Reasons for restricting su privilege?
Karl Kleinpaste
karl at triceratops.cis.ohio-state.edu
Fri Oct 21 23:23:40 AEST 1988
eirik at tekcrl.TEK.COM (Eirik Fuller) writes:
) Personally, I advocate a menu-driven setuid-root program which allows
) for exactly the set of things which a not-normally-administrator
) person might possibly have to do in order to stay alive while a real
) admin is unavailable.
Yeah, sure, but what if this spiffy menu contraption allows its luser
to make new accounts? "Gee, maybe I'll make an account with uid 0,..."
I guess I can only say that account creation is not something that a
stopgap pseudoadmin would need or be allowed to do. The definition of
what a pseudoadmin needs to do would have to be decided by experience.
I don't agree with giving out the root password to more than a bare
minimal set.
--Karl
More information about the Comp.unix.wizards
mailing list