Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!asuvax!ncar!csn!cherokee!newsat!jbw From: jbw@maverick.uswest.com (Joe Wells) Newsgroups: comp.admin.policy Subject: Re: SUSPEND SYSOPS, NOT STUDENTS Message-ID: Date: 21 Jun 91 03:21:01 GMT References: <20740@slice.ooc.uva.nl> <20790@slice.ooc.uva.nl> <1991Jun17.110742.25947@bellcore.bellcore.com> Sender: news@cherokee.uswest.com (Telegraph Row) Organization: /home/zeb1/jbw/.organization Lines: 46 In-Reply-To: fwp1@CC.MsState.Edu's message of 18 Jun 91 00: 42:13 GMT Nntp-Posting-Host: maverick.uswest.com In article fwp1@CC.MsState.Edu (Frank Peters) writes: : On 17 Jun 91 18:13:20 GMT, ckd@eff.org (Christopher Davis) said: > He runs COPS on the system (say, without the PW guesser, because that > takes too damned long). He finds that /var/spool is world-writable. He > reports this to the sysadmins, who fix it (hopefully ;-). I'd suggest that Mr. Foo ask his system administrator to run cops. Or, if the administrator refuses/claims not to have time, he should ask permission to run cops before he does it. Often, if the user asks he/she will find that the administrator already runs cops periodically. I do but I doubt many of my users know that. COPS was being run on the system in question. Its output was routinely ignored. I know because I received the report every day in the mail and it didn't get any shorter, until I decided to do much more work than I was being payed for and one by one closed the reported holes or verified that they were harmless. If both efforts fail then he should take the issue of security up with the administrator's superior. If all of these efforts fail then your post might have relevance. Two possibilities here: 1) Mr. Foo goes to the sysadmin's superior without a COPS report in hand. The sysadmin's superior laughs at Mr. Foo because he/she has full confidence that the sysadmin has taken security well in hand. 2) Mr. Foo goes to the sysadmin's superior and demonstrates that there are serious security problems by displaying the COPS report. Mr. Foo is then immediately kicked off the system as a "security threat". Unfortunately, your suggestion doesn't work. In my experience, most administrators don't mind security conscious users. What they generally do mind is finding users who are 'evaluating' the system's security without prior consultation. You mean they mind users embarrasing them by showing that they aren't doing their job? -- Joe Wells