Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!dinosaur.cis.ohio-state.edu!karl
From: karl@dinosaur.cis.ohio-state.edu (Karl Kleinpaste)
Newsgroups: comp.unix.wizards
Subject: Re: Reasons for restricting su privilege?
Message-ID: <25003@tut.cis.ohio-state.edu>
Date: 19 Oct 88 01:49:02 GMT
References: <6606@pyr.gatech.EDU>
Sender: news@tut.cis.ohio-state.edu
Lines: 14
In-reply-to: david@pyr.gatech.edu's message of 18 Oct 88 21:11:14 GMT

Personally, I advocate a menu-driven setuid-root program which allows
for exactly the set of things which a not-normally-administrator
person might possibly have to do in order to stay alive while a real
admin is unavailable.  Restrict it heavily and never give an editor
escape for any reason.

The `old' reasons for not allowing general superuser access are
legion, but a couple of the better ones from a practical point of view
revolve around keeping track of who knows The Password (which is to
say, Whom can you readily accuse of malfeasance/stupidity?, and What
if someone tells It to someone else who shouldn't know?) and the
problem that "a little knowledge is a dangerous thing."

--Karl