jay@hqda-ai.ARPA (Jay Heiser) (11/09/88)
Traditionally, our hardware vendor & maintenance supplier has always had the root password (long before I arrived here). Recently, our supervisor requested that they no longer have access to it. I've been temporarily changing the root password for the evenings when the vender is scheduled to shutdown the system and perform work on it. Now we've been requested to not give them even a temporary root password, but to either create a shutdown user or modify shutdown so they can run it without the root password. My feeling is that they will have root access anyway, as soon as the system is in single user mode. I'm not comfortable with making an account with a shell script (especially shutdown) as the login shell -- it would have to be uid 0 and the vender's password control is weak. I don't really want to make the shutdown script suid root, either. Wood & Kochan do have some suggestions on using a C program suid to run shell script. What do most sites do in this case? I'd prefer knowing who has root access when, which I've got now, but I may be forced to implement something else. Also, what's the best way to allow a night operator to do full dumps w/o knowing the root password. Thank you,
tchrist@convex.UUCP (Tom Christiansen) (11/10/88)
Make shutdown mode 4750, group operator.
--tom
Tom Christiansen {uiucdcs,ut-sally,sun}!convex!tchrist
Convex Computer Corporation tchrist@convex.COM
UNIX Support, Training, and System Administration
"That's not a bug -- it's a feature!"