Back when I was a teenager, and all I had was an old Macintosh to hack on, I used to think it sounded amazing to be a Unix system administrator.
In particular, I was super excited about being root. There was such a mystique around that user. I knew it was somehow powerful. Dangerous. I found it mysterious.
I was so excited about it that I tried typing su once on my ISP’s Unix system. (This was back in the days when ordinary dialup accounts came with Unix shell accounts.) I obviously had no idea what the password was (and I didn’t even try to do anything remotely like “hacking”), but my failed attempt ended up in their logs.
The ISP was not pleased. They disabled our account.
My dad had to call up the company owner (I think they had been high school classmates; it was all very small-town) and explain that I was not going to do that again.
They re-enabled our account.
(And I never did that again.)
A few years went by. I got a job doing some web software development (mostly Python). I had more legit reasons to play with servers. I learned enough to be dangerous.
One day, I was at some kind of web training and I wanted to be helpful to the event organizers. So they gave me admin access to their little Debian server and told me to make myself useful.
I was trying to learn my way around their environment, but I wasn’t really too familiar with how it was laid out. I was exploring and I typed cat /dev/something.
(I didn’t know yet that /dev/ is the directory tree that Linux uses to expose system devices as if they were files. Nothing in there is actually a normal file.)
The whole system froze.
Whatever I had done was impossible to exit or cancel.
The shell stopped responding. So did httpd.
Sheepishly, I had to approach the event organizers and explain I had just crashed their webserver.
“What did you do?” they asked.
“I ran cat on some file in /dev/.”
“Were you root?”
“Yeah.”
They chuckled and hit the restart button on the web server. Problem solved.
On that day, root lost its mystique for me.
It’s not exciting to break something that people depend on. It’s embarrassing.
For professional tech people, admin rights on servers are often as much a burden as a privilege.
If you have root and the system breaks, it’s possibly your fault and you probably have to fix it.
I’m not saying that all hierarchies of access are fair or great. We should ask questions about who has power on computer systems.
But sometimes… the access controls are guardrails. They can keep the users from breaking things.
I suppose we all probably have to learn that the hard way.
Around then, I also remember being in a programming class in high school. The teacher had installed some security software on the lab computers. You couldn’t modify most of the files on the system.
I showed my teacher that the security software was inadequate. It only protected against deleting files through the ordinary Macintosh Finder. I demonstrated that you could delete any arbitrary file, including the security system configuration, just by writing a few lines of code.
The teacher was way ahead of me. He laughed. He wasn’t alarmed.
He said, “Look, Eli, the security software isn’t really there for you. I just installed it to stop random kids from renaming the system files to have dirty names.”
I smiled.
And I see his point even better now than I did then.