[vox-tech] User with root privileges

Michael Wenk vox-tech@lists.lugod.org
Mon, 24 Nov 2003 02:39:27 -0800


On Sunday 23 November 2003 03:21 am, Peter Jay Salzman wrote:
> On Sun 23 Nov 03, 12:53 AM, Michael Wenk <wenk@praxis.homedns.org> said:
> > On Saturday 22 November 2003 06:51 pm, Peter Jay Salzman wrote:
> > > > > but never mind that.  let's talk about something else.
> > > > >
> > > > > so we have a guy who presumably owns a solaris box.  he wants to
> > > > > install something.  i forget what it was.  oracle?  anyway.  he
> > > > > wants to do it from an account named "joeschmo", rather than
> > > > > "root".
> > > > >
> > > > > do you really not see anything wrong with that?
> > > > >
> > > > > the only person who should be doing that is a hacker.
> > > >
> > > > Or an oracle DBA/sysadmin... oracle is not installed as root,
> > > > although there are 2-3 parts that require you to run a script as root
> > > > to do somethings.
> > >
> > > and you would change a user's UID or GID to do this?
> >
> > You are not making sense.  You said above that you had a guy that wanted
> > to install oracle from an account other than root(which is the way oracle
> > is supposed to be installed.)   So you're dinging me for that?  Have you
> > ever done oracle installs?  Am I missing something here?
>
> yes, mike.  you're missing something here: the whole point.
>
> the whole point of this conversation is that the guy changed the UID/GID
> of a user level account to "0" just so he didn't have to change to root
> when he types "make install".
>
> get it yet?  i'll try to spell it out some more.
>
> he wants to edit /etc/passwd and change the 3rd and 4th fields to "0" to
> bypass running the install scripts as root.  which is STUPID.
>
> so then i say:
>
>    the only person who edit's /etc/passwd and changes the 3rd and 4th
>    field of a user account to zero is a hacker (or a clueless newbie).
>
> then you say:
>
>    or a oracle DBA/sysadmin
>
>
>
> in case you're being really dense, let me hold your hand some more.
>
> 1. i said only hackers and newbies edit /etc/passwd to give user
>    accounts superuser privileges so they don't have to be root to install
>    software.

Well for the longest time I had my passwd entry UIDing my user acct to UID 0.  
The only reason I changed the way I did it was because I mated my home system 
to a work network, and that forced me to do so.  

> 2. then you said "oracle DBA/sysadmins do too".

Actually, the way you put it was quite unclear:

"and you would change a user's UID or GID to do this?"

I guess su root -c '/tmp/blah' doesn't qualify as switching users ?  


>
> 3. then i "dinged you", as you put it.
>
> understand yet?
>
> > > you ain't administrating any machine that i own, that's for sure!  ;)
> >
> > Ya know, there's one thing that always makes me laugh, and that's when a
> > non professional gets all anal about their home system.  Get a grip, the
> > absolute worst thing that can happen is you have to spend an hr or two
> > reloading your system.   Its one thing to expend the level of effort to
> > learn about something, another thing to just do it cuz you're afraid of
> > being hacked.
>
> you have to laugh because i value my system?!?
>
> that is one of most callous and non-professional things i've ever heard
> anybody claiming to be "system administrator" say.

Funny that you are calling me unprofessional.  That is a good one.  Maybe you 
ought to act the way 

And I am laughing because you are missing the obvious.  I wonder how good the 
lock is on your door?  Or the door itself?  If someone wants your data bad 
enough, its quite trivial to break in and steal the system itself.  Remember 
kids, physical security is much more important than data security.  And 
there's the added benefit that if your system is physically stolen, you 
really are deprived of its use.  So then you're screwed more ways than one. 

> if i ever had a company that needed a professional admin, i would NEVER
> hire anybody who would say such a thing.

given your mental inflexibility, and the fact that you're willing to do tons 
of unnecessary work, the above mentioned company you owned would be unlikely 
to last very long.   


-- 
wenk@praxis.homedns.org
Mike Wenk