Getting rid of the root account (Was: GNU OS)
MFHorn
arosen at hawk.ulowell.edu
Thu Jun 8 04:46:06 AEST 1989
>From article <1177 at shell.shell.com>, by dinah at shell.UUCP (Dinah Anderson):
> In article <3, I think> jfh at rpp386.cactus.org (John F. Haugh II) writes:
>> I think [a previous poster] meant getting rid of UID == 0 being a
>> privileged user.
That may have been me, or I'm one of those that agree.
> the real issue
> is the users running the programs, not the programs themselves. We need
> to know who is running what programs (for accountability in extreme
> sensitive cases.)
Exactly. One of the most important parts of my privileges design is the
ability to log the use of any/all privileges. The message would include
the privilege used, who used it, and the object(s) acted upon (file,
process, etc.). [And unlike VMS, you won't be able to turn accounting
off without tripping an alarm.]
By having multiple privileges, you can more easily monitor who is doing
what. It's also [almost] trivial to detect a breakin; you know who did
something, what they did, and when and how they did it.
Another thing that makes my privilege scheme better than VMS' (IMHO) is it's
simple, and documented. I have not met a VMS guru who can say exactly what
a user can do with a particular privilege, or (especially) a combination of
privileges. Also, no one can say what privileges are needed to perform a
particular task.
--
Andy Rosen | arosen at hawk.ulowell.edu | "I got this guitar and I
ULowell, Box #3031 | ulowell!arosen | learned how to make it
Lowell, Ma 01854 | | talk" -Thunder Road
RD in '88 - The way it should've been
More information about the Comp.unix.wizards
mailing list