      \n
      But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
      \n
      You’re probably OK and that’s just paranoia.\n
      \n
      But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
      \n
      Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1711894974 {#4441
      date: 2024-03-31 16:22:54.0 +02:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@HiddenLayer5@lemmy.ml"
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4448 …}
    +nested: Doctrine\ORM\PersistentCollection {#4450 …}
    +votes: Doctrine\ORM\PersistentCollection {#4452 …}
    +reports: Doctrine\ORM\PersistentCollection {#4454 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
    -id: 276015
    -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://beehaw.org/comment/1938830"
    +editedAt: DateTimeImmutable @1711178223 {#4442
      date: 2024-03-23 08:17:03.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704275913 {#4443
      date: 2024-01-03 10:58:33.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: """
    > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
    \n
    I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
    \n
    > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
    \n
    Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704283195 {#4829
    date: 2024-01-03 12:59:55.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4821 …}
  +nested: Doctrine\ORM\PersistentCollection {#4819 …}
  +votes: Doctrine\ORM\PersistentCollection {#4817 …}
  +reports: Doctrine\ORM\PersistentCollection {#4830 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
  -id: 276184
  -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042039"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283195 {#4826
    date: 2024-01-03 12:59:55.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4953
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4828
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4447
      +user: App\Entity\User {#4460 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
        \n
        I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
        \n
        I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
        \n
        > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
        \n
        To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
        \n
        But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
        \n
        You’re probably OK and that’s just paranoia.\n
        \n
        But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
        \n
        Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1711894974 {#4441
        date: 2024-03-31 16:22:54.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4448 …}
      +nested: Doctrine\ORM\PersistentCollection {#4450 …}
      +votes: Doctrine\ORM\PersistentCollection {#4452 …}
      +reports: Doctrine\ORM\PersistentCollection {#4454 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
      -id: 276015
      -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://beehaw.org/comment/1938830"
      +editedAt: DateTimeImmutable @1711178223 {#4442
        date: 2024-03-23 08:17:03.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704275913 {#4443
        date: 2024-01-03 10:58:33.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4447}
    +body: """
      > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
      \n
      I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
      \n
      > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
      \n
      Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704283195 {#4829
      date: 2024-01-03 12:59:55.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4821 …}
    +nested: Doctrine\ORM\PersistentCollection {#4819 …}
    +votes: Doctrine\ORM\PersistentCollection {#4817 …}
    +reports: Doctrine\ORM\PersistentCollection {#4830 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
    -id: 276184
    -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042039"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283195 {#4826
      date: 2024-01-03 12:59:55.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: """
    > I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
    \n
    Does that mean you realistically don’t even know your network (router) setup? Because it’s entirely possible your machine is completely open to the internet - say, thanks to IPv6 autoconfiguration - and you wouldn’t even know about it.\n
    \n
    It’s pretty unlikely but could potentially happen with some ISPs. Please always set up a firewall, especially for a server type machine. It’s really simple to block incoming outside traffic.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291480 {#4951
    date: 2024-01-03 15:18:00.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4954 …}
  +nested: Doctrine\ORM\PersistentCollection {#4956 …}
  +votes: Doctrine\ORM\PersistentCollection {#4958 …}
  +reports: Doctrine\ORM\PersistentCollection {#4960 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4962 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4964 …}
  -id: 276483
  -bodyTs: "'access':4 'adjust':16 'allow':22 'alway':85 'around':31 'autoconfigur':64 'block':101 'complet':55 'could':78 'entir':50 'especi':90 'even':15,41,69 'firewal':19,89 'got':30 'happen':80 'haven':13 'incom':102 'internet':11,59 'ipv6':63 'isp':83 'kept':25 'know':42,70 'machin':53,95 'mean':36 'network':44 'never':3,29 'open':56 'outsid':103 'pleas':84 'possibl':51 'potenti':79 'pretti':75 'realist':38 'realli':98 'router':18,45 'say':60 'server':8,93 'set':20,86 'setup':46 'simpl':99 'thank':61 'traffic':104 'type':94 'unlik':76 'want':26 'wouldn':67"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5052224"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291480 {#4952
    date: 2024-01-03 15:18:00.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4953
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4828
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4447
      +user: App\Entity\User {#4460 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
        \n
        I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
        \n
        I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
        \n
        > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
        \n
        To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
        \n
        But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
        \n
        You’re probably OK and that’s just paranoia.\n
        \n
        But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
        \n
        Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1711894974 {#4441
        date: 2024-03-31 16:22:54.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4448 …}
      +nested: Doctrine\ORM\PersistentCollection {#4450 …}
      +votes: Doctrine\ORM\PersistentCollection {#4452 …}
      +reports: Doctrine\ORM\PersistentCollection {#4454 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
      -id: 276015
      -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://beehaw.org/comment/1938830"
      +editedAt: DateTimeImmutable @1711178223 {#4442
        date: 2024-03-23 08:17:03.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704275913 {#4443
        date: 2024-01-03 10:58:33.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4447}
    +body: """
      > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
      \n
      I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
      \n
      > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
      \n
      Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704283195 {#4829
      date: 2024-01-03 12:59:55.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4821 …}
    +nested: Doctrine\ORM\PersistentCollection {#4819 …}
    +votes: Doctrine\ORM\PersistentCollection {#4817 …}
    +reports: Doctrine\ORM\PersistentCollection {#4830 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
    -id: 276184
    -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042039"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283195 {#4826
      date: 2024-01-03 12:59:55.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: """
    > I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
    \n
    Does that mean you realistically don’t even know your network (router) setup? Because it’s entirely possible your machine is completely open to the internet - say, thanks to IPv6 autoconfiguration - and you wouldn’t even know about it.\n
    \n
    It’s pretty unlikely but could potentially happen with some ISPs. Please always set up a firewall, especially for a server type machine. It’s really simple to block incoming outside traffic.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291480 {#4951
    date: 2024-01-03 15:18:00.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4954 …}
  +nested: Doctrine\ORM\PersistentCollection {#4956 …}
  +votes: Doctrine\ORM\PersistentCollection {#4958 …}
  +reports: Doctrine\ORM\PersistentCollection {#4960 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4962 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4964 …}
  -id: 276483
  -bodyTs: "'access':4 'adjust':16 'allow':22 'alway':85 'around':31 'autoconfigur':64 'block':101 'complet':55 'could':78 'entir':50 'especi':90 'even':15,41,69 'firewal':19,89 'got':30 'happen':80 'haven':13 'incom':102 'internet':11,59 'ipv6':63 'isp':83 'kept':25 'know':42,70 'machin':53,95 'mean':36 'network':44 'never':3,29 'open':56 'outsid':103 'pleas':84 'possibl':51 'potenti':79 'pretti':75 'realist':38 'realli':98 'router':18,45 'say':60 'server':8,93 'set':20,86 'setup':46 'simpl':99 'thank':61 'traffic':104 'type':94 'unlik':76 'want':26 'wouldn':67"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5052224"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291480 {#4952
    date: 2024-01-03 15:18:00.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4953
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4828
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4447
      +user: App\Entity\User {#4460 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
        \n
        I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
        \n
        I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
        \n
        > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
        \n
        To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
        \n
        But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
        \n
        You’re probably OK and that’s just paranoia.\n
        \n
        But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
        \n
        Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1711894974 {#4441
        date: 2024-03-31 16:22:54.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4448 …}
      +nested: Doctrine\ORM\PersistentCollection {#4450 …}
      +votes: Doctrine\ORM\PersistentCollection {#4452 …}
      +reports: Doctrine\ORM\PersistentCollection {#4454 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
      -id: 276015
      -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://beehaw.org/comment/1938830"
      +editedAt: DateTimeImmutable @1711178223 {#4442
        date: 2024-03-23 08:17:03.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704275913 {#4443
        date: 2024-01-03 10:58:33.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4447}
    +body: """
      > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
      \n
      I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
      \n
      > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
      \n
      Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704283195 {#4829
      date: 2024-01-03 12:59:55.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4821 …}
    +nested: Doctrine\ORM\PersistentCollection {#4819 …}
    +votes: Doctrine\ORM\PersistentCollection {#4817 …}
    +reports: Doctrine\ORM\PersistentCollection {#4830 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
    -id: 276184
    -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042039"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283195 {#4826
      date: 2024-01-03 12:59:55.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: """
    > I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
    \n
    Does that mean you realistically don’t even know your network (router) setup? Because it’s entirely possible your machine is completely open to the internet - say, thanks to IPv6 autoconfiguration - and you wouldn’t even know about it.\n
    \n
    It’s pretty unlikely but could potentially happen with some ISPs. Please always set up a firewall, especially for a server type machine. It’s really simple to block incoming outside traffic.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704291480 {#4951
    date: 2024-01-03 15:18:00.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4954 …}
  +nested: Doctrine\ORM\PersistentCollection {#4956 …}
  +votes: Doctrine\ORM\PersistentCollection {#4958 …}
  +reports: Doctrine\ORM\PersistentCollection {#4960 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4962 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4964 …}
  -id: 276483
  -bodyTs: "'access':4 'adjust':16 'allow':22 'alway':85 'around':31 'autoconfigur':64 'block':101 'complet':55 'could':78 'entir':50 'especi':90 'even':15,41,69 'firewal':19,89 'got':30 'happen':80 'haven':13 'incom':102 'internet':11,59 'ipv6':63 'isp':83 'kept':25 'know':42,70 'machin':53,95 'mean':36 'network':44 'never':3,29 'open':56 'outsid':103 'pleas':84 'possibl':51 'potenti':79 'pretti':75 'realist':38 'realli':98 'router':18,45 'say':60 'server':8,93 'set':20,86 'setup':46 'simpl':99 'thank':61 'traffic':104 'type':94 'unlik':76 'want':26 'wouldn':67"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5052224"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704291480 {#4952
    date: 2024-01-03 15:18:00.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5164
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4953
    +user: App\Entity\User {#4238 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4828
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4447
        +user: App\Entity\User {#4460 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
          \n
          I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
          \n
          I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
          \n
          > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
          \n
          To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
          \n
          But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
          \n
          You’re probably OK and that’s just paranoia.\n
          \n
          But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
          \n
          Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1711894974 {#4441
          date: 2024-03-31 16:22:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@HiddenLayer5@lemmy.ml"
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4448 …}
        +nested: Doctrine\ORM\PersistentCollection {#4450 …}
        +votes: Doctrine\ORM\PersistentCollection {#4452 …}
        +reports: Doctrine\ORM\PersistentCollection {#4454 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
        -id: 276015
        -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://beehaw.org/comment/1938830"
        +editedAt: DateTimeImmutable @1711178223 {#4442
          date: 2024-03-23 08:17:03.0 +01:00
        }
        +createdAt: DateTimeImmutable @1704275913 {#4443
          date: 2024-01-03 10:58:33.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4447}
      +body: """
        > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
        \n
        I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
        \n
        > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
        \n
        Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704283195 {#4829
        date: 2024-01-03 12:59:55.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@0xtero@beehaw.org"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4821 …}
      +nested: Doctrine\ORM\PersistentCollection {#4819 …}
      +votes: Doctrine\ORM\PersistentCollection {#4817 …}
      +reports: Doctrine\ORM\PersistentCollection {#4830 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
      -id: 276184
      -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042039"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283195 {#4826
        date: 2024-01-03 12:59:55.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4447}
    +body: """
      > I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
      \n
      Does that mean you realistically don’t even know your network (router) setup? Because it’s entirely possible your machine is completely open to the internet - say, thanks to IPv6 autoconfiguration - and you wouldn’t even know about it.\n
      \n
      It’s pretty unlikely but could potentially happen with some ISPs. Please always set up a firewall, especially for a server type machine. It’s really simple to block incoming outside traffic.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704291480 {#4951
      date: 2024-01-03 15:18:00.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4954 …}
    +nested: Doctrine\ORM\PersistentCollection {#4956 …}
    +votes: Doctrine\ORM\PersistentCollection {#4958 …}
    +reports: Doctrine\ORM\PersistentCollection {#4960 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4962 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4964 …}
    -id: 276483
    -bodyTs: "'access':4 'adjust':16 'allow':22 'alway':85 'around':31 'autoconfigur':64 'block':101 'complet':55 'could':78 'entir':50 'especi':90 'even':15,41,69 'firewal':19,89 'got':30 'happen':80 'haven':13 'incom':102 'internet':11,59 'ipv6':63 'isp':83 'kept':25 'know':42,70 'machin':53,95 'mean':36 'network':44 'never':3,29 'open':56 'outsid':103 'pleas':84 'possibl':51 'potenti':79 'pretti':75 'realist':38 'realli':98 'router':18,45 'say':60 'server':8,93 'set':20,86 'setup':46 'simpl':99 'thank':61 'traffic':104 'type':94 'unlik':76 'want':26 'wouldn':67"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://pawb.social/comment/5052224"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704291480 {#4952
      date: 2024-01-03 15:18:00.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: "Huh. I never even thought of that. I use my ISP’s router in bridge mode and have my own router running on mostly default settings, IIRC the only thing I explicitly changed was to have it forward DNS requests to my Pihole. I should inspect the settings more closely or as you said just configure the server to block the relevant ports from outside the LAN. Thank you."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704316340 {#5161
    date: 2024-01-03 22:12:20.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5165 …}
  +nested: Doctrine\ORM\PersistentCollection {#5167 …}
  +votes: Doctrine\ORM\PersistentCollection {#5169 …}
  +reports: Doctrine\ORM\PersistentCollection {#5171 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5173 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5175 …}
  -id: 277578
  -bodyTs: "'block':60 'bridg':15 'chang':33 'close':50 'configur':56 'default':25 'dns':39 'even':4 'explicit':32 'forward':38 'huh':1 'iirc':27 'inspect':46 'isp':11 'lan':67 'mode':16 'most':24 'never':3 'outsid':65 'pihol':43 'port':63 'relev':62 'request':40 'router':13,21 'run':22 'said':54 'server':58 'set':26,48 'thank':68 'thing':30 'thought':5 'use':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7051243"
  +editedAt: DateTimeImmutable @1711359650 {#5162
    date: 2024-03-25 10:40:50.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704316340 {#5163
    date: 2024-01-03 22:12:20.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5164
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4953
    +user: App\Entity\User {#4238 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4828
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4447
        +user: App\Entity\User {#4460 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
          \n
          I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
          \n
          I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
          \n
          > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
          \n
          To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
          \n
          But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
          \n
          You’re probably OK and that’s just paranoia.\n
          \n
          But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
          \n
          Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1711894974 {#4441
          date: 2024-03-31 16:22:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@HiddenLayer5@lemmy.ml"
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4448 …}
        +nested: Doctrine\ORM\PersistentCollection {#4450 …}
        +votes: Doctrine\ORM\PersistentCollection {#4452 …}
        +reports: Doctrine\ORM\PersistentCollection {#4454 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
        -id: 276015
        -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://beehaw.org/comment/1938830"
        +editedAt: DateTimeImmutable @1711178223 {#4442
          date: 2024-03-23 08:17:03.0 +01:00
        }
        +createdAt: DateTimeImmutable @1704275913 {#4443
          date: 2024-01-03 10:58:33.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4447}
      +body: """
        > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
        \n
        I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
        \n
        > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
        \n
        Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704283195 {#4829
        date: 2024-01-03 12:59:55.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@0xtero@beehaw.org"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4821 …}
      +nested: Doctrine\ORM\PersistentCollection {#4819 …}
      +votes: Doctrine\ORM\PersistentCollection {#4817 …}
      +reports: Doctrine\ORM\PersistentCollection {#4830 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
      -id: 276184
      -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042039"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283195 {#4826
        date: 2024-01-03 12:59:55.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4447}
    +body: """
      > I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
      \n
      Does that mean you realistically don’t even know your network (router) setup? Because it’s entirely possible your machine is completely open to the internet - say, thanks to IPv6 autoconfiguration - and you wouldn’t even know about it.\n
      \n
      It’s pretty unlikely but could potentially happen with some ISPs. Please always set up a firewall, especially for a server type machine. It’s really simple to block incoming outside traffic.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704291480 {#4951
      date: 2024-01-03 15:18:00.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4954 …}
    +nested: Doctrine\ORM\PersistentCollection {#4956 …}
    +votes: Doctrine\ORM\PersistentCollection {#4958 …}
    +reports: Doctrine\ORM\PersistentCollection {#4960 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4962 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4964 …}
    -id: 276483
    -bodyTs: "'access':4 'adjust':16 'allow':22 'alway':85 'around':31 'autoconfigur':64 'block':101 'complet':55 'could':78 'entir':50 'especi':90 'even':15,41,69 'firewal':19,89 'got':30 'happen':80 'haven':13 'incom':102 'internet':11,59 'ipv6':63 'isp':83 'kept':25 'know':42,70 'machin':53,95 'mean':36 'network':44 'never':3,29 'open':56 'outsid':103 'pleas':84 'possibl':51 'potenti':79 'pretti':75 'realist':38 'realli':98 'router':18,45 'say':60 'server':8,93 'set':20,86 'setup':46 'simpl':99 'thank':61 'traffic':104 'type':94 'unlik':76 'want':26 'wouldn':67"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://pawb.social/comment/5052224"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704291480 {#4952
      date: 2024-01-03 15:18:00.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: "Huh. I never even thought of that. I use my ISP’s router in bridge mode and have my own router running on mostly default settings, IIRC the only thing I explicitly changed was to have it forward DNS requests to my Pihole. I should inspect the settings more closely or as you said just configure the server to block the relevant ports from outside the LAN. Thank you."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704316340 {#5161
    date: 2024-01-03 22:12:20.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5165 …}
  +nested: Doctrine\ORM\PersistentCollection {#5167 …}
  +votes: Doctrine\ORM\PersistentCollection {#5169 …}
  +reports: Doctrine\ORM\PersistentCollection {#5171 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5173 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5175 …}
  -id: 277578
  -bodyTs: "'block':60 'bridg':15 'chang':33 'close':50 'configur':56 'default':25 'dns':39 'even':4 'explicit':32 'forward':38 'huh':1 'iirc':27 'inspect':46 'isp':11 'lan':67 'mode':16 'most':24 'never':3 'outsid':65 'pihol':43 'port':63 'relev':62 'request':40 'router':13,21 'run':22 'said':54 'server':58 'set':26,48 'thank':68 'thing':30 'thought':5 'use':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7051243"
  +editedAt: DateTimeImmutable @1711359650 {#5162
    date: 2024-03-25 10:40:50.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704316340 {#5163
    date: 2024-01-03 22:12:20.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5164
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4953
    +user: App\Entity\User {#4238 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4828
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4447
        +user: App\Entity\User {#4460 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
          \n
          I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
          \n
          I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
          \n
          > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
          \n
          To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
          \n
          But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
          \n
          You’re probably OK and that’s just paranoia.\n
          \n
          But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
          \n
          Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1711894974 {#4441
          date: 2024-03-31 16:22:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@HiddenLayer5@lemmy.ml"
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4448 …}
        +nested: Doctrine\ORM\PersistentCollection {#4450 …}
        +votes: Doctrine\ORM\PersistentCollection {#4452 …}
        +reports: Doctrine\ORM\PersistentCollection {#4454 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
        -id: 276015
        -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://beehaw.org/comment/1938830"
        +editedAt: DateTimeImmutable @1711178223 {#4442
          date: 2024-03-23 08:17:03.0 +01:00
        }
        +createdAt: DateTimeImmutable @1704275913 {#4443
          date: 2024-01-03 10:58:33.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4447}
      +body: """
        > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
        \n
        I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
        \n
        > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
        \n
        Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704283195 {#4829
        date: 2024-01-03 12:59:55.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@0xtero@beehaw.org"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4821 …}
      +nested: Doctrine\ORM\PersistentCollection {#4819 …}
      +votes: Doctrine\ORM\PersistentCollection {#4817 …}
      +reports: Doctrine\ORM\PersistentCollection {#4830 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
      -id: 276184
      -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042039"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704283195 {#4826
        date: 2024-01-03 12:59:55.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4447}
    +body: """
      > I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
      \n
      Does that mean you realistically don’t even know your network (router) setup? Because it’s entirely possible your machine is completely open to the internet - say, thanks to IPv6 autoconfiguration - and you wouldn’t even know about it.\n
      \n
      It’s pretty unlikely but could potentially happen with some ISPs. Please always set up a firewall, especially for a server type machine. It’s really simple to block incoming outside traffic.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704291480 {#4951
      date: 2024-01-03 15:18:00.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4954 …}
    +nested: Doctrine\ORM\PersistentCollection {#4956 …}
    +votes: Doctrine\ORM\PersistentCollection {#4958 …}
    +reports: Doctrine\ORM\PersistentCollection {#4960 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4962 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4964 …}
    -id: 276483
    -bodyTs: "'access':4 'adjust':16 'allow':22 'alway':85 'around':31 'autoconfigur':64 'block':101 'complet':55 'could':78 'entir':50 'especi':90 'even':15,41,69 'firewal':19,89 'got':30 'happen':80 'haven':13 'incom':102 'internet':11,59 'ipv6':63 'isp':83 'kept':25 'know':42,70 'machin':53,95 'mean':36 'network':44 'never':3,29 'open':56 'outsid':103 'pleas':84 'possibl':51 'potenti':79 'pretti':75 'realist':38 'realli':98 'router':18,45 'say':60 'server':8,93 'set':20,86 'setup':46 'simpl':99 'thank':61 'traffic':104 'type':94 'unlik':76 'want':26 'wouldn':67"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://pawb.social/comment/5052224"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704291480 {#4952
      date: 2024-01-03 15:18:00.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: "Huh. I never even thought of that. I use my ISP’s router in bridge mode and have my own router running on mostly default settings, IIRC the only thing I explicitly changed was to have it forward DNS requests to my Pihole. I should inspect the settings more closely or as you said just configure the server to block the relevant ports from outside the LAN. Thank you."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1704316340 {#5161
    date: 2024-01-03 22:12:20.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5165 …}
  +nested: Doctrine\ORM\PersistentCollection {#5167 …}
  +votes: Doctrine\ORM\PersistentCollection {#5169 …}
  +reports: Doctrine\ORM\PersistentCollection {#5171 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5173 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5175 …}
  -id: 277578
  -bodyTs: "'block':60 'bridg':15 'chang':33 'close':50 'configur':56 'default':25 'dns':39 'even':4 'explicit':32 'forward':38 'huh':1 'iirc':27 'inspect':46 'isp':11 'lan':67 'mode':16 'most':24 'never':3 'outsid':65 'pihol':43 'port':63 'relev':62 'request':40 'router':13,21 'run':22 'said':54 'server':58 'set':26,48 'thank':68 'thing':30 'thought':5 'use':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7051243"
  +editedAt: DateTimeImmutable @1711359650 {#5162
    date: 2024-03-25 10:40:50.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704316340 {#5163
    date: 2024-01-03 22:12:20.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5326
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5164
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4953
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4828
        +user: Proxies\__CG__\App\Entity\User {#1978 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4447
          +user: App\Entity\User {#4460 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
            \n
            I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
            \n
            I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
            \n
            > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
            \n
            To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
            \n
            But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
            \n
            You’re probably OK and that’s just paranoia.\n
            \n
            But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
            \n
            Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1711894974 {#4441
            date: 2024-03-31 16:22:54.0 +02:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@HiddenLayer5@lemmy.ml"
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4448 …}
          +nested: Doctrine\ORM\PersistentCollection {#4450 …}
          +votes: Doctrine\ORM\PersistentCollection {#4452 …}
          +reports: Doctrine\ORM\PersistentCollection {#4454 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
          -id: 276015
          -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://beehaw.org/comment/1938830"
          +editedAt: DateTimeImmutable @1711178223 {#4442
            date: 2024-03-23 08:17:03.0 +01:00
          }
          +createdAt: DateTimeImmutable @1704275913 {#4443
            date: 2024-01-03 10:58:33.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4447}
        +body: """
          > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
          \n
          I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
          \n
          > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
          \n
          Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704283195 {#4829
          date: 2024-01-03 12:59:55.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@0xtero@beehaw.org"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4821 …}
        +nested: Doctrine\ORM\PersistentCollection {#4819 …}
        +votes: Doctrine\ORM\PersistentCollection {#4817 …}
        +reports: Doctrine\ORM\PersistentCollection {#4830 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
        -id: 276184
        -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7042039"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283195 {#4826
          date: 2024-01-03 12:59:55.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4447}
      +body: """
        > I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
        \n
        Does that mean you realistically don’t even know your network (router) setup? Because it’s entirely possible your machine is completely open to the internet - say, thanks to IPv6 autoconfiguration - and you wouldn’t even know about it.\n
        \n
        It’s pretty unlikely but could potentially happen with some ISPs. Please always set up a firewall, especially for a server type machine. It’s really simple to block incoming outside traffic.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704291480 {#4951
        date: 2024-01-03 15:18:00.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@0xtero@beehaw.org"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4954 …}
      +nested: Doctrine\ORM\PersistentCollection {#4956 …}
      +votes: Doctrine\ORM\PersistentCollection {#4958 …}
      +reports: Doctrine\ORM\PersistentCollection {#4960 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4962 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4964 …}
      -id: 276483
      -bodyTs: "'access':4 'adjust':16 'allow':22 'alway':85 'around':31 'autoconfigur':64 'block':101 'complet':55 'could':78 'entir':50 'especi':90 'even':15,41,69 'firewal':19,89 'got':30 'happen':80 'haven':13 'incom':102 'internet':11,59 'ipv6':63 'isp':83 'kept':25 'know':42,70 'machin':53,95 'mean':36 'network':44 'never':3,29 'open':56 'outsid':103 'pleas':84 'possibl':51 'potenti':79 'pretti':75 'realist':38 'realli':98 'router':18,45 'say':60 'server':8,93 'set':20,86 'setup':46 'simpl':99 'thank':61 'traffic':104 'type':94 'unlik':76 'want':26 'wouldn':67"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5052224"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704291480 {#4952
        date: 2024-01-03 15:18:00.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4447}
    +body: "Huh. I never even thought of that. I use my ISP’s router in bridge mode and have my own router running on mostly default settings, IIRC the only thing I explicitly changed was to have it forward DNS requests to my Pihole. I should inspect the settings more closely or as you said just configure the server to block the relevant ports from outside the LAN. Thank you."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704316340 {#5161
      date: 2024-01-03 22:12:20.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5165 …}
    +nested: Doctrine\ORM\PersistentCollection {#5167 …}
    +votes: Doctrine\ORM\PersistentCollection {#5169 …}
    +reports: Doctrine\ORM\PersistentCollection {#5171 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5173 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5175 …}
    -id: 277578
    -bodyTs: "'block':60 'bridg':15 'chang':33 'close':50 'configur':56 'default':25 'dns':39 'even':4 'explicit':32 'forward':38 'huh':1 'iirc':27 'inspect':46 'isp':11 'lan':67 'mode':16 'most':24 'never':3 'outsid':65 'pihol':43 'port':63 'relev':62 'request':40 'router':13,21 'run':22 'said':54 'server':58 'set':26,48 'thank':68 'thing':30 'thought':5 'use':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7051243"
    +editedAt: DateTimeImmutable @1711359650 {#5162
      date: 2024-03-25 10:40:50.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704316340 {#5163
      date: 2024-01-03 22:12:20.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: "Oh if you even have your own router then have a firewall (primarily) there, and simply block every incoming forward connection except the ones you actually want (probably forwarded to your server). Similarly even for the router input rules you likely need only ICMP and not much else."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704449644 {#5324
    date: 2024-01-05 11:14:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5327 …}
  +nested: Doctrine\ORM\PersistentCollection {#5329 …}
  +votes: Doctrine\ORM\PersistentCollection {#5331 …}
  +reports: Doctrine\ORM\PersistentCollection {#5333 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5335 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5337 …}
  -id: 282141
  -bodyTs: "'actual':26 'block':17 'connect':21 'els':48 'even':4,34 'everi':18 'except':22 'firewal':12 'forward':20,29 'icmp':44 'incom':19 'input':38 'like':41 'much':47 'need':42 'oh':1 'one':24 'primarili':13 'probabl':28 'router':8,37 'rule':39 'server':32 'similar':33 'simpli':16 'want':27"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5099875"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704449644 {#5325
    date: 2024-01-05 11:14:04.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5326
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5164
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4953
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4828
        +user: Proxies\__CG__\App\Entity\User {#1978 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4447
          +user: App\Entity\User {#4460 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
            \n
            I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
            \n
            I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
            \n
            > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
            \n
            To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
            \n
            But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
            \n
            You’re probably OK and that’s just paranoia.\n
            \n
            But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
            \n
            Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1711894974 {#4441
            date: 2024-03-31 16:22:54.0 +02:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@HiddenLayer5@lemmy.ml"
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4448 …}
          +nested: Doctrine\ORM\PersistentCollection {#4450 …}
          +votes: Doctrine\ORM\PersistentCollection {#4452 …}
          +reports: Doctrine\ORM\PersistentCollection {#4454 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
          -id: 276015
          -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://beehaw.org/comment/1938830"
          +editedAt: DateTimeImmutable @1711178223 {#4442
            date: 2024-03-23 08:17:03.0 +01:00
          }
          +createdAt: DateTimeImmutable @1704275913 {#4443
            date: 2024-01-03 10:58:33.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4447}
        +body: """
          > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
          \n
          I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
          \n
          > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
          \n
          Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704283195 {#4829
          date: 2024-01-03 12:59:55.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@0xtero@beehaw.org"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4821 …}
        +nested: Doctrine\ORM\PersistentCollection {#4819 …}
        +votes: Doctrine\ORM\PersistentCollection {#4817 …}
        +reports: Doctrine\ORM\PersistentCollection {#4830 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
        -id: 276184
        -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7042039"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283195 {#4826
          date: 2024-01-03 12:59:55.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4447}
      +body: """
        > I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
        \n
        Does that mean you realistically don’t even know your network (router) setup? Because it’s entirely possible your machine is completely open to the internet - say, thanks to IPv6 autoconfiguration - and you wouldn’t even know about it.\n
        \n
        It’s pretty unlikely but could potentially happen with some ISPs. Please always set up a firewall, especially for a server type machine. It’s really simple to block incoming outside traffic.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704291480 {#4951
        date: 2024-01-03 15:18:00.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@0xtero@beehaw.org"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4954 …}
      +nested: Doctrine\ORM\PersistentCollection {#4956 …}
      +votes: Doctrine\ORM\PersistentCollection {#4958 …}
      +reports: Doctrine\ORM\PersistentCollection {#4960 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4962 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4964 …}
      -id: 276483
      -bodyTs: "'access':4 'adjust':16 'allow':22 'alway':85 'around':31 'autoconfigur':64 'block':101 'complet':55 'could':78 'entir':50 'especi':90 'even':15,41,69 'firewal':19,89 'got':30 'happen':80 'haven':13 'incom':102 'internet':11,59 'ipv6':63 'isp':83 'kept':25 'know':42,70 'machin':53,95 'mean':36 'network':44 'never':3,29 'open':56 'outsid':103 'pleas':84 'possibl':51 'potenti':79 'pretti':75 'realist':38 'realli':98 'router':18,45 'say':60 'server':8,93 'set':20,86 'setup':46 'simpl':99 'thank':61 'traffic':104 'type':94 'unlik':76 'want':26 'wouldn':67"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5052224"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704291480 {#4952
        date: 2024-01-03 15:18:00.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4447}
    +body: "Huh. I never even thought of that. I use my ISP’s router in bridge mode and have my own router running on mostly default settings, IIRC the only thing I explicitly changed was to have it forward DNS requests to my Pihole. I should inspect the settings more closely or as you said just configure the server to block the relevant ports from outside the LAN. Thank you."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704316340 {#5161
      date: 2024-01-03 22:12:20.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5165 …}
    +nested: Doctrine\ORM\PersistentCollection {#5167 …}
    +votes: Doctrine\ORM\PersistentCollection {#5169 …}
    +reports: Doctrine\ORM\PersistentCollection {#5171 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5173 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5175 …}
    -id: 277578
    -bodyTs: "'block':60 'bridg':15 'chang':33 'close':50 'configur':56 'default':25 'dns':39 'even':4 'explicit':32 'forward':38 'huh':1 'iirc':27 'inspect':46 'isp':11 'lan':67 'mode':16 'most':24 'never':3 'outsid':65 'pihol':43 'port':63 'relev':62 'request':40 'router':13,21 'run':22 'said':54 'server':58 'set':26,48 'thank':68 'thing':30 'thought':5 'use':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7051243"
    +editedAt: DateTimeImmutable @1711359650 {#5162
      date: 2024-03-25 10:40:50.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704316340 {#5163
      date: 2024-01-03 22:12:20.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: "Oh if you even have your own router then have a firewall (primarily) there, and simply block every incoming forward connection except the ones you actually want (probably forwarded to your server). Similarly even for the router input rules you likely need only ICMP and not much else."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704449644 {#5324
    date: 2024-01-05 11:14:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5327 …}
  +nested: Doctrine\ORM\PersistentCollection {#5329 …}
  +votes: Doctrine\ORM\PersistentCollection {#5331 …}
  +reports: Doctrine\ORM\PersistentCollection {#5333 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5335 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5337 …}
  -id: 282141
  -bodyTs: "'actual':26 'block':17 'connect':21 'els':48 'even':4,34 'everi':18 'except':22 'firewal':12 'forward':20,29 'icmp':44 'incom':19 'input':38 'like':41 'much':47 'need':42 'oh':1 'one':24 'primarili':13 'probabl':28 'router':8,37 'rule':39 'server':32 'similar':33 'simpli':16 'want':27"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5099875"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704449644 {#5325
    date: 2024-01-05 11:14:04.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5326
  +user: App\Entity\User {#4238 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5164
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4953
      +user: App\Entity\User {#4238 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4828
        +user: Proxies\__CG__\App\Entity\User {#1978 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: App\Entity\EntryComment {#4447
          +user: App\Entity\User {#4460 …}
          +entry: App\Entity\Entry {#2400}
          +magazine: App\Entity\Magazine {#265}
          +image: null
          +parent: null
          +root: null
          +body: """
            > I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)\n
            \n
            I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.\n
            \n
            I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
            \n
            > I do also remember using the browser in my main server to figure out how to set up the PiHole\n
            \n
            To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.\n
            \n
            But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.\n
            \n
            You’re probably OK and that’s just paranoia.\n
            \n
            But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.\n
            \n
            Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
            """
          +lang: "en"
          +isAdult: false
          +favouriteCount: 1
          +score: 0
          +lastActive: DateTime @1711894974 {#4441
            date: 2024-03-31 16:22:54.0 +02:00
          }
          +ip: null
          +tags: null
          +mentions: [
            "@HiddenLayer5@lemmy.ml"
            "@HiddenLayer5@lemmy.ml"
            "@HiddenLayer5@lemmy.ml"
          ]
          +children: Doctrine\ORM\PersistentCollection {#4448 …}
          +nested: Doctrine\ORM\PersistentCollection {#4450 …}
          +votes: Doctrine\ORM\PersistentCollection {#4452 …}
          +reports: Doctrine\ORM\PersistentCollection {#4454 …}
          +favourites: Doctrine\ORM\PersistentCollection {#4456 …}
          +notifications: Doctrine\ORM\PersistentCollection {#4458 …}
          -id: 276015
          -bodyTs: "'24/7':170 '2fa':99 'account':245 'ad':164 'addons/updates':194 'affect':243 'along':248 'also':137,256,320 'alway':345 'anomal':309 'anyth':274 'appetit':378 'away':359 'better':423 'bigger':129 'browser':141,239,266 'build':417 'campaign':165 'chanc':172,228 'choos':436 'clamav':324 'command':21,39 'configur':100 'connect':310 'consid':321 'conveni':35,86 'correl':262 'could':319 'cours':198 'd':222,403,411,432 'damag':390 'deal':367 'desktop':44,81 'direct':47,114 'doesn':276 'done':92 'downtim':392 'drive':181 'drive-bi':180 'els':440 'endpoint':104 'etc':195 'even':84,226 'event':263,272 'examin':257 'exploit':183 'fake':193 'figur':147 'file':26 'filter':220 'find':32 'get':230 'global':171 'go':57,358 'gone':217 'hard':200 'histori':240,267 'hit':407 'home':385 'honest':157 'hope':89 'huge':399 'hygien':426 'ing':50 'insta':232 'insta-pwn':231 'instal':192,396 'instead':45 'isn':397 'judg':59 'kde':12 'lack':349 'learn':412 'like':82,279,290 'line':22,40 'll':344 'log':10,260 'login':271 'logon':78 'look':237,268,278 'm':55 'main':144 'malici':163,179 'manag':8,27 'mention':340 'might':435,443 'mistak':415 'model':381 'monetari':389 'monitor':288 'much':62 'nag':348 'need':76 'network':287 'never':75 'normal':167,187,280 'ok':162,332,445 'oop':134 'open':28 'order':6 'paranoia':337,341 'paranoid':300 'person':30,401 'pihol':154,219 'plasma':13 'pleas':105 'portforward':113 'potenti':388 'probabl':161,331 'problem':130 'pwned':233 'quit':185 'random':133,175 're':159,298,313,330,395 're-instal':394 'realli':299 'reason':87 'redirect':189 'regular':2 'rememb':138,207 'remot':3,43 'risk':377 'riski':71 'root':15,80,244 'router':294 'routin':424 'run':118,169 'say':223 'scan':328 'securityonion':291 'see':304 'server':121,145 'set':151,284,322 'setup':72 'sever':20 'similar':124 'sinc':212,382 'site':209,247 'small':186 'smaller':227 'someth':123,439 'span':295 'speak':363 'ssh':49 'ssh-ing':48 'stuff':289 'system':53,66,259,317,354,386 'take':405 'tell':108,202 'threat':380 'timestamp':250 'tri':302 'trust':351 'tumbl':176 'unnecessarili':70 'usag':281 'use':37,139,315 'usual':9,16 'visit':211 'vnc':117 'vpn':94,103 'weird':270 'window':23 'wipe/reinstall':409 'won':356"
          +ranking: 0
          +commentCount: 0
          +upVotes: 0
          +downVotes: 0
          +visibility: "visible             "
          +apId: "https://beehaw.org/comment/1938830"
          +editedAt: DateTimeImmutable @1711178223 {#4442
            date: 2024-03-23 08:17:03.0 +01:00
          }
          +createdAt: DateTimeImmutable @1704275913 {#4443
            date: 2024-01-03 10:58:33.0 +01:00
          }
        }
        +root: App\Entity\EntryComment {#4447}
        +body: """
          > I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.\n
          \n
          I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
          \n
          > Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.\n
          \n
          Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1704283195 {#4829
          date: 2024-01-03 12:59:55.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@0xtero@beehaw.org"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4821 …}
        +nested: Doctrine\ORM\PersistentCollection {#4819 …}
        +votes: Doctrine\ORM\PersistentCollection {#4817 …}
        +reports: Doctrine\ORM\PersistentCollection {#4830 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4832 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4834 …}
        -id: 276184
        -bodyTs: "'2fa':12 'access':51 'adjust':63 'allow':69 'annoy':150 'around':78 'back':154 'better':122 'bigger':42 'build':116 'comment':137 'configur':13 'convinc':139 'd':102,110,131 'damag':89 'direct':27 'done':5 'downtim':91 'endpoint':17 'even':62 'everyth':153 'firewal':66 'got':77 'haven':60 'hit':106 'home':84 'hope':2 'huge':98 'hygien':125 'inde':159 'instal':95 'internet':58 'isn':96 'kept':72 'learn':111 'mistak':114 'monetari':88 'never':50,76 'oop':47 'paranoid':160 'person':100 'pleas':18 'portforward':26 'potenti':87 'problem':43 'random':46 're':94 're-instal':93 'reinstal':142 'router':65 'routin':123 'run':31 'scratch':146 'server':34,55 'set':67,152 'similar':37 'sinc':81 'someth':36 'start':144 'super':149 'system':85 'take':104 'tell':21 'vnc':30 'vpn':7,16 'want':73 'wipe/reinstall':108 'yeah':133"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.ml/comment/7042039"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704283195 {#4826
          date: 2024-01-03 12:59:55.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4447}
      +body: """
        > I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.\n
        \n
        Does that mean you realistically don’t even know your network (router) setup? Because it’s entirely possible your machine is completely open to the internet - say, thanks to IPv6 autoconfiguration - and you wouldn’t even know about it.\n
        \n
        It’s pretty unlikely but could potentially happen with some ISPs. Please always set up a firewall, especially for a server type machine. It’s really simple to block incoming outside traffic.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1704291480 {#4951
        date: 2024-01-03 15:18:00.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@0xtero@beehaw.org"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4954 …}
      +nested: Doctrine\ORM\PersistentCollection {#4956 …}
      +votes: Doctrine\ORM\PersistentCollection {#4958 …}
      +reports: Doctrine\ORM\PersistentCollection {#4960 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4962 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4964 …}
      -id: 276483
      -bodyTs: "'access':4 'adjust':16 'allow':22 'alway':85 'around':31 'autoconfigur':64 'block':101 'complet':55 'could':78 'entir':50 'especi':90 'even':15,41,69 'firewal':19,89 'got':30 'happen':80 'haven':13 'incom':102 'internet':11,59 'ipv6':63 'isp':83 'kept':25 'know':42,70 'machin':53,95 'mean':36 'network':44 'never':3,29 'open':56 'outsid':103 'pleas':84 'possibl':51 'potenti':79 'pretti':75 'realist':38 'realli':98 'router':18,45 'say':60 'server':8,93 'set':20,86 'setup':46 'simpl':99 'thank':61 'traffic':104 'type':94 'unlik':76 'want':26 'wouldn':67"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://pawb.social/comment/5052224"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704291480 {#4952
        date: 2024-01-03 15:18:00.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4447}
    +body: "Huh. I never even thought of that. I use my ISP’s router in bridge mode and have my own router running on mostly default settings, IIRC the only thing I explicitly changed was to have it forward DNS requests to my Pihole. I should inspect the settings more closely or as you said just configure the server to block the relevant ports from outside the LAN. Thank you."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1704316340 {#5161
      date: 2024-01-03 22:12:20.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
      "@amju_wolf@pawb.social"
      "@HiddenLayer5@lemmy.ml"
      "@0xtero@beehaw.org"
      "@amju_wolf@pawb.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5165 …}
    +nested: Doctrine\ORM\PersistentCollection {#5167 …}
    +votes: Doctrine\ORM\PersistentCollection {#5169 …}
    +reports: Doctrine\ORM\PersistentCollection {#5171 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5173 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5175 …}
    -id: 277578
    -bodyTs: "'block':60 'bridg':15 'chang':33 'close':50 'configur':56 'default':25 'dns':39 'even':4 'explicit':32 'forward':38 'huh':1 'iirc':27 'inspect':46 'isp':11 'lan':67 'mode':16 'most':24 'never':3 'outsid':65 'pihol':43 'port':63 'relev':62 'request':40 'router':13,21 'run':22 'said':54 'server':58 'set':26,48 'thank':68 'thing':30 'thought':5 'use':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7051243"
    +editedAt: DateTimeImmutable @1711359650 {#5162
      date: 2024-03-25 10:40:50.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704316340 {#5163
      date: 2024-01-03 22:12:20.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4447}
  +body: "Oh if you even have your own router then have a firewall (primarily) there, and simply block every incoming forward connection except the ones you actually want (probably forwarded to your server). Similarly even for the router input rules you likely need only ICMP and not much else."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704449644 {#5324
    date: 2024-01-05 11:14:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@0xtero@beehaw.org"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5327 …}
  +nested: Doctrine\ORM\PersistentCollection {#5329 …}
  +votes: Doctrine\ORM\PersistentCollection {#5331 …}
  +reports: Doctrine\ORM\PersistentCollection {#5333 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5335 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5337 …}
  -id: 282141
  -bodyTs: "'actual':26 'block':17 'connect':21 'els':48 'even':4,34 'everi':18 'except':22 'firewal':12 'forward':20,29 'icmp':44 'incom':19 'input':38 'like':41 'much':47 'need':42 'oh':1 'one':24 'primarili':13 'probabl':28 'router':8,37 'rule':39 'server':32 'similar':33 'simpli':16 'want':27"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://pawb.social/comment/5099875"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704449644 {#5325
    date: 2024-01-05 11:14:04.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4520
  +user: App\Entity\User {#4533 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 7
  +score: 0
  +lastActive: DateTime @1711793244 {#4515
    date: 2024-03-30 11:07:24.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4521 …}
  +nested: Doctrine\ORM\PersistentCollection {#4523 …}
  +votes: Doctrine\ORM\PersistentCollection {#4525 …}
  +reports: Doctrine\ORM\PersistentCollection {#4527 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
  -id: 276099
  -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6099407"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704275308 {#4516
    date: 2024-01-03 10:48:28.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4520
  +user: App\Entity\User {#4533 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 7
  +score: 0
  +lastActive: DateTime @1711793244 {#4515
    date: 2024-03-30 11:07:24.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4521 …}
  +nested: Doctrine\ORM\PersistentCollection {#4523 …}
  +votes: Doctrine\ORM\PersistentCollection {#4525 …}
  +reports: Doctrine\ORM\PersistentCollection {#4527 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
  -id: 276099
  -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6099407"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704275308 {#4516
    date: 2024-01-03 10:48:28.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4520
  +user: App\Entity\User {#4533 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 7
  +score: 0
  +lastActive: DateTime @1711793244 {#4515
    date: 2024-03-30 11:07:24.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4521 …}
  +nested: Doctrine\ORM\PersistentCollection {#4523 …}
  +votes: Doctrine\ORM\PersistentCollection {#4525 …}
  +reports: Doctrine\ORM\PersistentCollection {#4527 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
  -id: 276099
  -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6099407"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704275308 {#4516
    date: 2024-01-03 10:48:28.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4899
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4520
    +user: App\Entity\User {#4533 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 7
    +score: 0
    +lastActive: DateTime @1711793244 {#4515
      date: 2024-03-30 11:07:24.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4521 …}
    +nested: Doctrine\ORM\PersistentCollection {#4523 …}
    +votes: Doctrine\ORM\PersistentCollection {#4525 …}
    +reports: Doctrine\ORM\PersistentCollection {#4527 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
    -id: 276099
    -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://programming.dev/comment/6099407"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704275308 {#4516
      date: 2024-01-03 10:48:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: """
    Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
    \n
    People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704284019 {#4897
    date: 2024-01-03 13:13:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4900 …}
  +nested: Doctrine\ORM\PersistentCollection {#4902 …}
  +votes: Doctrine\ORM\PersistentCollection {#4904 …}
  +reports: Doctrine\ORM\PersistentCollection {#4906 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
  -id: 276205
  -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042204"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704284019 {#4898
    date: 2024-01-03 13:13:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4899
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4520
    +user: App\Entity\User {#4533 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 7
    +score: 0
    +lastActive: DateTime @1711793244 {#4515
      date: 2024-03-30 11:07:24.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4521 …}
    +nested: Doctrine\ORM\PersistentCollection {#4523 …}
    +votes: Doctrine\ORM\PersistentCollection {#4525 …}
    +reports: Doctrine\ORM\PersistentCollection {#4527 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
    -id: 276099
    -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://programming.dev/comment/6099407"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704275308 {#4516
      date: 2024-01-03 10:48:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: """
    Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
    \n
    People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704284019 {#4897
    date: 2024-01-03 13:13:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4900 …}
  +nested: Doctrine\ORM\PersistentCollection {#4902 …}
  +votes: Doctrine\ORM\PersistentCollection {#4904 …}
  +reports: Doctrine\ORM\PersistentCollection {#4906 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
  -id: 276205
  -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042204"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704284019 {#4898
    date: 2024-01-03 13:13:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4899
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4520
    +user: App\Entity\User {#4533 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 7
    +score: 0
    +lastActive: DateTime @1711793244 {#4515
      date: 2024-03-30 11:07:24.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4521 …}
    +nested: Doctrine\ORM\PersistentCollection {#4523 …}
    +votes: Doctrine\ORM\PersistentCollection {#4525 …}
    +reports: Doctrine\ORM\PersistentCollection {#4527 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
    -id: 276099
    -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://programming.dev/comment/6099407"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704275308 {#4516
      date: 2024-01-03 10:48:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: """
    Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
    \n
    People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704284019 {#4897
    date: 2024-01-03 13:13:39.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4900 …}
  +nested: Doctrine\ORM\PersistentCollection {#4902 …}
  +votes: Doctrine\ORM\PersistentCollection {#4904 …}
  +reports: Doctrine\ORM\PersistentCollection {#4906 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
  -id: 276205
  -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042204"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704284019 {#4898
    date: 2024-01-03 13:13:39.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4983
  +user: App\Entity\User {#4533 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4899
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4520
      +user: App\Entity\User {#4533 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1711793244 {#4515
        date: 2024-03-30 11:07:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4521 …}
      +nested: Doctrine\ORM\PersistentCollection {#4523 …}
      +votes: Doctrine\ORM\PersistentCollection {#4525 …}
      +reports: Doctrine\ORM\PersistentCollection {#4527 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
      -id: 276099
      -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099407"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704275308 {#4516
        date: 2024-01-03 10:48:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
      \n
      People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704284019 {#4897
      date: 2024-01-03 13:13:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4900 …}
    +nested: Doctrine\ORM\PersistentCollection {#4902 …}
    +votes: Doctrine\ORM\PersistentCollection {#4904 …}
    +reports: Doctrine\ORM\PersistentCollection {#4906 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
    -id: 276205
    -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042204"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704284019 {#4898
      date: 2024-01-03 13:13:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: "Hmm, I see. The perfectionist in me would want to shed that processor load though ^^"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704288057 {#4981
    date: 2024-01-03 14:20:57.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4984 …}
  +nested: Doctrine\ORM\PersistentCollection {#4986 …}
  +votes: Doctrine\ORM\PersistentCollection {#4988 …}
  +reports: Doctrine\ORM\PersistentCollection {#4990 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4992 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4994 …}
  -id: 276334
  -bodyTs: "'hmm':1 'load':14 'perfectionist':5 'processor':13 'see':3 'shed':11 'though':15 'want':9 'would':8"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6104409"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704288057 {#4982
    date: 2024-01-03 14:20:57.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4983
  +user: App\Entity\User {#4533 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4899
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4520
      +user: App\Entity\User {#4533 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1711793244 {#4515
        date: 2024-03-30 11:07:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4521 …}
      +nested: Doctrine\ORM\PersistentCollection {#4523 …}
      +votes: Doctrine\ORM\PersistentCollection {#4525 …}
      +reports: Doctrine\ORM\PersistentCollection {#4527 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
      -id: 276099
      -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099407"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704275308 {#4516
        date: 2024-01-03 10:48:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
      \n
      People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704284019 {#4897
      date: 2024-01-03 13:13:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4900 …}
    +nested: Doctrine\ORM\PersistentCollection {#4902 …}
    +votes: Doctrine\ORM\PersistentCollection {#4904 …}
    +reports: Doctrine\ORM\PersistentCollection {#4906 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
    -id: 276205
    -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042204"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704284019 {#4898
      date: 2024-01-03 13:13:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: "Hmm, I see. The perfectionist in me would want to shed that processor load though ^^"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704288057 {#4981
    date: 2024-01-03 14:20:57.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4984 …}
  +nested: Doctrine\ORM\PersistentCollection {#4986 …}
  +votes: Doctrine\ORM\PersistentCollection {#4988 …}
  +reports: Doctrine\ORM\PersistentCollection {#4990 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4992 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4994 …}
  -id: 276334
  -bodyTs: "'hmm':1 'load':14 'perfectionist':5 'processor':13 'see':3 'shed':11 'though':15 'want':9 'would':8"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6104409"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704288057 {#4982
    date: 2024-01-03 14:20:57.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4983
  +user: App\Entity\User {#4533 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4899
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4520
      +user: App\Entity\User {#4533 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1711793244 {#4515
        date: 2024-03-30 11:07:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4521 …}
      +nested: Doctrine\ORM\PersistentCollection {#4523 …}
      +votes: Doctrine\ORM\PersistentCollection {#4525 …}
      +reports: Doctrine\ORM\PersistentCollection {#4527 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
      -id: 276099
      -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099407"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704275308 {#4516
        date: 2024-01-03 10:48:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
      \n
      People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704284019 {#4897
      date: 2024-01-03 13:13:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4900 …}
    +nested: Doctrine\ORM\PersistentCollection {#4902 …}
    +votes: Doctrine\ORM\PersistentCollection {#4904 …}
    +reports: Doctrine\ORM\PersistentCollection {#4906 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
    -id: 276205
    -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042204"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704284019 {#4898
      date: 2024-01-03 13:13:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: "Hmm, I see. The perfectionist in me would want to shed that processor load though ^^"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704288057 {#4981
    date: 2024-01-03 14:20:57.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4984 …}
  +nested: Doctrine\ORM\PersistentCollection {#4986 …}
  +votes: Doctrine\ORM\PersistentCollection {#4988 …}
  +reports: Doctrine\ORM\PersistentCollection {#4990 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4992 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4994 …}
  -id: 276334
  -bodyTs: "'hmm':1 'load':14 'perfectionist':5 'processor':13 'see':3 'shed':11 'though':15 'want':9 'would':8"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6104409"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704288057 {#4982
    date: 2024-01-03 14:20:57.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4998
  +user: Proxies\__CG__\App\Entity\User {#4999 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4899
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4520
      +user: App\Entity\User {#4533 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1711793244 {#4515
        date: 2024-03-30 11:07:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4521 …}
      +nested: Doctrine\ORM\PersistentCollection {#4523 …}
      +votes: Doctrine\ORM\PersistentCollection {#4525 …}
      +reports: Doctrine\ORM\PersistentCollection {#4527 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
      -id: 276099
      -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099407"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704275308 {#4516
        date: 2024-01-03 10:48:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
      \n
      People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704284019 {#4897
      date: 2024-01-03 13:13:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4900 …}
    +nested: Doctrine\ORM\PersistentCollection {#4902 …}
    +votes: Doctrine\ORM\PersistentCollection {#4904 …}
    +reports: Doctrine\ORM\PersistentCollection {#4906 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
    -id: 276205
    -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042204"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704284019 {#4898
      date: 2024-01-03 13:13:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: "tmux has long been the better replacement to screen. SFTP makes it so you can use desktop software for file system operations."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704295347 {#4996
    date: 2024-01-03 16:22:27.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5000 …}
  +nested: Doctrine\ORM\PersistentCollection {#5002 …}
  +votes: Doctrine\ORM\PersistentCollection {#5004 …}
  +reports: Doctrine\ORM\PersistentCollection {#5006 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5008 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5010 …}
  -id: 276654
  -bodyTs: "'better':6 'desktop':17 'file':20 'long':3 'make':11 'oper':22 'replac':7 'screen':9 'sftp':10 'softwar':18 'system':21 'tmux':1 'use':16"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://hexbear.net/comment/4439808"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704295347 {#4997
    date: 2024-01-03 16:22:27.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4998
  +user: Proxies\__CG__\App\Entity\User {#4999 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4899
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4520
      +user: App\Entity\User {#4533 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1711793244 {#4515
        date: 2024-03-30 11:07:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4521 …}
      +nested: Doctrine\ORM\PersistentCollection {#4523 …}
      +votes: Doctrine\ORM\PersistentCollection {#4525 …}
      +reports: Doctrine\ORM\PersistentCollection {#4527 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
      -id: 276099
      -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099407"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704275308 {#4516
        date: 2024-01-03 10:48:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
      \n
      People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704284019 {#4897
      date: 2024-01-03 13:13:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4900 …}
    +nested: Doctrine\ORM\PersistentCollection {#4902 …}
    +votes: Doctrine\ORM\PersistentCollection {#4904 …}
    +reports: Doctrine\ORM\PersistentCollection {#4906 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
    -id: 276205
    -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042204"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704284019 {#4898
      date: 2024-01-03 13:13:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: "tmux has long been the better replacement to screen. SFTP makes it so you can use desktop software for file system operations."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704295347 {#4996
    date: 2024-01-03 16:22:27.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5000 …}
  +nested: Doctrine\ORM\PersistentCollection {#5002 …}
  +votes: Doctrine\ORM\PersistentCollection {#5004 …}
  +reports: Doctrine\ORM\PersistentCollection {#5006 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5008 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5010 …}
  -id: 276654
  -bodyTs: "'better':6 'desktop':17 'file':20 'long':3 'make':11 'oper':22 'replac':7 'screen':9 'sftp':10 'softwar':18 'system':21 'tmux':1 'use':16"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://hexbear.net/comment/4439808"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704295347 {#4997
    date: 2024-01-03 16:22:27.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4998
  +user: Proxies\__CG__\App\Entity\User {#4999 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4899
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4520
      +user: App\Entity\User {#4533 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1711793244 {#4515
        date: 2024-03-30 11:07:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4521 …}
      +nested: Doctrine\ORM\PersistentCollection {#4523 …}
      +votes: Doctrine\ORM\PersistentCollection {#4525 …}
      +reports: Doctrine\ORM\PersistentCollection {#4527 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
      -id: 276099
      -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099407"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704275308 {#4516
        date: 2024-01-03 10:48:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
      \n
      People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704284019 {#4897
      date: 2024-01-03 13:13:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4900 …}
    +nested: Doctrine\ORM\PersistentCollection {#4902 …}
    +votes: Doctrine\ORM\PersistentCollection {#4904 …}
    +reports: Doctrine\ORM\PersistentCollection {#4906 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
    -id: 276205
    -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042204"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704284019 {#4898
      date: 2024-01-03 13:13:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: "tmux has long been the better replacement to screen. SFTP makes it so you can use desktop software for file system operations."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704295347 {#4996
    date: 2024-01-03 16:22:27.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5000 …}
  +nested: Doctrine\ORM\PersistentCollection {#5002 …}
  +votes: Doctrine\ORM\PersistentCollection {#5004 …}
  +reports: Doctrine\ORM\PersistentCollection {#5006 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5008 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5010 …}
  -id: 276654
  -bodyTs: "'better':6 'desktop':17 'file':20 'long':3 'make':11 'oper':22 'replac':7 'screen':9 'sftp':10 'softwar':18 'system':21 'tmux':1 'use':16"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://hexbear.net/comment/4439808"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704295347 {#4997
    date: 2024-01-03 16:22:27.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5014
  +user: Proxies\__CG__\App\Entity\User {#5015 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4899
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4520
      +user: App\Entity\User {#4533 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1711793244 {#4515
        date: 2024-03-30 11:07:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4521 …}
      +nested: Doctrine\ORM\PersistentCollection {#4523 …}
      +votes: Doctrine\ORM\PersistentCollection {#4525 …}
      +reports: Doctrine\ORM\PersistentCollection {#4527 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
      -id: 276099
      -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099407"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704275308 {#4516
        date: 2024-01-03 10:48:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
      \n
      People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704284019 {#4897
      date: 2024-01-03 13:13:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4900 …}
    +nested: Doctrine\ORM\PersistentCollection {#4902 …}
    +votes: Doctrine\ORM\PersistentCollection {#4904 …}
    +reports: Doctrine\ORM\PersistentCollection {#4906 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
    -id: 276205
    -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042204"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704284019 {#4898
      date: 2024-01-03 13:13:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: """
    > screen doesn’t scroll\n
    \n
    Screen (and any other muxer) can scroll just fine. You just have to learn *how* to do it in each one. Tmux, for example, is `ctrl+b [` to enter scroll mode.\n
    \n
    > mistyped file operations\n
    \n
    Get a good TUI file manager. I use and recommend [ranger](https://github.com/ranger/ranger).
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704312762 {#5012
    date: 2024-01-03 21:12:42.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5016 …}
  +nested: Doctrine\ORM\PersistentCollection {#5018 …}
  +votes: Doctrine\ORM\PersistentCollection {#5020 …}
  +reports: Doctrine\ORM\PersistentCollection {#5022 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5024 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5026 …}
  -id: 277432
  -bodyTs: "'/ranger/ranger).':52 'b':31 'ctrl':30 'doesn':2 'enter':33 'exampl':28 'file':37,43 'fine':13 'get':39 'github.com':51 'github.com/ranger/ranger).':50 'good':41 'learn':18 'manag':44 'mistyp':36 'mode':35 'muxer':9 'one':25 'oper':38 'ranger':49 'recommend':48 'screen':1,5 'scroll':4,11,34 'tmux':26 'tui':42 'use':46"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6111544"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704312762 {#5013
    date: 2024-01-03 21:12:42.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5014
  +user: Proxies\__CG__\App\Entity\User {#5015 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4899
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4520
      +user: App\Entity\User {#4533 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1711793244 {#4515
        date: 2024-03-30 11:07:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4521 …}
      +nested: Doctrine\ORM\PersistentCollection {#4523 …}
      +votes: Doctrine\ORM\PersistentCollection {#4525 …}
      +reports: Doctrine\ORM\PersistentCollection {#4527 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
      -id: 276099
      -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099407"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704275308 {#4516
        date: 2024-01-03 10:48:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
      \n
      People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704284019 {#4897
      date: 2024-01-03 13:13:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4900 …}
    +nested: Doctrine\ORM\PersistentCollection {#4902 …}
    +votes: Doctrine\ORM\PersistentCollection {#4904 …}
    +reports: Doctrine\ORM\PersistentCollection {#4906 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
    -id: 276205
    -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042204"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704284019 {#4898
      date: 2024-01-03 13:13:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: """
    > screen doesn’t scroll\n
    \n
    Screen (and any other muxer) can scroll just fine. You just have to learn *how* to do it in each one. Tmux, for example, is `ctrl+b [` to enter scroll mode.\n
    \n
    > mistyped file operations\n
    \n
    Get a good TUI file manager. I use and recommend [ranger](https://github.com/ranger/ranger).
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704312762 {#5012
    date: 2024-01-03 21:12:42.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5016 …}
  +nested: Doctrine\ORM\PersistentCollection {#5018 …}
  +votes: Doctrine\ORM\PersistentCollection {#5020 …}
  +reports: Doctrine\ORM\PersistentCollection {#5022 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5024 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5026 …}
  -id: 277432
  -bodyTs: "'/ranger/ranger).':52 'b':31 'ctrl':30 'doesn':2 'enter':33 'exampl':28 'file':37,43 'fine':13 'get':39 'github.com':51 'github.com/ranger/ranger).':50 'good':41 'learn':18 'manag':44 'mistyp':36 'mode':35 'muxer':9 'one':25 'oper':38 'ranger':49 'recommend':48 'screen':1,5 'scroll':4,11,34 'tmux':26 'tui':42 'use':46"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6111544"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704312762 {#5013
    date: 2024-01-03 21:12:42.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5014
  +user: Proxies\__CG__\App\Entity\User {#5015 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4899
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4520
      +user: App\Entity\User {#4533 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1711793244 {#4515
        date: 2024-03-30 11:07:24.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4521 …}
      +nested: Doctrine\ORM\PersistentCollection {#4523 …}
      +votes: Doctrine\ORM\PersistentCollection {#4525 …}
      +reports: Doctrine\ORM\PersistentCollection {#4527 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
      -id: 276099
      -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099407"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704275308 {#4516
        date: 2024-01-03 10:48:28.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
      \n
      People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704284019 {#4897
      date: 2024-01-03 13:13:39.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4900 …}
    +nested: Doctrine\ORM\PersistentCollection {#4902 …}
    +votes: Doctrine\ORM\PersistentCollection {#4904 …}
    +reports: Doctrine\ORM\PersistentCollection {#4906 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
    -id: 276205
    -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042204"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704284019 {#4898
      date: 2024-01-03 13:13:39.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: """
    > screen doesn’t scroll\n
    \n
    Screen (and any other muxer) can scroll just fine. You just have to learn *how* to do it in each one. Tmux, for example, is `ctrl+b [` to enter scroll mode.\n
    \n
    > mistyped file operations\n
    \n
    Get a good TUI file manager. I use and recommend [ranger](https://github.com/ranger/ranger).
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1704312762 {#5012
    date: 2024-01-03 21:12:42.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5016 …}
  +nested: Doctrine\ORM\PersistentCollection {#5018 …}
  +votes: Doctrine\ORM\PersistentCollection {#5020 …}
  +reports: Doctrine\ORM\PersistentCollection {#5022 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5024 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5026 …}
  -id: 277432
  -bodyTs: "'/ranger/ranger).':52 'b':31 'ctrl':30 'doesn':2 'enter':33 'exampl':28 'file':37,43 'fine':13 'get':39 'github.com':51 'github.com/ranger/ranger).':50 'good':41 'learn':18 'manag':44 'mistyp':36 'mode':35 'muxer':9 'one':25 'oper':38 'ranger':49 'recommend':48 'screen':1,5 'scroll':4,11,34 'tmux':26 'tui':42 'use':46"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6111544"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704312762 {#5013
    date: 2024-01-03 21:12:42.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5179
  +user: Proxies\__CG__\App\Entity\User {#5180 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5014
    +user: Proxies\__CG__\App\Entity\User {#5015 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4899
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4520
        +user: App\Entity\User {#4533 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 7
        +score: 0
        +lastActive: DateTime @1711793244 {#4515
          date: 2024-03-30 11:07:24.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4521 …}
        +nested: Doctrine\ORM\PersistentCollection {#4523 …}
        +votes: Doctrine\ORM\PersistentCollection {#4525 …}
        +reports: Doctrine\ORM\PersistentCollection {#4527 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
        -id: 276099
        -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://programming.dev/comment/6099407"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704275308 {#4516
          date: 2024-01-03 10:48:28.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4520}
      +body: """
        Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
        \n
        People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704284019 {#4897
        date: 2024-01-03 13:13:39.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@dbx12@programming.dev"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4900 …}
      +nested: Doctrine\ORM\PersistentCollection {#4902 …}
      +votes: Doctrine\ORM\PersistentCollection {#4904 …}
      +reports: Doctrine\ORM\PersistentCollection {#4906 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
      -id: 276205
      -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042204"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704284019 {#4898
        date: 2024-01-03 13:13:39.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      > screen doesn’t scroll\n
      \n
      Screen (and any other muxer) can scroll just fine. You just have to learn *how* to do it in each one. Tmux, for example, is `ctrl+b [` to enter scroll mode.\n
      \n
      > mistyped file operations\n
      \n
      Get a good TUI file manager. I use and recommend [ranger](https://github.com/ranger/ranger).
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704312762 {#5012
      date: 2024-01-03 21:12:42.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5016 …}
    +nested: Doctrine\ORM\PersistentCollection {#5018 …}
    +votes: Doctrine\ORM\PersistentCollection {#5020 …}
    +reports: Doctrine\ORM\PersistentCollection {#5022 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5024 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5026 …}
    -id: 277432
    -bodyTs: "'/ranger/ranger).':52 'b':31 'ctrl':30 'doesn':2 'enter':33 'exampl':28 'file':37,43 'fine':13 'get':39 'github.com':51 'github.com/ranger/ranger).':50 'good':41 'learn':18 'manag':44 'mistyp':36 'mode':35 'muxer':9 'one':25 'oper':38 'ranger':49 'recommend':48 'screen':1,5 'scroll':4,11,34 'tmux':26 'tui':42 'use':46"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://programming.dev/comment/6111544"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704312762 {#5013
      date: 2024-01-03 21:12:42.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: "Screen uses Ctrl-a Esc (you press Ctrl+a, release them and then tap Esc, then you can scroll with arrows or pup/pgdown)"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704420192 {#5177
    date: 2024-01-05 03:03:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
    "@Hexarei@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5181 …}
  +nested: Doctrine\ORM\PersistentCollection {#5183 …}
  +votes: Doctrine\ORM\PersistentCollection {#5185 …}
  +reports: Doctrine\ORM\PersistentCollection {#5187 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5189 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5191 …}
  -id: 281517
  -bodyTs: "'arrow':22 'ctrl':4,9 'ctrl-a':3 'esc':6,16 'press':8 'pup/pgdown':24 'releas':11 'screen':1 'scroll':20 'tap':15 'use':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://reddthat.com/comment/6087868"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704420192 {#5178
    date: 2024-01-05 03:03:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5179
  +user: Proxies\__CG__\App\Entity\User {#5180 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5014
    +user: Proxies\__CG__\App\Entity\User {#5015 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4899
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4520
        +user: App\Entity\User {#4533 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 7
        +score: 0
        +lastActive: DateTime @1711793244 {#4515
          date: 2024-03-30 11:07:24.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4521 …}
        +nested: Doctrine\ORM\PersistentCollection {#4523 …}
        +votes: Doctrine\ORM\PersistentCollection {#4525 …}
        +reports: Doctrine\ORM\PersistentCollection {#4527 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
        -id: 276099
        -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://programming.dev/comment/6099407"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704275308 {#4516
          date: 2024-01-03 10:48:28.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4520}
      +body: """
        Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
        \n
        People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704284019 {#4897
        date: 2024-01-03 13:13:39.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@dbx12@programming.dev"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4900 …}
      +nested: Doctrine\ORM\PersistentCollection {#4902 …}
      +votes: Doctrine\ORM\PersistentCollection {#4904 …}
      +reports: Doctrine\ORM\PersistentCollection {#4906 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
      -id: 276205
      -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042204"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704284019 {#4898
        date: 2024-01-03 13:13:39.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      > screen doesn’t scroll\n
      \n
      Screen (and any other muxer) can scroll just fine. You just have to learn *how* to do it in each one. Tmux, for example, is `ctrl+b [` to enter scroll mode.\n
      \n
      > mistyped file operations\n
      \n
      Get a good TUI file manager. I use and recommend [ranger](https://github.com/ranger/ranger).
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704312762 {#5012
      date: 2024-01-03 21:12:42.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5016 …}
    +nested: Doctrine\ORM\PersistentCollection {#5018 …}
    +votes: Doctrine\ORM\PersistentCollection {#5020 …}
    +reports: Doctrine\ORM\PersistentCollection {#5022 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5024 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5026 …}
    -id: 277432
    -bodyTs: "'/ranger/ranger).':52 'b':31 'ctrl':30 'doesn':2 'enter':33 'exampl':28 'file':37,43 'fine':13 'get':39 'github.com':51 'github.com/ranger/ranger).':50 'good':41 'learn':18 'manag':44 'mistyp':36 'mode':35 'muxer':9 'one':25 'oper':38 'ranger':49 'recommend':48 'screen':1,5 'scroll':4,11,34 'tmux':26 'tui':42 'use':46"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://programming.dev/comment/6111544"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704312762 {#5013
      date: 2024-01-03 21:12:42.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: "Screen uses Ctrl-a Esc (you press Ctrl+a, release them and then tap Esc, then you can scroll with arrows or pup/pgdown)"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704420192 {#5177
    date: 2024-01-05 03:03:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
    "@Hexarei@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5181 …}
  +nested: Doctrine\ORM\PersistentCollection {#5183 …}
  +votes: Doctrine\ORM\PersistentCollection {#5185 …}
  +reports: Doctrine\ORM\PersistentCollection {#5187 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5189 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5191 …}
  -id: 281517
  -bodyTs: "'arrow':22 'ctrl':4,9 'ctrl-a':3 'esc':6,16 'press':8 'pup/pgdown':24 'releas':11 'screen':1 'scroll':20 'tap':15 'use':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://reddthat.com/comment/6087868"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704420192 {#5178
    date: 2024-01-05 03:03:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#5179
  +user: Proxies\__CG__\App\Entity\User {#5180 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#5014
    +user: Proxies\__CG__\App\Entity\User {#5015 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4899
      +user: Proxies\__CG__\App\Entity\User {#1978 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4520
        +user: App\Entity\User {#4533 …}
        +entry: App\Entity\Entry {#2400}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: "Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 7
        +score: 0
        +lastActive: DateTime @1711793244 {#4515
          date: 2024-03-30 11:07:24.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4521 …}
        +nested: Doctrine\ORM\PersistentCollection {#4523 …}
        +votes: Doctrine\ORM\PersistentCollection {#4525 …}
        +reports: Doctrine\ORM\PersistentCollection {#4527 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4529 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4531 …}
        -id: 276099
        -bodyTs: "'dislik':13 'ing':15 'judgement':3 'run':8 'server':7 'ssh':14 'without':1 'x11':9"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://programming.dev/comment/6099407"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704275308 {#4516
          date: 2024-01-03 10:48:28.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4520}
      +body: """
        Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.\n
        \n
        People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1704284019 {#4897
        date: 2024-01-03 13:13:39.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@dbx12@programming.dev"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4900 …}
      +nested: Doctrine\ORM\PersistentCollection {#4902 …}
      +votes: Doctrine\ORM\PersistentCollection {#4904 …}
      +reports: Doctrine\ORM\PersistentCollection {#4906 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4908 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4910 …}
      -id: 276205
      -bodyTs: "'abl':7 'also':99,121 'annoy':85,118 'archiv':54 'beyond':107 'compress':56 'delet':132 'didn':135 'doesn':101 'drive':38 'edg':110 'file':31,57,126,150 'find':116,143 'goe':106 'gui':149 'harder':157 'heavi':48 'imo':80 'inaccess':113 'independ':19 'instead':33 'juggl':87 'late':170 'like':77 'long':59 'lot':156 'main':1,22,139 'make':53 'manag':151 'mean':137 'mention':75 'mess':160 'mistyp':125 'multipl':10,88 'name':52 'notic':165 'offload':46 'onto':50 'open':13,18 'oper':49,127 'part':24 'pc':23,41,70 'peopl':73 'plug':35 'processor':47 'program':76 'realli':117 'reason':27 'safer':145 'screen':78,100 'screw':123 'scroll':103 'server':32 'someth':161 'stay':17 'storag':61 'stuff':133 'subt':159 'term':60 'termin':11,89,130 'top':109 'use':68,147 've':120 'want':4 'way':83 'whatev':105 'window':12,97"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.ml/comment/7042204"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704284019 {#4898
        date: 2024-01-03 13:13:39.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4520}
    +body: """
      > screen doesn’t scroll\n
      \n
      Screen (and any other muxer) can scroll just fine. You just have to learn *how* to do it in each one. Tmux, for example, is `ctrl+b [` to enter scroll mode.\n
      \n
      > mistyped file operations\n
      \n
      Get a good TUI file manager. I use and recommend [ranger](https://github.com/ranger/ranger).
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1704312762 {#5012
      date: 2024-01-03 21:12:42.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@dbx12@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#5016 …}
    +nested: Doctrine\ORM\PersistentCollection {#5018 …}
    +votes: Doctrine\ORM\PersistentCollection {#5020 …}
    +reports: Doctrine\ORM\PersistentCollection {#5022 …}
    +favourites: Doctrine\ORM\PersistentCollection {#5024 …}
    +notifications: Doctrine\ORM\PersistentCollection {#5026 …}
    -id: 277432
    -bodyTs: "'/ranger/ranger).':52 'b':31 'ctrl':30 'doesn':2 'enter':33 'exampl':28 'file':37,43 'fine':13 'get':39 'github.com':51 'github.com/ranger/ranger).':50 'good':41 'learn':18 'manag':44 'mistyp':36 'mode':35 'muxer':9 'one':25 'oper':38 'ranger':49 'recommend':48 'screen':1,5 'scroll':4,11,34 'tmux':26 'tui':42 'use':46"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://programming.dev/comment/6111544"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704312762 {#5013
      date: 2024-01-03 21:12:42.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4520}
  +body: "Screen uses Ctrl-a Esc (you press Ctrl+a, release them and then tap Esc, then you can scroll with arrows or pup/pgdown)"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704420192 {#5177
    date: 2024-01-05 03:03:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@dbx12@programming.dev"
    "@Hexarei@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#5181 …}
  +nested: Doctrine\ORM\PersistentCollection {#5183 …}
  +votes: Doctrine\ORM\PersistentCollection {#5185 …}
  +reports: Doctrine\ORM\PersistentCollection {#5187 …}
  +favourites: Doctrine\ORM\PersistentCollection {#5189 …}
  +notifications: Doctrine\ORM\PersistentCollection {#5191 …}
  -id: 281517
  -bodyTs: "'arrow':22 'ctrl':4,9 'ctrl-a':3 'esc':6,16 'press':8 'pup/pgdown':24 'releas':11 'screen':1 'scroll':20 'tap':15 'use':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://reddthat.com/comment/6087868"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704420192 {#5178
    date: 2024-01-05 03:03:12.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4593
  +user: App\Entity\User {#4606 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    Just don’t do that 😁\n
    \n
    I don’t get it anyway, if you login remotely, why don’t you just open firefox locally but on the remote servers? This makes not much sense.\n
    \n
    But If you absolutely have to. … At least be careful with your surf-targets. A search-engine and wiki would most likely be fine. Some pron-, stream- or warez-sites? Nah. Surely not.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 13
  +score: 0
  +lastActive: DateTime @1704274431 {#4588
    date: 2024-01-03 10:33:51.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4594 …}
  +nested: Doctrine\ORM\PersistentCollection {#4596 …}
  +votes: Doctrine\ORM\PersistentCollection {#4598 …}
  +reports: Doctrine\ORM\PersistentCollection {#4600 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4602 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4604 …}
  -id: 275998
  -bodyTs: "'absolut':37 'anyway':11 'care':43 'engin':52 'fine':59 'firefox':22 'get':9 'least':41 'like':57 'local':23 'login':14 'make':30 'much':32 'nah':67 'open':21 'pron':61 'remot':15,27 'search':51 'search-engin':50 'sens':33 'server':28 'site':66 'stream':62 'sure':68 'surf':47 'surf-target':46 'target':48 'warez':65 'warez-sit':64 'wiki':54 'would':55"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.zip/comment/5937875"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704274431 {#4589
    date: 2024-01-03 10:33:51.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4593
  +user: App\Entity\User {#4606 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    Just don’t do that 😁\n
    \n
    I don’t get it anyway, if you login remotely, why don’t you just open firefox locally but on the remote servers? This makes not much sense.\n
    \n
    But If you absolutely have to. … At least be careful with your surf-targets. A search-engine and wiki would most likely be fine. Some pron-, stream- or warez-sites? Nah. Surely not.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 13
  +score: 0
  +lastActive: DateTime @1704274431 {#4588
    date: 2024-01-03 10:33:51.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4594 …}
  +nested: Doctrine\ORM\PersistentCollection {#4596 …}
  +votes: Doctrine\ORM\PersistentCollection {#4598 …}
  +reports: Doctrine\ORM\PersistentCollection {#4600 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4602 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4604 …}
  -id: 275998
  -bodyTs: "'absolut':37 'anyway':11 'care':43 'engin':52 'fine':59 'firefox':22 'get':9 'least':41 'like':57 'local':23 'login':14 'make':30 'much':32 'nah':67 'open':21 'pron':61 'remot':15,27 'search':51 'search-engin':50 'sens':33 'server':28 'site':66 'stream':62 'sure':68 'surf':47 'surf-target':46 'target':48 'warez':65 'warez-sit':64 'wiki':54 'would':55"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.zip/comment/5937875"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704274431 {#4589
    date: 2024-01-03 10:33:51.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4593
  +user: App\Entity\User {#4606 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    Just don’t do that 😁\n
    \n
    I don’t get it anyway, if you login remotely, why don’t you just open firefox locally but on the remote servers? This makes not much sense.\n
    \n
    But If you absolutely have to. … At least be careful with your surf-targets. A search-engine and wiki would most likely be fine. Some pron-, stream- or warez-sites? Nah. Surely not.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 13
  +score: 0
  +lastActive: DateTime @1704274431 {#4588
    date: 2024-01-03 10:33:51.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4594 …}
  +nested: Doctrine\ORM\PersistentCollection {#4596 …}
  +votes: Doctrine\ORM\PersistentCollection {#4598 …}
  +reports: Doctrine\ORM\PersistentCollection {#4600 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4602 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4604 …}
  -id: 275998
  -bodyTs: "'absolut':37 'anyway':11 'care':43 'engin':52 'fine':59 'firefox':22 'get':9 'least':41 'like':57 'local':23 'login':14 'make':30 'much':32 'nah':67 'open':21 'pron':61 'remot':15,27 'search':51 'search-engin':50 'sens':33 'server':28 'site':66 'stream':62 'sure':68 'surf':47 'surf-target':46 'target':48 'warez':65 'warez-sit':64 'wiki':54 'would':55"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.zip/comment/5937875"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704274431 {#4589
    date: 2024-01-03 10:33:51.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4666
  +user: App\Entity\User {#4679 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    Usig *anything* as root is a security risk.\n
    \n
    Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
    \n
    So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
    \n
    Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
    \n
    Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 8
  +score: 0
  +lastActive: DateTime @1711208212 {#4661
    date: 2024-03-23 16:36:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4667 …}
  +nested: Doctrine\ORM\PersistentCollection {#4669 …}
  +votes: Doctrine\ORM\PersistentCollection {#4671 …}
  +reports: Doctrine\ORM\PersistentCollection {#4673 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4675 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4677 …}
  -id: 276098
  -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6099001"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704274379 {#4662
    date: 2024-01-03 10:32:59.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4666
  +user: App\Entity\User {#4679 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    Usig *anything* as root is a security risk.\n
    \n
    Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
    \n
    So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
    \n
    Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
    \n
    Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 8
  +score: 0
  +lastActive: DateTime @1711208212 {#4661
    date: 2024-03-23 16:36:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4667 …}
  +nested: Doctrine\ORM\PersistentCollection {#4669 …}
  +votes: Doctrine\ORM\PersistentCollection {#4671 …}
  +reports: Doctrine\ORM\PersistentCollection {#4673 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4675 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4677 …}
  -id: 276098
  -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6099001"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704274379 {#4662
    date: 2024-01-03 10:32:59.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4666
  +user: App\Entity\User {#4679 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    Usig *anything* as root is a security risk.\n
    \n
    Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
    \n
    So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
    \n
    Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
    \n
    Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 8
  +score: 0
  +lastActive: DateTime @1711208212 {#4661
    date: 2024-03-23 16:36:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4667 …}
  +nested: Doctrine\ORM\PersistentCollection {#4669 …}
  +votes: Doctrine\ORM\PersistentCollection {#4671 …}
  +reports: Doctrine\ORM\PersistentCollection {#4673 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4675 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4677 …}
  -id: 276098
  -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6099001"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704274379 {#4662
    date: 2024-01-03 10:32:59.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4884
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4666
    +user: App\Entity\User {#4679 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      Usig *anything* as root is a security risk.\n
      \n
      Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
      \n
      So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
      \n
      Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
      \n
      Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 8
    +score: 0
    +lastActive: DateTime @1711208212 {#4661
      date: 2024-03-23 16:36:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4667 …}
    +nested: Doctrine\ORM\PersistentCollection {#4669 …}
    +votes: Doctrine\ORM\PersistentCollection {#4671 …}
    +reports: Doctrine\ORM\PersistentCollection {#4673 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4675 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4677 …}
    -id: 276098
    -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://programming.dev/comment/6099001"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704274379 {#4662
      date: 2024-01-03 10:32:59.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4666}
  +body: "So is the main worry with GUIs that they have potential code execution vulnerabilities? Or is the worry that the plugins themselves are malicious?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704283325 {#4882
    date: 2024-01-03 13:02:05.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@hunger@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4885 …}
  +nested: Doctrine\ORM\PersistentCollection {#4887 …}
  +votes: Doctrine\ORM\PersistentCollection {#4889 …}
  +reports: Doctrine\ORM\PersistentCollection {#4891 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4893 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4895 …}
  -id: 276187
  -bodyTs: "'code':12 'execut':13 'gui':7 'main':4 'malici':24 'plugin':21 'potenti':11 'vulner':14 'worri':5,18"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042072"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283325 {#4883
    date: 2024-01-03 13:02:05.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4884
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4666
    +user: App\Entity\User {#4679 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      Usig *anything* as root is a security risk.\n
      \n
      Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
      \n
      So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
      \n
      Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
      \n
      Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 8
    +score: 0
    +lastActive: DateTime @1711208212 {#4661
      date: 2024-03-23 16:36:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4667 …}
    +nested: Doctrine\ORM\PersistentCollection {#4669 …}
    +votes: Doctrine\ORM\PersistentCollection {#4671 …}
    +reports: Doctrine\ORM\PersistentCollection {#4673 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4675 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4677 …}
    -id: 276098
    -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://programming.dev/comment/6099001"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704274379 {#4662
      date: 2024-01-03 10:32:59.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4666}
  +body: "So is the main worry with GUIs that they have potential code execution vulnerabilities? Or is the worry that the plugins themselves are malicious?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704283325 {#4882
    date: 2024-01-03 13:02:05.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@hunger@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4885 …}
  +nested: Doctrine\ORM\PersistentCollection {#4887 …}
  +votes: Doctrine\ORM\PersistentCollection {#4889 …}
  +reports: Doctrine\ORM\PersistentCollection {#4891 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4893 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4895 …}
  -id: 276187
  -bodyTs: "'code':12 'execut':13 'gui':7 'main':4 'malici':24 'plugin':21 'potenti':11 'vulner':14 'worri':5,18"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042072"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283325 {#4883
    date: 2024-01-03 13:02:05.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4884
  +user: Proxies\__CG__\App\Entity\User {#1978 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4666
    +user: App\Entity\User {#4679 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      Usig *anything* as root is a security risk.\n
      \n
      Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
      \n
      So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
      \n
      Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
      \n
      Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 8
    +score: 0
    +lastActive: DateTime @1711208212 {#4661
      date: 2024-03-23 16:36:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4667 …}
    +nested: Doctrine\ORM\PersistentCollection {#4669 …}
    +votes: Doctrine\ORM\PersistentCollection {#4671 …}
    +reports: Doctrine\ORM\PersistentCollection {#4673 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4675 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4677 …}
    -id: 276098
    -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://programming.dev/comment/6099001"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704274379 {#4662
      date: 2024-01-03 10:32:59.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4666}
  +body: "So is the main worry with GUIs that they have potential code execution vulnerabilities? Or is the worry that the plugins themselves are malicious?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1704283325 {#4882
    date: 2024-01-03 13:02:05.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@hunger@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4885 …}
  +nested: Doctrine\ORM\PersistentCollection {#4887 …}
  +votes: Doctrine\ORM\PersistentCollection {#4889 …}
  +reports: Doctrine\ORM\PersistentCollection {#4891 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4893 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4895 …}
  -id: 276187
  -bodyTs: "'code':12 'execut':13 'gui':7 'main':4 'malici':24 'plugin':21 'potenti':11 'vulner':14 'worri':5,18"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.ml/comment/7042072"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704283325 {#4883
    date: 2024-01-03 13:02:05.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4968
  +user: App\Entity\User {#4679 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4884
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4666
      +user: App\Entity\User {#4679 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        Usig *anything* as root is a security risk.\n
        \n
        Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
        \n
        So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
        \n
        Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
        \n
        Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 8
      +score: 0
      +lastActive: DateTime @1711208212 {#4661
        date: 2024-03-23 16:36:52.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4667 …}
      +nested: Doctrine\ORM\PersistentCollection {#4669 …}
      +votes: Doctrine\ORM\PersistentCollection {#4671 …}
      +reports: Doctrine\ORM\PersistentCollection {#4673 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4675 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4677 …}
      -id: 276098
      -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099001"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704274379 {#4662
        date: 2024-01-03 10:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4666}
    +body: "So is the main worry with GUIs that they have potential code execution vulnerabilities? Or is the worry that the plugins themselves are malicious?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704283325 {#4882
      date: 2024-01-03 13:02:05.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@hunger@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4885 …}
    +nested: Doctrine\ORM\PersistentCollection {#4887 …}
    +votes: Doctrine\ORM\PersistentCollection {#4889 …}
    +reports: Doctrine\ORM\PersistentCollection {#4891 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4893 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4895 …}
    -id: 276187
    -bodyTs: "'code':12 'execut':13 'gui':7 'main':4 'malici':24 'plugin':21 'potenti':11 'vulner':14 'worri':5,18"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042072"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283325 {#4883
      date: 2024-01-03 13:02:05.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4666}
  +body: """
    Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
    \n
    There are non-UI applications with similar problems though.\n
    \n
    Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704285453 {#4966
    date: 2024-01-03 13:37:33.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@hunger@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4969 …}
  +nested: Doctrine\ORM\PersistentCollection {#4971 …}
  +votes: Doctrine\ORM\PersistentCollection {#4973 …}
  +reports: Doctrine\ORM\PersistentCollection {#4975 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4977 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4979 …}
  -id: 276249
  -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6103834"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285453 {#4967
    date: 2024-01-03 13:37:33.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4968
  +user: App\Entity\User {#4679 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4884
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4666
      +user: App\Entity\User {#4679 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        Usig *anything* as root is a security risk.\n
        \n
        Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
        \n
        So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
        \n
        Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
        \n
        Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 8
      +score: 0
      +lastActive: DateTime @1711208212 {#4661
        date: 2024-03-23 16:36:52.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4667 …}
      +nested: Doctrine\ORM\PersistentCollection {#4669 …}
      +votes: Doctrine\ORM\PersistentCollection {#4671 …}
      +reports: Doctrine\ORM\PersistentCollection {#4673 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4675 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4677 …}
      -id: 276098
      -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099001"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704274379 {#4662
        date: 2024-01-03 10:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4666}
    +body: "So is the main worry with GUIs that they have potential code execution vulnerabilities? Or is the worry that the plugins themselves are malicious?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704283325 {#4882
      date: 2024-01-03 13:02:05.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@hunger@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4885 …}
    +nested: Doctrine\ORM\PersistentCollection {#4887 …}
    +votes: Doctrine\ORM\PersistentCollection {#4889 …}
    +reports: Doctrine\ORM\PersistentCollection {#4891 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4893 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4895 …}
    -id: 276187
    -bodyTs: "'code':12 'execut':13 'gui':7 'main':4 'malici':24 'plugin':21 'potenti':11 'vulner':14 'worri':5,18"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042072"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283325 {#4883
      date: 2024-01-03 13:02:05.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4666}
  +body: """
    Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
    \n
    There are non-UI applications with similar problems though.\n
    \n
    Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704285453 {#4966
    date: 2024-01-03 13:37:33.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@hunger@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4969 …}
  +nested: Doctrine\ORM\PersistentCollection {#4971 …}
  +votes: Doctrine\ORM\PersistentCollection {#4973 …}
  +reports: Doctrine\ORM\PersistentCollection {#4975 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4977 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4979 …}
  -id: 276249
  -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6103834"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285453 {#4967
    date: 2024-01-03 13:37:33.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4968
  +user: App\Entity\User {#4679 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4884
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +entry: App\Entity\Entry {#2400}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4666
      +user: App\Entity\User {#4679 …}
      +entry: App\Entity\Entry {#2400}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        Usig *anything* as root is a security risk.\n
        \n
        Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
        \n
        So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
        \n
        Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
        \n
        Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 8
      +score: 0
      +lastActive: DateTime @1711208212 {#4661
        date: 2024-03-23 16:36:52.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4667 …}
      +nested: Doctrine\ORM\PersistentCollection {#4669 …}
      +votes: Doctrine\ORM\PersistentCollection {#4671 …}
      +reports: Doctrine\ORM\PersistentCollection {#4673 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4675 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4677 …}
      -id: 276098
      -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099001"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704274379 {#4662
        date: 2024-01-03 10:32:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4666}
    +body: "So is the main worry with GUIs that they have potential code execution vulnerabilities? Or is the worry that the plugins themselves are malicious?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1704283325 {#4882
      date: 2024-01-03 13:02:05.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@HiddenLayer5@lemmy.ml"
      "@hunger@programming.dev"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4885 …}
    +nested: Doctrine\ORM\PersistentCollection {#4887 …}
    +votes: Doctrine\ORM\PersistentCollection {#4889 …}
    +reports: Doctrine\ORM\PersistentCollection {#4891 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4893 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4895 …}
    -id: 276187
    -bodyTs: "'code':12 'execut':13 'gui':7 'main':4 'malici':24 'plugin':21 'potenti':11 'vulner':14 'worri':5,18"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.ml/comment/7042072"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704283325 {#4883
      date: 2024-01-03 13:02:05.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4666}
  +body: """
    Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
    \n
    There are non-UI applications with similar problems though.\n
    \n
    Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704285453 {#4966
    date: 2024-01-03 13:37:33.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@hunger@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4969 …}
  +nested: Doctrine\ORM\PersistentCollection {#4971 …}
  +votes: Doctrine\ORM\PersistentCollection {#4973 …}
  +reports: Doctrine\ORM\PersistentCollection {#4975 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4977 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4979 …}
  -id: 276249
  -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6103834"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285453 {#4967
    date: 2024-01-03 13:37:33.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4740
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    > but no one seems to be discussing how risky it actually is.\n
    \n
    That is because people stopped doing it ages ago.\n
    \n
    > But shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system?\n
    \n
    Security is always a matter of layers. Any given layer can fail some of the time but you want to set up your security so situations where all the layers fail together are rare.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 32
  +score: 0
  +lastActive: DateTime @1704273827 {#4735
    date: 2024-01-03 10:23:47.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4741 …}
  +nested: Doctrine\ORM\PersistentCollection {#4743 …}
  +votes: Doctrine\ORM\PersistentCollection {#4745 …}
  +reports: Doctrine\ORM\PersistentCollection {#4747 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4749 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4751 …}
  -id: 275981
  -bodyTs: "'access':35 'actual':11 'age':20 'ago':21 'allow':32 'alway':41 'anyth':33 'base':37 'discuss':7 'everi':28 'fail':50,69 'firefox':25 'given':47 'layer':45,48,68 'matter':43 'one':3 'peopl':16 'rare':72 'riski':9 'sandbox':27 'secur':39,62 'seem':4 'set':59 'shouldn':23 'situat':64 'stop':17 'system':38 'time':54 'togeth':70 'want':57 'websit':29"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7046647"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704273827 {#4736
    date: 2024-01-03 10:23:47.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4740
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    > but no one seems to be discussing how risky it actually is.\n
    \n
    That is because people stopped doing it ages ago.\n
    \n
    > But shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system?\n
    \n
    Security is always a matter of layers. Any given layer can fail some of the time but you want to set up your security so situations where all the layers fail together are rare.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 32
  +score: 0
  +lastActive: DateTime @1704273827 {#4735
    date: 2024-01-03 10:23:47.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4741 …}
  +nested: Doctrine\ORM\PersistentCollection {#4743 …}
  +votes: Doctrine\ORM\PersistentCollection {#4745 …}
  +reports: Doctrine\ORM\PersistentCollection {#4747 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4749 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4751 …}
  -id: 275981
  -bodyTs: "'access':35 'actual':11 'age':20 'ago':21 'allow':32 'alway':41 'anyth':33 'base':37 'discuss':7 'everi':28 'fail':50,69 'firefox':25 'given':47 'layer':45,48,68 'matter':43 'one':3 'peopl':16 'rare':72 'riski':9 'sandbox':27 'secur':39,62 'seem':4 'set':59 'shouldn':23 'situat':64 'stop':17 'system':38 'time':54 'togeth':70 'want':57 'websit':29"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7046647"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704273827 {#4736
    date: 2024-01-03 10:23:47.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#4740
  +user: App\Entity\User {#4753 …}
  +entry: App\Entity\Entry {#2400
    +user: Proxies\__CG__\App\Entity\User {#1978 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1406
      +entryCommentCount: 28632
      +postCount: 6
      +postCommentCount: 214
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729583542 {#275
        date: 2024-10-22 09:52:22.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1729583596 {#269
        date: 2024-10-22 09:53:16.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#271
        date: 2023-11-02 13:51:08.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1889 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#2414
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1688 …}
    +votes: Doctrine\ORM\PersistentCollection {#1966 …}
    +reports: Doctrine\ORM\PersistentCollection {#1965 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1368 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2426 …}
    +badges: Doctrine\ORM\PersistentCollection {#2439 …}
    +children: []
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#1793
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2402
      date: 2024-01-03 10:08:09.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    > but no one seems to be discussing how risky it actually is.\n
    \n
    That is because people stopped doing it ages ago.\n
    \n
    > But shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system?\n
    \n
    Security is always a matter of layers. Any given layer can fail some of the time but you want to set up your security so situations where all the layers fail together are rare.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 32
  +score: 0
  +lastActive: DateTime @1704273827 {#4735
    date: 2024-01-03 10:23:47.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4741 …}
  +nested: Doctrine\ORM\PersistentCollection {#4743 …}
  +votes: Doctrine\ORM\PersistentCollection {#4745 …}
  +reports: Doctrine\ORM\PersistentCollection {#4747 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4749 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4751 …}
  -id: 275981
  -bodyTs: "'access':35 'actual':11 'age':20 'ago':21 'allow':32 'alway':41 'anyth':33 'base':37 'discuss':7 'everi':28 'fail':50,69 'firefox':25 'given':47 'layer':45,48,68 'matter':43 'one':3 'peopl':16 'rare':72 'riski':9 'sandbox':27 'secur':39,62 'seem':4 'set':59 'shouldn':23 'situat':64 'stop':17 'system':38 'time':54 'togeth':70 'want':57 'websit':29"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sh.itjust.works/comment/7046647"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704273827 {#4736
    date: 2024-01-03 10:23:47.0 +01:00
  }
}
"App\Security\Voter\UserVoter"
App\Entity\Magazine {#265
  +icon: Proxies\__CG__\App\Entity\Image {#246 …}
  +name: "linux@lemmy.ml"
  +title: "linux"
  +description: """
    From Wikipedia, the free encyclopedia\n
    \n
    Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
    \n
    Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
    \n
    ### Rules\n
    \n
    - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
    - No misinformation\n
    - No NSFW content\n
    - No hate speech, bigotry, etc\n
    \n
    ### Related Communities\n
    \n
    - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
    - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
    - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
    - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
    \n
    Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
    """
  +rules: null
  +subscriptionsCount: 1
  +entryCount: 1406
  +entryCommentCount: 28632
  +postCount: 6
  +postCommentCount: 214
  +isAdult: false
  +customCss: null
  +lastActive: DateTime @1729583542 {#275
    date: 2024-10-22 09:52:22.0 +02:00
  }
  +markedForDeletionAt: null
  +tags: null
  +moderators: Doctrine\ORM\PersistentCollection {#237 …}
  +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
  +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
  +entries: Doctrine\ORM\PersistentCollection {#180 …}
  +posts: Doctrine\ORM\PersistentCollection {#138 …}
  +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
  +bans: Doctrine\ORM\PersistentCollection {#117 …}
  +reports: Doctrine\ORM\PersistentCollection {#103 …}
  +badges: Doctrine\ORM\PersistentCollection {#81 …}
  +logs: Doctrine\ORM\PersistentCollection {#71 …}
  +awards: Doctrine\ORM\PersistentCollection {#1346 …}
  +categories: Doctrine\ORM\PersistentCollection {#1823 …}
  -id: 73
  +apId: "linux@lemmy.ml"
  +apProfileId: "https://lemmy.ml/c/linux"
  +apPublicUrl: "https://lemmy.ml/c/linux"
  +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
  +apInboxUrl: "https://lemmy.ml/inbox"
  +apDomain: "lemmy.ml"
  +apPreferredUsername: "linux"
  +apDiscoverable: true
  +apManuallyApprovesFollowers: null
  +privateKey: null
  +publicKey: null
  +apFetchedAt: DateTime @1729583596 {#269
    date: 2024-10-22 09:53:16.0 +02:00
  }
  +apDeletedAt: null
  +apTimeoutAt: null
  +visibility: "visible             "
  +createdAt: DateTimeImmutable @1698929468 {#271
    date: 2023-11-02 13:51:08.0 +01:00
  }
}
"App\Security\Voter\UserVoter"

Symfony Profiler

GET https://kbin.spritesserver.nl/m/linux@lemmy.ml/t/26893/CVE-2023-4863/newest?p=2

Configuration Settings

Theme

Page Width

Security

Token

Firewall

Configuration

Listeners

Authenticators

Access Decision

Access decision log