|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Security Practices question
On Sun, 2002-09-22 at 18:22, John M. Brown wrote: > > What is your learned opinion of having host accounts > (unix machines) with UID/GID of 0:0 > > jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh The biggest argument I have against creating accounts with uid 0, is that even as an admin, I appriciate not always having admin privs. I know I'm not perfect. I like running most commands as a non-privileged user, where a bad typo won't cause as much damage. :) A way of getting around this, I suppose, would be to create 2 accounts per admin user. A normal unprivileged account, and a superuser account. This gets all of the accountability of having separate superuser accounts, without some of the bad things. Depending on the size of your network, and the tools you use, this may increase the user management work considerably. Just some thoughts off the top of my head. Cheers, Ryan
|