Multiple Root ID's considered evil?
Conor P. Cahill
cpcahil at virtech.UUCP
Fri Sep 15 23:51:45 AEST 1989
In article <4157 at buengc.BU.EDU>, bph at buengc.BU.EDU (Blair P. Houghton) writes:
> In article <1738 at convex.UUCP> tchrist at convex.COM (Tom Christiansen) writes:
> >Certainly. I perhaps misrepresented my reason. The real reason was
> >to grant or remove superuser priv's to specific users without having
> >to constantly muck with the One True Root Password. I personally
> >don't do it that way at my site, preferring people to log in as
> >themselves and su.
>
> What's the diff?
One big difference is that you do not have to pass out the single root
password to every user that needs root privileges. This makes it
simpler to maintain and/or control access to root privileges without
having to walk around the building giving everybody the password.
I have worked for clients that use this same functionality with a slight
bend. They have a setuid root program that has a list of users and
individual passwords (well protected, of course) that allow those users
to assume root privileges without having to pass out the root password.
These solutions are not used to distinguish the root account from other
0-id accounts, but just a managment tool for limiting the distribution
of a single password.
--
+-----------------------------------------------------------------------+
| Conor P. Cahill uunet!virtech!cpcahil 703-430-9247 !
| Virtual Technologies Inc., P. O. Box 876, Sterling, VA 22170 |
+-----------------------------------------------------------------------+
More information about the Comp.unix.wizards
mailing list