Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!tut.cis.ohio-state.edu!cica!iuvax!purdue!ames!ucsd!ucsdhub!hp-sdd!hplabs!hpda!hpcuhb!hp-ses!hpcc01!walasek From: walasek@hpcc01.HP.COM (Arthur Walasek) Newsgroups: comp.sys.hp Subject: Re: How can I give users root-like privs. w/o the passwd ? Message-ID: <10880001@hpcc01.HP.COM> Date: 26 Dec 89 23:29:30 GMT References: <2643@umbc3.UMBC.EDU> Organization: HP Corporate Computing Center Lines: 13 One thing on setting root access on some files is that you have to be very careful that these programs don't access common user writable files and that they don't contain any shell escapes. We had a large problem with a special mailer that would put you in vi to edit the file you wanted to send, then the person would shell-escape from vi and --- hey wow, I'm root. The sad part about it was that the most trouble was done by a novice user who didn't know what he/she was doing and did something like rm -r /usr0//.* (which also rm -r'd ..).... Just a warning... Arthur.