Security Practices question

• Previous message (by thread): Security Practices question
• Next message (by thread): Security Practices question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 02, 2002 at 11:34:38AM -0700, darkuncle at darkuncle.net said:
[snip]
> > > This is a really /really/ REALLY bad idea. I had nightmare issues dealing
> > > with a network formerly run by a 'sysadmin' who thought every user that 
> > > might need to do something as root should have a uidzero account.
> > 
> > That's not the issue, however.
> > 
> > The assumption is that you have several people who really are fully
> > qualified admins on the system in question, who really do need full
> > privileged access.  The choice John describes is between giving these
> > trusted sysadmins the password for "root", or giving them (and them
> > alone) a UID 0 account as he describes (except that one would of course 
> > use shadow passwords etc.)
> 
> Wrong. The choice is between having a single password for the user with id 0,
> and having multiple passwords for that same account. This is an abysmally bad
> idea, and shame on anybody encouraging it. See 

(mail client sent message while I was editing it; full reply on its way.)
-- 
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
  GPG key CB33CCA7 has been revoked; I am now 5537F527
        illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20021002/dad0db19/attachment.sig>

• Previous message (by thread): Security Practices question
• Next message (by thread): Security Practices question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]