Security Practices question
Ryan Fox
rfox at amerisuk.com
Sun Sep 22 23:41:13 UTC 2002
On Sun, 2002-09-22 at 18:22, John M. Brown wrote:
>
> What is your learned opinion of having host accounts
> (unix machines) with UID/GID of 0:0
>
> jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh
The biggest argument I have against creating accounts with uid 0, is
that even as an admin, I appriciate not always having admin privs.
I know I'm not perfect. I like running most commands as a
non-privileged user, where a bad typo won't cause as much damage. :)
A way of getting around this, I suppose, would be to create 2 accounts
per admin user. A normal unprivileged account, and a superuser
account. This gets all of the accountability of having separate
superuser accounts, without some of the bad things. Depending on the
size of your network, and the tools you use, this may increase the user
management work considerably.
Just some thoughts off the top of my head.
Cheers,
Ryan
More information about the NANOG
mailing list