Security Practices question

• Previous message (by thread): Security Practices question
• Next message (by thread): Really, really, really off topic, but (was Re: Security Practices question)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 22 Sep 2002, John M. Brown wrote:

> What is your learned opinion of having host accounts
> (unix machines) with UID/GID of 0:0 
> 
> otherwords
> 
> 
> jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh
> 
> 
> The argument is that way you don't hav to give out the root password,
> you can just nuke a users UID=0 equiv account when the leave and not
> have to change the real root account.

You'd need a tamper-proof host-based IDS monitoring every file to ensure the 
user doesn't install any trojans or backdoors. I assume you don't want to 
re-install the OS from trusted media every time you rmuser.

Using something like sudo would be a much better idea.

Bradley

• Previous message (by thread): Security Practices question
• Next message (by thread): Really, really, really off topic, but (was Re: Security Practices question)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]