Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!lll-tis!ames!nrl-cmf!cmcl2!brl-adm!brl-smoke!gwyn
From: gwyn@brl-smoke.ARPA (Doug Gwyn )
Newsgroups: comp.unix.wizards
Subject: Re: Why does "root" worn everything?
Message-ID: <7464@brl-smoke.ARPA>
Date: 19 Mar 88 02:31:29 GMT
References: <5209@uwmcsd1.UUCP> <9269@sunybcs.UUCP> <7454@brl-smoke.ARPA> <9926@steinmetz.steinmetz.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Distribution: na
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 13

In article <9926@steinmetz.steinmetz.UUCP> davidsen@crdos1.UUCP (bill davidsen) writes:
-In article <7454@brl-smoke.ARPA> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
-| software that requires privilege (e.g., "passwd").  Operating as
-| "root" to do routine administrative actions is a stupid policy.
-  I hope you say that somewhat casually. I consider backups to be a
-routine administrative action, and don't have the luxury of being able
-to do the daily in single user mode. If not root, then how would you do it?

The way it's done at BRL is that there is an "operator account" (UID
non-zero), and a set-UID 0 interface executable only by the operator
UID that can invoke a limited number of privileged functions,
including backup/restore.

That is the proper way to invoke privileged functions on UNIX.