Booting SunOS 4.0 singlu user (was Re: NFS security)
Ned D. Danieley
ndd at romeo.cs.duke.edu
Fri Sep 9 23:38:27 AEST 1988
In article <9182 at elroy.Jpl.Nasa.Gov> stevo at jane.jpl.nasa.gov (Steve Groom) writes:
>In article <12397 at duke.cs.duke.edu> ndd at romeo.UUCP (Ned D. Danieley) writes:
(my complaint about the 'secure' feature not being elegant)
>
>But it only denies them the ability to *log in* as root. It doesn't
>stop you from using su to become root, which I view as preferable to
>logging in as root anyway....
...
>The reason is simple. Su leaves a better trail around, telling you who
>that really was....
...
>Sounds pretty elegant to me.
>
>-steve
>/* Steve Groom, Jet Propulsion Laboratory, Pasadena, CA 91109
> * Internet: stevo at elroy.jpl.nasa.gov UUCP: {ames,cit-vax}!elroy!stevo
> * Disclaimer: (thick German accent) "I know noothingg! Noothingg!"
> */
I knew when I sent out the original article I should have mentioned
su. Of course, you can still su to root, but >I< don't want to have
to log in as me and then su to root every time I need to, say, do a
quick shutdown. Especially when it's trivial to add a passwd check to
init; this avoids bastardizing the meaning of 'secure'.
Of course, you can turn this argument around on me, and say that
you don't want to have to type in the root passwd every time you boot
single-user, but I log in as root much more often than I boot single
user. Put a passwd check in init, and those who want to allow root
logins can do so without giving people root access on single user
boots; seems like a much more elegant solution to me.
Ned Danieley (ndd at sunbar.mc.duke.edu)
Basic Arrhythmia Laboratory
Box 3140, Duke University Medical Center
Durham, NC 27710
(919) 684-6807 or 684-6942
More information about the Comp.unix.wizards
mailing list