North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Security Practices question
On Sun, 22 Sep 2002, John M. Brown wrote: > What is your learned opinion of having host accounts > (unix machines) with UID/GID of 0:0 > > otherwords > > > jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh > > > The argument is that way you don't hav to give out the root password, > you can just nuke a users UID=0 equiv account when the leave and not > have to change the real root account. You'd need a tamper-proof host-based IDS monitoring every file to ensure the user doesn't install any trojans or backdoors. I assume you don't want to re-install the OS from trusted media every time you rmuser. Using something like sudo would be a much better idea. Bradley
|