What should the password/security/userinfo/login system include?
John F. Haugh II
jfh at rpp386.cactus.org
Tue Dec 19 00:50:52 AEST 1989
In article <88 at gollum.twg.com> warner at twg.com (Warner Losh) writes:
>In article <10650 at attcan.UUCP> ram at attcan.UUCP (Richard Meesters) writes:
>>Personally I like the fact that even the superuser doesn't -know- my password.
>>True, he can change it to no password, or even any password he wants, but
>>unless he can decript the file, he couldn't possibly use *my* password. It
>>adds a feeling of security on the user's side.
>
>If I'm root, why can't I just say "su ram" and use your account like
>that? You would be none the wiser and I'd still get access to your
>account as you, without any body bothering to log that fact anywhere.
>Or am I, as usual, missing something terribly fundamental?
You won't be logged in as the user. System logs will show that 'root'
logged into that terminal and su'd to 'ram'. You would have to screw
with a half dozen log files, the process accounting files, and a few
things I've not thought of just yet. You would be able to make those
changes, since you are root, but are you sure you aren't going to
forget one record somewheres?
--
John F. Haugh II UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832 Domain: jfh at rpp386.cactus.org
More information about the Comp.unix.wizards
mailing list