On Wed, Mar 21, 2001, Alex Shnitman wrote about "Re: duplicating root?":
> > But the more traditional way to solve your problem is to give each person
> > his own personal account, and when that person needs root-like privileges
> > he or she does "su".
>
> But then there's only one root password. I think the idea behind many
> UID 0 users is that you can give them different passwords, and then if
> you need to revoke root access from that person, you delete the
> account, and you don't need to bother everyone else with a new root
> password.
But if he can't log into root directly, and you revoke his normal account,
how will he be able to log in before doing that "su"?
But you're right that it doesn't inspire much security if a renegade superuser
walks around with the superuser password, waiting for a chance to use it ;)
He could get an accomplice in the form of one of the "normal" users, and
together they can rule...
--
Nadav Har'El | Wednesday, Mar 21 2001, 27 Adar 5761
[EMAIL PROTECTED] |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |I planted some bird seed. A bird came
http://nadav.harel.org.il |up. Now I don't know what to feed it...
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
