Workstations: good reasons for owner root access

[William C. DenBesten]

>From article <8338 at smoke.ARPA>, by gwyn at smoke.ARPA (Doug Gwyn ):
> In article <125 at leibniz.UUCP> tpc at leibniz.UUCP (Tom Chmara) writes:
>>   Are there any cogent arguments for or (gulp) against root access?
> 
> The most serious problem is that, in many networking implementations,
> super-user access on one system is tantamount to super-user access on
> all machines in the entire (local) network.

Networks that have this problem are not properly set up.  BGSU's
network has 3 computers that are 'trusted hosts' to one another.
Other machines are not in the trusted host list.  This means that the
machine that we allow entire classes (as in 30 students) to have su
access to does not compromise the security of the rest of the
computers.  When you ftp, rlogin, etc from that machine, or any other
machine on the network, it requires that you type the root password on
the destination machine.

> The UNIX "super-user" UID should really be used only by privileged
> utilities, not by people.  There should be NO NEED, in a properly
> configured system, for a person to type "su" in order to perform
> system-administrative actions.

Yea, right.  See my .signature.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
William C. DenBesten          |       denbeste at bgsu.edu                  
Dept of Computer Science      | CSNET denbeste%andy.bgsu.edu at relay.cs.net
Bowling Green State University| UUCP  ...!cbosgd!osu-cis!bgsuvax!denbeste
Bowling Green, OH 43403-0214  |
------------------------------+----------------------------------------------
There is no difference between theory and practice in theory, but there is
often a great deal of difference between theory and practice in practice.