Path: utzoo!attcan!uunet!samsung!sdd.hp.com!zaphod.mps.ohio-state.edu!julius.cs.uiuc.edu!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.unix.questions
Subject: Re: Who gets "root" at your site?
Message-ID: <1990Oct2.133626.7573@mp.cs.niu.edu>
Date: 2 Oct 90 13:36:26 GMT
References: <1990Oct2.042650.15413@agate.berkeley.edu>
Organization: Northern Illinois University
Lines: 33

In article <1990Oct2.042650.15413@agate.berkeley.edu> et@ocf.Berkeley.EDU (Eric Thompson) writes:
>#4:  What do they use this access for?
>
>#5:  Other info:  do you have separate administrative passwords, or
>     other pseudo-root logins, and how are they implemented, etc.

 I created a front end command which allows those in the operator group
to execute certain commands as if they were root, but without having to
login as root.

 I named the command 'RootMode', and it sits in /operator.  If executed
directly it complains and exits.  But if I make a hard link to it, also
in /operator, with say the name 'lpc', then anyone in the operator group
can execute /operator/lpc which just execs to the real /etc/lpc after first
becoming root.  This enables those who need root privileges for special
purposes to gain them without needing to login/su as root.  A syslog record
is written for each access using this facility.

  Currently available commands by this procedure include:

   lpc, lpr, lprm - to deal with printer problems.
   dump - to make backup tapes.
   shutdown - to bring the system down gracefully.
   updatenameserver - a shell script to do a 'make' in the name server
	database directory, and to force a reload of the nameserver.

(the above is not a complete list).

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115.                                  +1-815-753-6940