Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!sun-barr!texsun!texbell!uhnix1!nuchat!shell!dinah
From: dinah@shell.UUCP (Dinah Anderson)
Newsgroups: comp.unix.wizards
Subject: Re:Getting rid of the root account (Was: GNU OS)
Message-ID: <1177@shell.shell.com>
Date: 6 Jun 89 16:28:51 GMT
Sender: usenet@shell.com
Reply-To: dinah@shell.UUCP (Dinah Anderson)
Organization: Shell Oil Company, Houston TX
Lines: 18

In article <3, I think> jfh@rpp386.cactus.org (John F. Haugh II) writes:
> I think [a previous poster] meant getting rid of UID == 0 being a
> privileged user.  Again, this an Orange Book requirement.  It also
> makes much sense.  Programs should have privilege, not users.  The
> ability to access a program can then be limited to a collection of
> users or groups.

But what you are really saying is that a certain group of users would
have the privilege to access a program which provides a certain privilege
or access.

I agree with the basics of what you are saying, but the real issue
is the users running the programs, not the programs themselves. We need
to know who is running what programs (for accountability in extreme
sensitive cases.)  
Dinah Anderson 
Shell Oil Company, Information Center (713) 795-3287
..!{sun,psuvax,bcm,rice}!shell!dinah