nanog mailing list archives
Re: Security Practices question
From: "D'Arcy J.M. Cain" <darcy () druid net>
Date: Mon, 23 Sep 2002 04:58:37 -0400
On September 22, 2002 07:41 pm, Ryan Fox wrote:
On Sun, 2002-09-22 at 18:22, John M. Brown wrote:What is your learned opinion of having host accounts (unix machines) with UID/GID of 0:0 jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/myshThe biggest argument I have against creating accounts with uid 0, is that even as an admin, I appriciate not always having admin privs.
I suspect that the "_r" in the login means that there is a regular jmbrown in the system as well. I must admit that I do this too. I only do it for people I trust completely and only when there are two or, rarely, three people with root. That way if you see a change and you didn't do it you generally know who did. Also you get slightly better logging on some commands that log the user name rather than the UID. Of course, sudo is still better for all of this overall. -- D'Arcy J.M. Cain <darcy@{druid|vex}.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
Current thread:
- Security Practices question John M. Brown (Sep 22)
- Re: Security Practices question Bradley Dunn (Sep 22)
- Really, really, really off topic, but (was Re: Security Practices question) Etaoin Shrdlu (Sep 22)
- Re: Really, really, really off topic, but (was Re: Security Practices question) John M. Brown (Sep 22)
- Re: Security Practices question Allan Liska (Sep 22)
- Re: Security Practices question Ryan Fox (Sep 22)
- Re: Security Practices question D'Arcy J.M. Cain (Sep 23)
- Re: Security Practices question E.B. Dreger (Sep 22)
- Re: Security Practices question Barb Dijker (Sep 23)
- Re: Security Practices question Scott Francis (Sep 23)