nanog mailing list archives

Re: Security Practices question

From: Bradley Dunn <bradley () dunn org>
Date: Sun, 22 Sep 2002 15:38:57 -0700 (PDT)


On Sun, 22 Sep 2002, John M. Brown wrote:

What is your learned opinion of having host accounts
(unix machines) with UID/GID of 0:0 

otherwords


jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh


The argument is that way you don't hav to give out the root password,
you can just nuke a users UID=0 equiv account when the leave and not
have to change the real root account.


You'd need a tamper-proof host-based IDS monitoring every file to ensure the 
user doesn't install any trojans or backdoors. I assume you don't want to 
re-install the OS from trusted media every time you rmuser.

Using something like sudo would be a much better idea.

Bradley

Current thread:

Security Practices question John M. Brown (Sep 22)
- Re: Security Practices question Bradley Dunn (Sep 22)
- Really, really, really off topic, but (was Re: Security Practices question) Etaoin Shrdlu (Sep 22)
  - Re: Really, really, really off topic, but (was Re: Security Practices question) John M. Brown (Sep 22)
- Re: Security Practices question Allan Liska (Sep 22)
- Re: Security Practices question Ryan Fox (Sep 22)
  - Re: Security Practices question D'Arcy J.M. Cain (Sep 23)
- Re: Security Practices question E.B. Dreger (Sep 22)
- Re: Security Practices question Barb Dijker (Sep 23)
- Re: Security Practices question Scott Francis (Sep 23)