[52458] in North American Network Operators' Group
Re: Security Practices question
daemon@ATHENA.MIT.EDU (Scott Francis)
Wed Oct 2 14:49:05 2002
Date: Wed, 2 Oct 2002 11:46:53 -0700
From: Scott Francis <darkuncle@darkuncle.net>
To: nanog@merit.edu
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
nanog@merit.edu
In-Reply-To: <20021002183438.GE48702@darkuncle.net>
Errors-To: owner-nanog-outgoing@merit.edu
--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Oct 02, 2002 at 11:34:38AM -0700, darkuncle@darkuncle.net said:
[snip]
> > > This is a really /really/ REALLY bad idea. I had nightmare issues dea=
ling
> > > with a network formerly run by a 'sysadmin' who thought every user th=
at=20
> > > might need to do something as root should have a uidzero account.
> >=20
> > That's not the issue, however.
> >=20
> > The assumption is that you have several people who really are fully
> > qualified admins on the system in question, who really do need full
> > privileged access. The choice John describes is between giving these
> > trusted sysadmins the password for "root", or giving them (and them
> > alone) a UID 0 account as he describes (except that one would of course=
=20
> > use shadow passwords etc.)
>=20
> Wrong. The choice is between having a single password for the user with i=
d 0,
> and having multiple passwords for that same account. This is an abysmally=
bad
> idea, and shame on anybody encouraging it. See=20
(mail client sent message while I was editing it; full reply on its way.)
--=20
-=3D Scott Francis || darkuncle (at) darkuncle (dot) net =3D-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE9mz8dWaB7jFU39ScRAiScAJ9+k9Qg0NJFNVCBus6XFC2A9NbMMgCfZngS
W/9Q6MTaKpc0b3lL7kL7qz8=
=pVmM
-----END PGP SIGNATURE-----
--cWoXeonUoKmBZSoM--
