Path: utzoo!attcan!uunet!lll-winken!lll-tis!ames!ll-xn!mit-eddie!uw-beaver!tektronix!percival!qiclab!sopwith!snoopy
From: snoopy@sopwith.UUCP (Snoopy T. Beagle)
Newsgroups: comp.unix.wizards
Subject: Re: Reasons for restricting su privilege?
Message-ID: <45@sopwith.UUCP>
Date: 1 Nov 88 04:06:07 GMT
References: <6606@pyr.gatech.EDU> <25003@tut.cis.ohio-state.edu> <3185@tekcrl.CRL.TEK.COM>
Reply-To: snoopy@sopwith.UUCP (Snoopy T. Beagle)
Organization: The Daisy Hill Puppy Farm
Lines: 30

In article <3185@tekcrl.CRL.TEK.COM> eirik@tekcrl.TEK.COM (Eirik Fuller) writes:

|I'm thinking in particular of UTek's sysadmin as one example of a
|menustrosity that one could grant access to for fake superusers.  It
|may not be what you had in mind, but my general point, if there is one,
|is that your menu thing is likely to be either too limited to be useful
|or general enough that someone who knows Unix will have himself a root
|shell before lunch.

Before lunch?  Try "in a matter of seconds".  UTek's sysadmin was not
designed to allow doing selected root-ish things without allowing a root
shell, it was meant to hold the hand of a non-wizard root who needs to
install a new software package or whatever.

|Enough already.  It really is easier to give out the root password;
|on "modern" systems it can be disabled for a user by removing him
|from group 0.

For the non-wizard types, something like sysadmin can be helpful.  For
most of the readers of this newsgroup, it is slow, and gets in your way.
(in fact, I've been wanting to free up some disk space, hmmmm...)
If you want to limit what they can do, you'll need to look elsewhere.

Disclaimer: I *used* to work for Tektronix, in the UTek group.
	    For all I know they could be hard at work changing
	    the charter of what sysadmin does.
    _____     
   /_____\    Snoopy
  /_______\   
    |___|     tektronix!tekecs!sopwith!snoopy
    |___|     sun!nosun!illian!sopwith!snoopy