[vox-tech] User with root privileges

Peter Jay Salzman vox-tech@lists.lugod.org
Sun, 23 Nov 2003 03:21:35 -0800 

On Sun 23 Nov 03, 12:53 AM, Michael Wenk <wenk@praxis.homedns.org> said:
> On Saturday 22 November 2003 06:51 pm, Peter Jay Salzman wrote:
> > > > but never mind that.  let's talk about something else.
> > > >
> > > > so we have a guy who presumably owns a solaris box.  he wants to
> > > > install something.  i forget what it was.  oracle?  anyway.  he wants
> > > > to do it from an account named "joeschmo", rather than "root".
> > > >
> > > > do you really not see anything wrong with that?
> > > >
> > > > the only person who should be doing that is a hacker.
> > >
> > > Or an oracle DBA/sysadmin... oracle is not installed as root, although
> > > there are 2-3 parts that require you to run a script as root to do
> > > somethings.
> >
> > and you would change a user's UID or GID to do this?
> 
> You are not making sense.  You said above that you had a guy that wanted to 
> install oracle from an account other than root(which is the way oracle is 
> supposed to be installed.)   So you're dinging me for that?  Have you ever 
> done oracle installs?  Am I missing something here?  
 
yes, mike.  you're missing something here: the whole point.

the whole point of this conversation is that the guy changed the UID/GID
of a user level account to "0" just so he didn't have to change to root
when he types "make install".

get it yet?  i'll try to spell it out some more.

he wants to edit /etc/passwd and change the 3rd and 4th fields to "0" to
bypass running the install scripts as root.  which is STUPID.

so then i say:

   the only person who edit's /etc/passwd and changes the 3rd and 4th
   field of a user account to zero is a hacker (or a clueless newbie).
  
then you say:

   or a oracle DBA/sysadmin



in case you're being really dense, let me hold your hand some more.

1. i said only hackers and newbies edit /etc/passwd to give user
   accounts superuser privileges so they don't have to be root to install
   software.
   
2. then you said "oracle DBA/sysadmins do too".

3. then i "dinged you", as you put it.

understand yet?



> > you ain't administrating any machine that i own, that's for sure!  ;)
> 
> Ya know, there's one thing that always makes me laugh, and that's when a non 
> professional gets all anal about their home system.  Get a grip, the absolute 
> worst thing that can happen is you have to spend an hr or two reloading your 
> system.   Its one thing to expend the level of effort to learn about 
> something, another thing to just do it cuz you're afraid of being hacked.  

you have to laugh because i value my system?!?

that is one of most callous and non-professional things i've ever heard
anybody claiming to be "system administrator" say.

if i ever had a company that needed a professional admin, i would NEVER
hire anybody who would say such a thing.

pete

-- 
"Nobody steals our chicks.  And lives." -- Duke Nukem (played on Linux)
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D