nanog mailing list archives

Re: Security Practices question

From: Ryan Fox <rfox () amerisuk com>
Date: 22 Sep 2002 19:41:13 -0400


On Sun, 2002-09-22 at 18:22, John M. Brown wrote:


What is your learned opinion of having host accounts
(unix machines) with UID/GID of 0:0 

jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh


The biggest argument I have against creating accounts with uid 0, is
that even as an admin, I appriciate not always having admin privs. 
I know I'm not perfect.  I like running most commands as a
non-privileged user, where a bad typo won't cause as much damage. :)

A way of getting around this, I suppose, would be to create 2 accounts
per admin user.  A normal unprivileged account, and a superuser
account.  This gets all of the accountability of having separate
superuser accounts, without some of the bad things.   Depending on the
size of your network, and the tools you use, this may increase the user
management work considerably.

Just some thoughts off the top of my head.  
Cheers,
Ryan

Current thread:

Security Practices question John M. Brown (Sep 22)
- Re: Security Practices question Bradley Dunn (Sep 22)
- Really, really, really off topic, but (was Re: Security Practices question) Etaoin Shrdlu (Sep 22)
  - Re: Really, really, really off topic, but (was Re: Security Practices question) John M. Brown (Sep 22)
- Re: Security Practices question Allan Liska (Sep 22)
- Re: Security Practices question Ryan Fox (Sep 22)
  - Re: Security Practices question D'Arcy J.M. Cain (Sep 23)
- Re: Security Practices question E.B. Dreger (Sep 22)
- Re: Security Practices question Barb Dijker (Sep 23)
- Re: Security Practices question Scott Francis (Sep 23)