Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!uakari.primate.wisc.edu!aplcen!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn)
Newsgroups: comp.unix.wizards
Subject: Re: Multiple Root ID's considered evil?
Message-ID: <11038@smoke.BRL.MIL>
Date: 12 Sep 89 10:42:25 GMT
References: <1723@convex.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 13

In article <1723@convex.UUCP> tchrist@convex.com (Tom Christiansen) writes:
>Some site are known to have multiple uid 0 accounts so not 
>everyone needs to know the root password.  I seem to recall
>that this is considered a poor idea for security reasons.
>Could someone please explain why?

The main thing is that it doesn't make sense.  It is UID 0 that has
privileges, not username "root".

In any case, nobody should be logging in as "root".  You should set
up your system so that system administration can be done by some
nonprivileged UID.  UID 0 should only be assumed by carefully-checked
utilities that apply access controls.