Security Practices question
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Oct 3 16:27:30 UTC 2002
On Wed, 02 Oct 2002 17:48:16 PDT, just me said:
> In an situation where the team needs root; all per-admin UID 0
> accounts add is accountability and personalized shells/environments.
Accountability is always good, but you can do even better with sudo (Sorry,
I couldn't resist).
As far as personalized shells/environments go, I've found that this helps
a lot:
export ENV=~/.kshrc (for ksh-based systems)
export BASH_ENV=~/.bashrc (for bash-based boxes)
su -m (or whatever "save the environment" parameter your su has)
and voila, you have your preferred environment.
Bottom line - per-admin UID 0 doesn't give you anything you couldn't get
via other means.
(And please, no flames about using su rather than sudo, or the wisdom of
using su and preserving the environment - I've already done the analysis
and decided it's correct *for the machines in question*.)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20021003/3b9c973d/attachment.sig>
More information about the NANOG
mailing list