Path: utzoo!attcan!uunet!lll-winken!lll-tis!ames!pacbell!hoptoad!unisoft!greywolf
From: greywolf@unisoft.UUCP (The Grey Wolf)
Newsgroups: comp.unix.questions
Subject: Re: Workstations:  good reasons for owner root access
Message-ID: <1255@unisoft.UUCP>
Date: 22 Aug 88 18:29:42 GMT
References: <8338@smoke.ARPA> <2757@bgsuvax.UUCP> <183@ndc.UUCP> <25952@think.UUCP> <887@cbnews.ATT.COM>
Reply-To: greywolf@unisoft.UUCP (The Grey Wolf)
Organization: UniSoft Corporation (The Berkeley Port Authority), Emeryville, CA
Lines: 41

In article <887@cbnews.ATT.COM> lvc@cbnews.ATT.COM (Lawrence V. Cipriani) writes:
# In article <25952@think.UUCP> barmar@kulla.think.com.UUCP (Barry Margolin) writes:
# >Why not just make shutdown setuid root, and executable only by a group
# >of which you are the sole member?
# 
# /etc/shutdown is a script, but can be worked around.  One other thing that
# must be done is to stay out of single user mode.  If you go to single user
# from multi-user the user is made root.

/etc/shutdown is a script only on SOME system V machines.  On most machines I
work with, it is an executable file.  And, to boot, under Berkelix 4.x, it
kills all the processes before going single-user on the console.  That solves
both problems.
[NOTE:  This is NOT to propogate another SysV/BSD war; they both have their
points, good and bad.]

# 
# >These are the kinds of tools someone was referring to when he said
# >that in a well-designed system you should rarely need to use "su".
# >"su" should only be for unusual circumstances.  Users shutting down
# >their workstations is not unusual, so there should be a standard tool
# >for it.
# 
# Indeed.  Isn't it rediculuous that the most mudane operations (backup,
# recover, creating users, etc.) on a eunuchs computer require the most
# powerful permissions possible.  Sheesh.

geez, you mean I can't add users to my own system without becoming root?
Aw, darn.  I can chown things to other people so that they are the ones who
appear to be taking up all the space on the system (under SysV, but then
I guess SysV doesn't support quotas (if it did, accounting procedures would
be for naught under current implementations, but this is another story)).

# -- 
# Larry Cipriani, AT&T Network Systems, Columbus OH, (614) 860-4999

--
 "
Roan Anderson, Software Engineer, UniSoft Corporation, Emeryville, CA.
(415) 420-6400
My opinions are my own, but if you're real nice, I'll share...
[*] AT&T is a trademark of UNIX Inc. :-)