Path: utzoo!attcan!telly!lethe!torsqnt!jarvis.csri.toronto.edu!rutgers!gatech!mcnc!decvax!ima!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: comp.unix.wizards Subject: Re: Multiple Root ID's considered evil? Message-ID: <15@minya.UUCP> Date: 22 Sep 89 02:45:06 GMT References: <1723@convex.UUCP> <1989Sep13.082607.981@twwells.com> Organization: home Lines: 46 In article <1989Sep13.082607.981@twwells.com>, bill@twwells.com (T. William Wells) writes: > In article <1723@convex.UUCP> tchrist@convex.com (Tom Christiansen) writes: > : Some site are known to have multiple uid 0 accounts so not > : everyone needs to know the root password. I seem to recall > : that this is considered a poor idea for security reasons. > : Could someone please explain why? > > If done for the reason you suggest, that is an _awful_ idea! Root is > root. Anyone who gets uid 0 is god. Not necessarily. On several systems, I've installed special packages for admin purposes that have to be super-users (have you ever tried to do a backup in a non-root id?); the account had its own "shell" for the use of novices, that held their hands and led them through some menus that let them do only a few things. It's pretty easy to make this quite secure, as long as you don't let them do things like run a shell or vi or such. (Actually, I always include a shell escape; I just don't mention it in the documentation. Anyone who posts to this group would probably guess the syntax the first time; the operators never guess it. ;-) Another reason that I like to make new super-users is that I find it much easier (and safer) to work in a familiar environment. If I make myself a super-user account with my home directory and the same shell, then I don't get surprised by commands doing different things when I'm su than when I'm myself. Well, not quite; I won't say what I'd like to do to the geniuses who decide that commands like ls should behave differently for user 0 than for all other users. Let's just say that it has on occasion had some very unpleasant consequences, which wouldn't have happened if it had ignored the .* files like it's supposed to. It's especially annoying to think that the little monster wastes cpu cycles every time it's called, just so it can do this to me.... Recently I had a bit of fun at a place where I was doing some consulting. I had the usual user account, and after a couple of weeks, I was asked if I needed the root password for some things they'd asked me to do. I said no; I'd already made myself a super-user account, and I preferred to use it, since its environment was set up like I liked it. They were duly impressed.... [I'm just a boy named 'su' ;-] -- #echo 'Opinions Copyright 1989 by John Chambers; for licensing information contact:' echo ' John Chambers <{adelie,ima,mit-eddie}!minya!{jc,root}> (617/484-6393)' echo '' saying