Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!uflorida!haven!adm!news
From: news@adm.BRL.MIL (The News System <news>)
Newsgroups: comp.unix.questions
Subject: (none)
Message-ID: <24675@adm.BRL.MIL>
Date: 3 Oct 90 00:43:15 GMT
Lines: 24

We are running Ultrix 4.0 on an 11/750 in the ENHANCED security mode. A feature
of ENHANCED security is that only one account can have UID 0 (i.e. have
superuser capability.)  This is problematic if you use the operator account
with the opser utility for system backups.

Even though there may be several users in /etc/passwd with UID 0, there is only
1 record kept in /etc/auth.pag.  Although there may be more than one username
with UID 0, THEY ALL SHARE THE SAME AUTHORIZATION RECORD!  So if root and
operator both have UID 0, they both affect the same authorization record when
they set their password!

My question is, have I missed something?  With things set up this way, the
operator account and opser utility are useless for protecting against
unrestricted superuser access since the account has to have the same password
as root, and opser cannot run unless it is invoked by UID 0.  Is there anyway
to have a privileged script attached to an account with a different password
than that of root?



-Chris Timmons
 Systems Programmer
 Central Washington University
 TIMMONSC@CWU.BITNET