Why do companies not give root access to employees on their desktop machines?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
15
down vote

favorite












Why do companies typically not give their employees root access to their desktop machines that are only used by a single employee?



If what I can do on my machine poses a threat to the rest of the network, isn't a security flaw in itself? Why would the rights I have on my own machine affect what I can do to others on the network?



Isn't the point of Unix user management to protect files of user A on machine X from access by user B on machine X?



If it's about protecting the user from himself (say, from installing something with root access that will wipe out the hard drive): Since I am working without root access, all my files are owned by myself; hence, if I am fooled and run an evil script without root access and it wipes all only the files owned by myself, it is just as bad as if I had given it root access and it wiped the entire hard drive.










share|improve this question









New contributor




Bananach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 3




    What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
    – schroeder♦
    19 hours ago






  • 13




    What make you say that is typical? I have had root access on my local machine in every job I have had.
    – kasperd
    13 hours ago






  • 3




    This question would be a lot easier to answer if you had a use case for why you think you should have it.
    – Joshua
    13 hours ago






  • 3




    Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
    – Jon of All Trades
    10 hours ago






  • 2




    I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
    – Bergi
    10 hours ago














up vote
15
down vote

favorite












Why do companies typically not give their employees root access to their desktop machines that are only used by a single employee?



If what I can do on my machine poses a threat to the rest of the network, isn't a security flaw in itself? Why would the rights I have on my own machine affect what I can do to others on the network?



Isn't the point of Unix user management to protect files of user A on machine X from access by user B on machine X?



If it's about protecting the user from himself (say, from installing something with root access that will wipe out the hard drive): Since I am working without root access, all my files are owned by myself; hence, if I am fooled and run an evil script without root access and it wipes all only the files owned by myself, it is just as bad as if I had given it root access and it wiped the entire hard drive.










share|improve this question









New contributor




Bananach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 3




    What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
    – schroeder♦
    19 hours ago






  • 13




    What make you say that is typical? I have had root access on my local machine in every job I have had.
    – kasperd
    13 hours ago






  • 3




    This question would be a lot easier to answer if you had a use case for why you think you should have it.
    – Joshua
    13 hours ago






  • 3




    Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
    – Jon of All Trades
    10 hours ago






  • 2




    I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
    – Bergi
    10 hours ago












up vote
15
down vote

favorite









up vote
15
down vote

favorite











Why do companies typically not give their employees root access to their desktop machines that are only used by a single employee?



If what I can do on my machine poses a threat to the rest of the network, isn't a security flaw in itself? Why would the rights I have on my own machine affect what I can do to others on the network?



Isn't the point of Unix user management to protect files of user A on machine X from access by user B on machine X?



If it's about protecting the user from himself (say, from installing something with root access that will wipe out the hard drive): Since I am working without root access, all my files are owned by myself; hence, if I am fooled and run an evil script without root access and it wipes all only the files owned by myself, it is just as bad as if I had given it root access and it wiped the entire hard drive.










share|improve this question









New contributor




Bananach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











Why do companies typically not give their employees root access to their desktop machines that are only used by a single employee?



If what I can do on my machine poses a threat to the rest of the network, isn't a security flaw in itself? Why would the rights I have on my own machine affect what I can do to others on the network?



Isn't the point of Unix user management to protect files of user A on machine X from access by user B on machine X?



If it's about protecting the user from himself (say, from installing something with root access that will wipe out the hard drive): Since I am working without root access, all my files are owned by myself; hence, if I am fooled and run an evil script without root access and it wipes all only the files owned by myself, it is just as bad as if I had given it root access and it wiped the entire hard drive.







corporate-policy root






share|improve this question









New contributor




Bananach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Bananach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 15 mins ago









Andy Lester

30026




30026






New contributor




Bananach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 19 hours ago









Bananach

18213




18213




New contributor




Bananach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Bananach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Bananach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







  • 3




    What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
    – schroeder♦
    19 hours ago






  • 13




    What make you say that is typical? I have had root access on my local machine in every job I have had.
    – kasperd
    13 hours ago






  • 3




    This question would be a lot easier to answer if you had a use case for why you think you should have it.
    – Joshua
    13 hours ago






  • 3




    Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
    – Jon of All Trades
    10 hours ago






  • 2




    I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
    – Bergi
    10 hours ago












  • 3




    What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
    – schroeder♦
    19 hours ago






  • 13




    What make you say that is typical? I have had root access on my local machine in every job I have had.
    – kasperd
    13 hours ago






  • 3




    This question would be a lot easier to answer if you had a use case for why you think you should have it.
    – Joshua
    13 hours ago






  • 3




    Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
    – Jon of All Trades
    10 hours ago






  • 2




    I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
    – Bergi
    10 hours ago







3




3




What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
– schroeder♦
19 hours ago




What do you mean by root access? Do you mean not providing the root password to be able to sudo, or do you mean not allowing users to log into root?
– schroeder♦
19 hours ago




13




13




What make you say that is typical? I have had root access on my local machine in every job I have had.
– kasperd
13 hours ago




What make you say that is typical? I have had root access on my local machine in every job I have had.
– kasperd
13 hours ago




3




3




This question would be a lot easier to answer if you had a use case for why you think you should have it.
– Joshua
13 hours ago




This question would be a lot easier to answer if you had a use case for why you think you should have it.
– Joshua
13 hours ago




3




3




Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
– Jon of All Trades
10 hours ago




Are you asking about *NIX systems in particular, or all work PCs (e.g., admin rights on a Windows machine)?
– Jon of All Trades
10 hours ago




2




2




I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
– Bergi
10 hours ago




I don't think they couldn't protect the network from your machine. But what they ultimately want is to protect the company files on your machine from evil things (which might include you).
– Bergi
10 hours ago










3 Answers
3






active

oldest

votes

















up vote
28
down vote













Security administrators are responsible for your machine and what happens on your machine. This responsibility violates the basic security model for a single-user Unix machine because the admin (an absent party) is root on your machine, you are not. Unix isn't really set up for this model.



Admins need to be able to install security controls on your machine in order to protect the company, not just the data and the network and the other nodes. If the local user had root access then admins are no longer in control over those controls. That's the basic premise.



Yes, there are tons of reasons why root is needed to do bad things or to turn the machine into a malicious node and all those are good reasons not to provide root access. And yes, there are lots of ways around those limitations and lots of ways that the local user could do bad things. But ultimately, the local user and the Risk Owner cannot be competing for control or responsibility over the machine.






share|improve this answer


















  • 2




    The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
    – JoL
    4 hours ago


















up vote
14
down vote













A few reasons off the top of my head:



  • ARP poisoning or network flooding attacks on the network would generally require root access to a machine on the network.


  • Being able to install unauthorised programs might open the company up to legal liability if those programs are themselves illegal (e.g. because they're pirated or not licensed for for-profit use or whatever).


  • If the company has any sort of remote monitoring of employees (or wants the ability to have such monitoring even if it's not in place yet), giving users root access would allow them to bypass that.


  • Not having root access means you can't rm -rf /bin, or any number of other destructive things, and nor can anyone who gains access to your login details, so there's no chance your company will need to help you recover from that situation.


  • If your company might redeploy your machine if you leave, they might feel more comfortable doing so without doing a complete wipe-and-reinstall if you've never had root access to it.


  • Giving people root access is easy, if it becomes necessary; taking root access away comprehensively is difficult if it becomes necessary.


  • The general principle of least privilege is that you shouldn't give anyone/anything access they don't actively need.


  • Simply not having moved on from the days of shared servers because it's a process that's worked and nothing has broken the inertia (the hypothetical monkeys and ladders problem).






share|improve this answer
















  • 3




    The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
    – Ben Millwood
    10 hours ago










  • It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
    – thomasrutter
    4 hours ago


















up vote
2
down vote













This answer is not meant to contradict the existing answers, but rather supplement them because it's too long for a comment.



Part of the reason is (as others have alluded to) that users can't be trusted to do foolish/malicious things. But another part is whose responsibility is it to fix things when that happens?



I'm a full-stack developer and part time devops with root access not only to my own development machines but a number of our production servers and at least some level of access to the hypervisor they're deployed on. But if I mess up, I am the party (or at least a party) with the skills, expertise, and responsibility to fix it. Not so of the typical end user: if Bobby the user borks his/her Windows install that happened to have mission-critical data and/or be used for mission critical work then Bobby isn't the one who has to come in on his/her day off or work unpaid overtime to fix it. Not to mention answer to the brass how Bobby managed to almost single-handedly sink the ship.



So part of the reason IT departments limit end user privileges is that it reduces their own risk exposure.






share|improve this answer




















  • How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
    – Bananach
    8 hours ago










  • @Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
    – Jared Smith
    7 hours ago










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






Bananach is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196350%2fwhy-do-companies-not-give-root-access-to-employees-on-their-desktop-machines%23new-answer', 'question_page');

);

Post as a guest






























3 Answers
3






active

oldest

votes








3 Answers
3






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
28
down vote













Security administrators are responsible for your machine and what happens on your machine. This responsibility violates the basic security model for a single-user Unix machine because the admin (an absent party) is root on your machine, you are not. Unix isn't really set up for this model.



Admins need to be able to install security controls on your machine in order to protect the company, not just the data and the network and the other nodes. If the local user had root access then admins are no longer in control over those controls. That's the basic premise.



Yes, there are tons of reasons why root is needed to do bad things or to turn the machine into a malicious node and all those are good reasons not to provide root access. And yes, there are lots of ways around those limitations and lots of ways that the local user could do bad things. But ultimately, the local user and the Risk Owner cannot be competing for control or responsibility over the machine.






share|improve this answer


















  • 2




    The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
    – JoL
    4 hours ago















up vote
28
down vote













Security administrators are responsible for your machine and what happens on your machine. This responsibility violates the basic security model for a single-user Unix machine because the admin (an absent party) is root on your machine, you are not. Unix isn't really set up for this model.



Admins need to be able to install security controls on your machine in order to protect the company, not just the data and the network and the other nodes. If the local user had root access then admins are no longer in control over those controls. That's the basic premise.



Yes, there are tons of reasons why root is needed to do bad things or to turn the machine into a malicious node and all those are good reasons not to provide root access. And yes, there are lots of ways around those limitations and lots of ways that the local user could do bad things. But ultimately, the local user and the Risk Owner cannot be competing for control or responsibility over the machine.






share|improve this answer


















  • 2




    The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
    – JoL
    4 hours ago













up vote
28
down vote










up vote
28
down vote









Security administrators are responsible for your machine and what happens on your machine. This responsibility violates the basic security model for a single-user Unix machine because the admin (an absent party) is root on your machine, you are not. Unix isn't really set up for this model.



Admins need to be able to install security controls on your machine in order to protect the company, not just the data and the network and the other nodes. If the local user had root access then admins are no longer in control over those controls. That's the basic premise.



Yes, there are tons of reasons why root is needed to do bad things or to turn the machine into a malicious node and all those are good reasons not to provide root access. And yes, there are lots of ways around those limitations and lots of ways that the local user could do bad things. But ultimately, the local user and the Risk Owner cannot be competing for control or responsibility over the machine.






share|improve this answer














Security administrators are responsible for your machine and what happens on your machine. This responsibility violates the basic security model for a single-user Unix machine because the admin (an absent party) is root on your machine, you are not. Unix isn't really set up for this model.



Admins need to be able to install security controls on your machine in order to protect the company, not just the data and the network and the other nodes. If the local user had root access then admins are no longer in control over those controls. That's the basic premise.



Yes, there are tons of reasons why root is needed to do bad things or to turn the machine into a malicious node and all those are good reasons not to provide root access. And yes, there are lots of ways around those limitations and lots of ways that the local user could do bad things. But ultimately, the local user and the Risk Owner cannot be competing for control or responsibility over the machine.







share|improve this answer














share|improve this answer



share|improve this answer








edited 13 hours ago

























answered 19 hours ago









schroeder♦

67.8k25143181




67.8k25143181







  • 2




    The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
    – JoL
    4 hours ago













  • 2




    The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
    – JoL
    4 hours ago








2




2




The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
– JoL
4 hours ago





The first paragraph confuses me. Unix OSes are multi-user, not single-user, and that's precisely why they're set up for this model. That today most machines are intended for a single user, only results in not having multiple normal users, each with their own home directory, in a single machine. That's the only difference, right? The basic security model has remained multi-user, with root always being there for a possible separate administrator.
– JoL
4 hours ago













up vote
14
down vote













A few reasons off the top of my head:



  • ARP poisoning or network flooding attacks on the network would generally require root access to a machine on the network.


  • Being able to install unauthorised programs might open the company up to legal liability if those programs are themselves illegal (e.g. because they're pirated or not licensed for for-profit use or whatever).


  • If the company has any sort of remote monitoring of employees (or wants the ability to have such monitoring even if it's not in place yet), giving users root access would allow them to bypass that.


  • Not having root access means you can't rm -rf /bin, or any number of other destructive things, and nor can anyone who gains access to your login details, so there's no chance your company will need to help you recover from that situation.


  • If your company might redeploy your machine if you leave, they might feel more comfortable doing so without doing a complete wipe-and-reinstall if you've never had root access to it.


  • Giving people root access is easy, if it becomes necessary; taking root access away comprehensively is difficult if it becomes necessary.


  • The general principle of least privilege is that you shouldn't give anyone/anything access they don't actively need.


  • Simply not having moved on from the days of shared servers because it's a process that's worked and nothing has broken the inertia (the hypothetical monkeys and ladders problem).






share|improve this answer
















  • 3




    The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
    – Ben Millwood
    10 hours ago










  • It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
    – thomasrutter
    4 hours ago















up vote
14
down vote













A few reasons off the top of my head:



  • ARP poisoning or network flooding attacks on the network would generally require root access to a machine on the network.


  • Being able to install unauthorised programs might open the company up to legal liability if those programs are themselves illegal (e.g. because they're pirated or not licensed for for-profit use or whatever).


  • If the company has any sort of remote monitoring of employees (or wants the ability to have such monitoring even if it's not in place yet), giving users root access would allow them to bypass that.


  • Not having root access means you can't rm -rf /bin, or any number of other destructive things, and nor can anyone who gains access to your login details, so there's no chance your company will need to help you recover from that situation.


  • If your company might redeploy your machine if you leave, they might feel more comfortable doing so without doing a complete wipe-and-reinstall if you've never had root access to it.


  • Giving people root access is easy, if it becomes necessary; taking root access away comprehensively is difficult if it becomes necessary.


  • The general principle of least privilege is that you shouldn't give anyone/anything access they don't actively need.


  • Simply not having moved on from the days of shared servers because it's a process that's worked and nothing has broken the inertia (the hypothetical monkeys and ladders problem).






share|improve this answer
















  • 3




    The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
    – Ben Millwood
    10 hours ago










  • It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
    – thomasrutter
    4 hours ago













up vote
14
down vote










up vote
14
down vote









A few reasons off the top of my head:



  • ARP poisoning or network flooding attacks on the network would generally require root access to a machine on the network.


  • Being able to install unauthorised programs might open the company up to legal liability if those programs are themselves illegal (e.g. because they're pirated or not licensed for for-profit use or whatever).


  • If the company has any sort of remote monitoring of employees (or wants the ability to have such monitoring even if it's not in place yet), giving users root access would allow them to bypass that.


  • Not having root access means you can't rm -rf /bin, or any number of other destructive things, and nor can anyone who gains access to your login details, so there's no chance your company will need to help you recover from that situation.


  • If your company might redeploy your machine if you leave, they might feel more comfortable doing so without doing a complete wipe-and-reinstall if you've never had root access to it.


  • Giving people root access is easy, if it becomes necessary; taking root access away comprehensively is difficult if it becomes necessary.


  • The general principle of least privilege is that you shouldn't give anyone/anything access they don't actively need.


  • Simply not having moved on from the days of shared servers because it's a process that's worked and nothing has broken the inertia (the hypothetical monkeys and ladders problem).






share|improve this answer












A few reasons off the top of my head:



  • ARP poisoning or network flooding attacks on the network would generally require root access to a machine on the network.


  • Being able to install unauthorised programs might open the company up to legal liability if those programs are themselves illegal (e.g. because they're pirated or not licensed for for-profit use or whatever).


  • If the company has any sort of remote monitoring of employees (or wants the ability to have such monitoring even if it's not in place yet), giving users root access would allow them to bypass that.


  • Not having root access means you can't rm -rf /bin, or any number of other destructive things, and nor can anyone who gains access to your login details, so there's no chance your company will need to help you recover from that situation.


  • If your company might redeploy your machine if you leave, they might feel more comfortable doing so without doing a complete wipe-and-reinstall if you've never had root access to it.


  • Giving people root access is easy, if it becomes necessary; taking root access away comprehensively is difficult if it becomes necessary.


  • The general principle of least privilege is that you shouldn't give anyone/anything access they don't actively need.


  • Simply not having moved on from the days of shared servers because it's a process that's worked and nothing has broken the inertia (the hypothetical monkeys and ladders problem).







share|improve this answer












share|improve this answer



share|improve this answer










answered 19 hours ago









me_and

30717




30717







  • 3




    The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
    – Ben Millwood
    10 hours ago










  • It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
    – thomasrutter
    4 hours ago













  • 3




    The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
    – Ben Millwood
    10 hours ago










  • It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
    – thomasrutter
    4 hours ago








3




3




The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
– Ben Millwood
10 hours ago




The second point isn't super strong because it's definitely possible to violate licensing laws with software you run out of your home directory.
– Ben Millwood
10 hours ago












It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
– thomasrutter
4 hours ago





It is usually standard practice for a computer to be wiped and re-imaged when re-deployed to another staff member. Leaving all a previous staff member's stuff in their home directory seems like it may be more of a liability. I think of these points, the principle of least privilege is the most convincing reason for doing this, but that principle also justifies giving them root access as soon as they have a legitimate need for it.
– thomasrutter
4 hours ago











up vote
2
down vote













This answer is not meant to contradict the existing answers, but rather supplement them because it's too long for a comment.



Part of the reason is (as others have alluded to) that users can't be trusted to do foolish/malicious things. But another part is whose responsibility is it to fix things when that happens?



I'm a full-stack developer and part time devops with root access not only to my own development machines but a number of our production servers and at least some level of access to the hypervisor they're deployed on. But if I mess up, I am the party (or at least a party) with the skills, expertise, and responsibility to fix it. Not so of the typical end user: if Bobby the user borks his/her Windows install that happened to have mission-critical data and/or be used for mission critical work then Bobby isn't the one who has to come in on his/her day off or work unpaid overtime to fix it. Not to mention answer to the brass how Bobby managed to almost single-handedly sink the ship.



So part of the reason IT departments limit end user privileges is that it reduces their own risk exposure.






share|improve this answer




















  • How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
    – Bananach
    8 hours ago










  • @Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
    – Jared Smith
    7 hours ago














up vote
2
down vote













This answer is not meant to contradict the existing answers, but rather supplement them because it's too long for a comment.



Part of the reason is (as others have alluded to) that users can't be trusted to do foolish/malicious things. But another part is whose responsibility is it to fix things when that happens?



I'm a full-stack developer and part time devops with root access not only to my own development machines but a number of our production servers and at least some level of access to the hypervisor they're deployed on. But if I mess up, I am the party (or at least a party) with the skills, expertise, and responsibility to fix it. Not so of the typical end user: if Bobby the user borks his/her Windows install that happened to have mission-critical data and/or be used for mission critical work then Bobby isn't the one who has to come in on his/her day off or work unpaid overtime to fix it. Not to mention answer to the brass how Bobby managed to almost single-handedly sink the ship.



So part of the reason IT departments limit end user privileges is that it reduces their own risk exposure.






share|improve this answer




















  • How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
    – Bananach
    8 hours ago










  • @Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
    – Jared Smith
    7 hours ago












up vote
2
down vote










up vote
2
down vote









This answer is not meant to contradict the existing answers, but rather supplement them because it's too long for a comment.



Part of the reason is (as others have alluded to) that users can't be trusted to do foolish/malicious things. But another part is whose responsibility is it to fix things when that happens?



I'm a full-stack developer and part time devops with root access not only to my own development machines but a number of our production servers and at least some level of access to the hypervisor they're deployed on. But if I mess up, I am the party (or at least a party) with the skills, expertise, and responsibility to fix it. Not so of the typical end user: if Bobby the user borks his/her Windows install that happened to have mission-critical data and/or be used for mission critical work then Bobby isn't the one who has to come in on his/her day off or work unpaid overtime to fix it. Not to mention answer to the brass how Bobby managed to almost single-handedly sink the ship.



So part of the reason IT departments limit end user privileges is that it reduces their own risk exposure.






share|improve this answer












This answer is not meant to contradict the existing answers, but rather supplement them because it's too long for a comment.



Part of the reason is (as others have alluded to) that users can't be trusted to do foolish/malicious things. But another part is whose responsibility is it to fix things when that happens?



I'm a full-stack developer and part time devops with root access not only to my own development machines but a number of our production servers and at least some level of access to the hypervisor they're deployed on. But if I mess up, I am the party (or at least a party) with the skills, expertise, and responsibility to fix it. Not so of the typical end user: if Bobby the user borks his/her Windows install that happened to have mission-critical data and/or be used for mission critical work then Bobby isn't the one who has to come in on his/her day off or work unpaid overtime to fix it. Not to mention answer to the brass how Bobby managed to almost single-handedly sink the ship.



So part of the reason IT departments limit end user privileges is that it reduces their own risk exposure.







share|improve this answer












share|improve this answer



share|improve this answer










answered 10 hours ago









Jared Smith

1,7501411




1,7501411











  • How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
    – Bananach
    8 hours ago










  • @Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
    – Jared Smith
    7 hours ago
















  • How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
    – Bananach
    8 hours ago










  • @Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
    – Jared Smith
    7 hours ago















How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
– Bananach
8 hours ago




How could Bobby have non recoverable mission critical data on his machine? How could I be more than a matter of half an hour to resetup his machine? Both seem to me like flaws in design. Also, as stated in my question, not giving him root acces doesn't prevent him from deleting the data he actually works on
– Bananach
8 hours ago












@Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
– Jared Smith
7 hours ago




@Bananach I never said unrecoverable, and I never said reimaging was difficult, but whose job is it to recover the data and redeploy the machine? Not Bobby's...
– Jared Smith
7 hours ago










Bananach is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















Bananach is a new contributor. Be nice, and check out our Code of Conduct.












Bananach is a new contributor. Be nice, and check out our Code of Conduct.











Bananach is a new contributor. Be nice, and check out our Code of Conduct.













 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196350%2fwhy-do-companies-not-give-root-access-to-employees-on-their-desktop-machines%23new-answer', 'question_page');

);

Post as a guest













































































Comments

Popular posts from this blog

What does second last employer means? [closed]

Installing NextGIS Connect into QGIS 3?

One-line joke