[52271] in North American Network Operators' Group
Re: Security Practices question
daemon@ATHENA.MIT.EDU (D'Arcy J.M. Cain)
Mon Sep 23 05:00:37 2002
From: "D'Arcy J.M. Cain" <darcy@druid.net>
To: Ryan Fox <rfox@amerisuk.com>
Date: Mon, 23 Sep 2002 04:58:37 -0400
In-Reply-To: <1032738074.24959.18.camel@linux>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On September 22, 2002 07:41 pm, Ryan Fox wrote:
> On Sun, 2002-09-22 at 18:22, John M. Brown wrote:
> > What is your learned opinion of having host accounts
> > (unix machines) with UID/GID of 0:0
> >
> > jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh
>
> The biggest argument I have against creating accounts with uid 0, is
> that even as an admin, I appriciate not always having admin privs.
I suspect that the "_r" in the login means that there is a regular jmbrown in
the system as well.
I must admit that I do this too. I only do it for people I trust completely
and only when there are two or, rarely, three people with root. That way if
you see a change and you didn't do it you generally know who did.
Also you get slightly better logging on some commands that log the user name
rather than the UID.
Of course, sudo is still better for all of this overall.
--
D'Arcy J.M. Cain <darcy@{druid|vex}.net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
