Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!nosc!ucsd!rutgers!mcnc!duke!romeo!ndd
From: ndd@romeo.cs.duke.edu (Ned D. Danieley)
Newsgroups: comp.unix.wizards
Subject: Re: Booting SunOS 4.0 singlu user (was Re: NFS security)
Keywords: NFS, mknod
Message-ID: <12404@duke.cs.duke.edu>
Date: 9 Sep 88 13:38:27 GMT
References: <126@leibniz.UUCP> <670028@hpclscu.HP.COM> <1394@basser.oz> <1202@luth.luth.se> <66897@sun.uucp> <14186@comp.vuw.ac.nz> <3168@emory.uucp> <12397@duke.cs.duke.edu> <9182@elroy.Jpl.Nasa.Gov>
Sender: news@duke.cs.duke.edu
Reply-To: ndd@romeo.UUCP (Ned D. Danieley)
Organization: Duke University CS Dept.; Durham, NC
Lines: 39

In article <9182@elroy.Jpl.Nasa.Gov> stevo@jane.jpl.nasa.gov (Steve Groom) writes:
>In article <12397@duke.cs.duke.edu> ndd@romeo.UUCP (Ned D. Danieley) writes:

(my complaint about the 'secure' feature not being elegant)

>
>But it only denies them the ability to *log in* as root.  It doesn't
>stop you from using su to become root, which I view as preferable to
>logging in as root anyway....
...
>The reason is simple.  Su leaves a better trail around, telling you who
>that really was....
...
>Sounds pretty elegant to me.
>
>-steve
>/* Steve Groom, Jet Propulsion Laboratory, Pasadena, CA 91109
> * Internet: stevo@elroy.jpl.nasa.gov   UUCP: {ames,cit-vax}!elroy!stevo
> * Disclaimer: (thick German accent) "I know noothingg! Noothingg!"
> */

I knew when I sent out the original article I should have mentioned
su. Of course, you can still su to root, but >I< don't want to have
to log in as me and then su to root every time I need to, say, do a
quick shutdown. Especially when it's trivial to add a passwd check to
init; this avoids bastardizing the meaning of 'secure'. 

Of course, you can turn this argument around on me, and say that
you don't want to have to type in the root passwd every time you boot
single-user, but I log in as root much more often than I boot single
user. Put a passwd check in init, and those who want to allow root
logins can do so without giving people root access on single user
boots; seems like a much more elegant solution to me.


Ned Danieley (ndd@sunbar.mc.duke.edu)
Basic Arrhythmia Laboratory
Box 3140, Duke University Medical Center
Durham, NC  27710
(919) 684-6807 or 684-6942