Xref: utzoo comp.unix.aux:1433 comp.unix.ultrix:2268
Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!samsung!aplcen!haven!umd5!steveg
From: steveg@umd5.umd.edu (Steve Green)
Newsgroups: comp.unix.aux,comp.unix.ultrix
Subject: Re: System management and system file protection
Message-ID: <5719@umd5.umd.edu>
Date: 3 Dec 89 06:24:49 GMT
References: <1989Dec2.214424.5719@athena.mit.edu>
Reply-To: steveg@umd5.umd.edu (Steve Green)
Organization: University of Maryland, College Park
Lines: 15

In article <1989Dec2.214424.5719@athena.mit.edu> crowston@athena.mit.edu (Kevin Crowston) writes:
< all kinds of stuff deleted >
>
>What I've thought about doing is creating a group, like operator, and
>giving that group read/write permissions on files like /etc/passwd,
>/usr/lib/aliases, the root mail box, so that such a person can do all
>the various routine maintenance operations without being a super-user.
>
< all the rest deleted >
Anyone who has write permission on /etc/passwd might as well be given the root
password.  Also, anyone that is doing work on a machine should not be in a mode
where he/she can do any damage.  That is, let users be users and give out the
root password to any {trusted} users that will need it.
What kinds of stuff do you want to let people do that they cant already do and
yet, not give them root power??