Really, really, really off topic, but (was Re: Security Practices question)

• Previous message (by thread): Security Practices question
• Next message (by thread): Really, really, really off topic, but (was Re: Security Practices question)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"John M. Brown" wrote:
> 
> I have question for the security community on NANOG.

I confess that I think of NANOG as not being a security community, rather
it is a group of north american network operators. That said, you can find
all sorts of info for the somewhat naive question below by a slightly
judicious use of our friend, Google. That said, and since I'm avoiding work
that I SHOULD be doing, I will answer your Important question.

> What is your learned opinion of having host accounts
> (unix machines) with UID/GID of 0:0

This shows a certain naiveté, and suggests that you have not heard of truly
useful tools such as sudo. If it's UNIX, sudo builds. Why is this a bad
thing? The first number in your password entry implies USER. Not users.
There is simply no way to tell which of many multiples of people might have
made a change in your system, since the UID is the same for all.

> otherwords
> 
> jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh

I also truly hope that this was just a quick copy by you, and that you are
not truly discussing a system here that allows the password file to
actually contain the password. Please tell me that your password file is at
least shadowed, and that was just a typo.

> The argument is that way you don't hav to give out the root password,
> you can just nuke a users UID=0 equiv account when the leave and not
> have to change the real root account.

I will also supply you with a bit of advice, one that I see even using SSH
over the network to my own machines:

"Don't login as root, use su"

> Now, don't flame me over the question, but provide valid pro's or con's
> for this practice from your experience.

There are no positive aspects to this practice. I suggest that you get the
wonderful red book (now colored purple, last I recall) by Evi Nemeth et al,
and study it thoroughly.

I now return you to the discussion on (wireless and other) security, how
much is too much, and so on.

--
...some sort of steganographic chaffing and winnowing scheme
already exists in practice right here: I frequently find myself
having to sort through large numbers of idiotic posts to find
the good ones.   -- Rufus Faloofus

• Previous message (by thread): Security Practices question
• Next message (by thread): Really, really, really off topic, but (was Re: Security Practices question)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]