[vox-tech] User with root privileges
Peter Jay Salzman
vox-tech@lists.lugod.org
Fri, 21 Nov 2003 09:47:23 -0800
On Fri 21 Nov 03, 9:15 AM, David Margolis <margolid@ecs.csus.edu> said:
> On Thu, 20 Nov 2003, Peter Jay Salzman wrote:
>
> > >
> > > On my SuSE box, I can make any user a member of the group "root" and they
> > > will have full privileges.
> >
> > that's not quite accurate. UID != GID.
> >
> > pete
>
>
> Yeah, but that's still not a bad idea. If files owned by root are also
> owned by the group root, then adding joeuser to the group root would have
> largely the desired effect (without messing with sudo or the root user
> itself).
i agree with you. it's not a bad idea. it's a TERRIBLE idea.
first, it'll only "work" the way you claim it will if umask is set up in
a very special way. the "u" and "g" permissions are not the same thing.
there are lots of files owned by root that should NOT be in the root
group. and if you don't believe me, look in your /dev and /var
directories. it's asking for trouble.
but never mind that. let's talk about something else.
so we have a guy who presumably owns a solaris box. he wants to install
something. i forget what it was. oracle? anyway. he wants to do it
from an account named "joeschmo", rather than "root".
do you really not see anything wrong with that?
the only person who should be doing that is a hacker.
cracker.
darn. whatever. ;)
pete
ps- i will state again: the thing that you said is not a bad idea is
STILL not accurate. UID != GID. you say it will "largely have the
desired effect".
i don't know about you, but when i'm administrating my system, i want to
have THE desired effect. not largely the desired effect!
--
"Nobody steals our chicks. And lives." -- Duke Nukem (played on Linux)
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D