[vox-tech] User with root privileges

Peter Jay Salzman vox-tech@lists.lugod.org
Sat, 22 Nov 2003 18:51:31 -0800 

On Sat 22 Nov 03,  4:32 PM, Michael J Wenk <wenk@praxis.homedns.org> said:
> On Fri, Nov 21, 2003 at 09:47:23AM -0800, Peter Jay Salzman wrote:
> > On Fri 21 Nov 03,  9:15 AM, David Margolis <margolid@ecs.csus.edu> said:
> > > On Thu, 20 Nov 2003, Peter Jay Salzman wrote:
> > > 
> > > > >
> > > > >    On my SuSE box, I can make any user a member of the group "root" and they
> > > > >    will have full privileges.
> > > >
> > > > that's not quite accurate.  UID != GID.
> > > >
> > > > pete
> > > 
> > > 
> > > Yeah, but that's still not a bad idea.  If files owned by root are also
> > > owned by the group root, then adding joeuser to the group root would have
> > > largely the desired effect (without messing with sudo or the root user
> > > itself).
> >  
> > i agree with you.  it's not a bad idea.  it's a TERRIBLE idea.
> > 
> > first, it'll only "work" the way you claim it will if umask is set up in
> > a very special way.  the "u" and "g" permissions are not the same thing.
> > there are lots of files owned by root that should NOT be in the root
> > group.   and if you don't believe me, look in your /dev and /var
> > directories.  it's asking for trouble.
> > 
> > 
> > but never mind that.  let's talk about something else.
> > 
> > so we have a guy who presumably owns a solaris box.  he wants to install
> > something.  i forget what it was.  oracle?  anyway.  he wants to do it
> > from an account named "joeschmo", rather than "root".
> > 
> > do you really not see anything wrong with that?
> > 
> > the only person who should be doing that is a hacker.
> 
> Or an oracle DBA/sysadmin... oracle is not installed as root, although
> there are 2-3 parts that require you to run a script as root to do
> somethings. 

and you would change a user's UID or GID to do this?

you ain't administrating any machine that i own, that's for sure!  ;)

pete

-- 
"Nobody steals our chicks.  And lives." -- Duke Nukem (played on Linux)
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D