[vox-tech] User with root privileges
Michael J Wenk
vox-tech@lists.lugod.org
Sat, 22 Nov 2003 16:32:20 -0800
On Fri, Nov 21, 2003 at 09:47:23AM -0800, Peter Jay Salzman wrote:
> On Fri 21 Nov 03, 9:15 AM, David Margolis <margolid@ecs.csus.edu> said:
> > On Thu, 20 Nov 2003, Peter Jay Salzman wrote:
> >
> > > >
> > > > On my SuSE box, I can make any user a member of the group "root" and they
> > > > will have full privileges.
> > >
> > > that's not quite accurate. UID != GID.
> > >
> > > pete
> >
> >
> > Yeah, but that's still not a bad idea. If files owned by root are also
> > owned by the group root, then adding joeuser to the group root would have
> > largely the desired effect (without messing with sudo or the root user
> > itself).
>
> i agree with you. it's not a bad idea. it's a TERRIBLE idea.
>
> first, it'll only "work" the way you claim it will if umask is set up in
> a very special way. the "u" and "g" permissions are not the same thing.
> there are lots of files owned by root that should NOT be in the root
> group. and if you don't believe me, look in your /dev and /var
> directories. it's asking for trouble.
>
>
> but never mind that. let's talk about something else.
>
> so we have a guy who presumably owns a solaris box. he wants to install
> something. i forget what it was. oracle? anyway. he wants to do it
> from an account named "joeschmo", rather than "root".
>
> do you really not see anything wrong with that?
>
> the only person who should be doing that is a hacker.
Or an oracle DBA/sysadmin... oracle is not installed as root, although
there are 2-3 parts that require you to run a script as root to do
somethings.