Security Practices question

• Previous message (by thread): Security Practices question
• Next message (by thread): Security Practices question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2002-09-22 at 18:22, John M. Brown wrote:
> 
> What is your learned opinion of having host accounts
> (unix machines) with UID/GID of 0:0 
> 
> jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh

The biggest argument I have against creating accounts with uid 0, is
that even as an admin, I appriciate not always having admin privs. 
I know I'm not perfect.  I like running most commands as a
non-privileged user, where a bad typo won't cause as much damage. :)

A way of getting around this, I suppose, would be to create 2 accounts
per admin user.  A normal unprivileged account, and a superuser
account.  This gets all of the accountability of having separate
superuser accounts, without some of the bad things.   Depending on the
size of your network, and the tools you use, this may increase the user
management work considerably.

Just some thoughts off the top of my head.  
Cheers,
Ryan

• Previous message (by thread): Security Practices question
• Next message (by thread): Security Practices question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]