Multiple Root ID's considered evil?

[Dick Dunn]

In article <114 at tons61.UUCP>, harrys at tons61.UUCP (Harry Skelton) writes:
> We have a problem of multible logins as root (actually su's since our login
> program prohibits direct root access) and I was thinking of adding something
> like the "session" program to the shell and have it save the session to
> the console hardcopy printer - regarless!...

Be careful with approaches like this!  All too often, when you need to su,
it's because something has gotten thoroughly hosed up.  You have at least
one machine I/O-wedged, or CPU-wedged (or both, if it's one of *those*
days); you can't tell what's causing the problem, it gets worse by the
minute; you've GOT to get a few commands through to avoid bringing every-
thing to its knees.  In cases like this, you DON'T want a lot of baggage
hanging off everything you do as root.  You want to depend on the fact that
if only simple things are working, you can do simple things and get out of
the mess.  If you have to piece a system back together, you don't want some
magic which has to work before you can do it.  In short, you don't need
stuff going on behind your back...

>...I don't think the user will be
> able to get rid of the hard copy without notice, change tty's in midwork,
> nor get by the idea that a deamon opens a file for audit then unlink()'s...
[various additional precautionary games]

If you've got this sort of problem with people who have a root password, I
don't think you can solve it by administrative procedures.  If you need
this much distrust of people with root, your organization is broken.  That
is, you've got people problems.  In a UNIX environment with hostile users,
you don't give the hostile users a root password, period.
-- 
+---------+     Dick Dunn    rcd at ico.isc.com    ico!rcd      (303)449-2870
| In this |        4th annual MadHatterDay [10/6/89]:
|  style  |        A Kinder, Gentler Fool's Day
|__10/6___|