KSpagnol@massey.ac.nz (Ken Spagnolo) (09/28/89)
I've just started reading this topic, so I hope this hasn't been discussed... On our Pyramid, we almost never su to or login as root. Instead, I wrote ssu (single super user), which takes a single command as an argument, checks to see if you're in a certain, very restricted group, and if so, sets uid to 0 and execs the command. A log entry is made of who executed ssu, the command ssu'd with all its args, the directory ssu was executed from and a date stamp. (This is done more to help us back out of any major mistakes than out of paranoia.) In this way, the system admin and system programmers all have the privilege they need, when they need it, and can remain in their own environment to keep mistakes down. The operator account was installed on our system as a synonym for root, but we've even changed that, as this method seems to address the relevant access and security issues. Of course you can 'ssu su' or 'ssu (your favorite shell here)' when it is desirable (or even undesirable). I think this is an acceptable method, but I'm sure some of you don't. How come? -- -- Ken Spagnolo - Systems Programmer, Postmaster, Usenet Administrator, etc. Computer Centre, Massey University, Palmerston North, New Zealand K.Spagnolo@massey.ac.nz Phone: +64-63-69099 x8587 New Zealand = GMT+12