Re: root group in solaris



listbounce@xxxxxxxxxxxxxxxxx wrote on 18/09/2006 23:42:24:

[setting UID of non-root users to 0 to let them run root commands]
Is that a smart idea?

People do it sometimes, but it is not a common practice. Personally, I
would go for sudo.

I see it as being equivalent to sticking a screwdriver in an unshielded
mains socket. Occasionally there's a sensible reason to do it but it's
not usually a good idea and you want to be careful when you do. I'd used
RBAC or sudo.

The only time I recall setting the UID of a user to 0 was when we'd had a
run of problems with a particular group of contractors changing the root
password on a box (due to the nature of the work they were doing on it
they had to have root access and the project manager insisted they be
given the root password rather than just use another user and sudo) and
not telling us the password (when we asked for the new password their
immediate response was along the lines of "Just tell us what you want done
and we'll do it." [for an hourly rate of...]). One time when we had root
access I created a user with UID 0 so when they changed the password we
could log in as a user who could change root's password back to what it
should be. A political problem, root [sic] cause dumb project manager,
rather than a technical one.

Stephen


***********************************************************************
The information contained in this e-mail (and any attachment) is confidential and may be privileged. It is intended only for the named recipient or entity to whom it is addressed. If you are not the intended recipient, please notify the sender and delete the e-mail immediately. The contents of this e-mail must not be disclosed, printed or copied without the sender's consent.

Any e-mail including its content may be monitored and used by Service Birmingham Ltd for reasons of security and for monitoring internal compliance with Security Policy.

Although Service Birmingham Ltd have made every reasonable effort to ensure that this message or any attachment is virus free or has not been intercepted and amended this cannot be guaranteed.
***********************************************************************



Relevant Pages