|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Security Practices question
On September 22, 2002 07:41 pm, Ryan Fox wrote: > On Sun, 2002-09-22 at 18:22, John M. Brown wrote: > > What is your learned opinion of having host accounts > > (unix machines) with UID/GID of 0:0 > > > > jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh > > The biggest argument I have against creating accounts with uid 0, is > that even as an admin, I appriciate not always having admin privs. I suspect that the "_r" in the login means that there is a regular jmbrown in the system as well. I must admit that I do this too. I only do it for people I trust completely and only when there are two or, rarely, three people with root. That way if you see a change and you didn't do it you generally know who did. Also you get slightly better logging on some commands that log the user name rather than the UID. Of course, sudo is still better for all of this overall. -- D'Arcy J.M. Cain <[email protected]{druid|vex}.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
|