From owner-freebsd-stable  Thu Sep 21 17:26:50 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139])
	by hub.freebsd.org (Postfix) with ESMTP id 97AFD37B423
	for <freebsd-stable@freebsd.org>; Thu, 21 Sep 2000 17:26:47 -0700 (PDT)
Received: by static.unixfreak.org (Postfix, from userid 1000)
	id 4200C1F25; Thu, 21 Sep 2000 17:26:43 -0700 (PDT)
Subject: Re: Request for change to /etc/rc script
In-Reply-To: <20000921181057.A61901@carroll.com> from Damien Tougas at "Sep 21,
 2000 06:10:57 pm"
To: Damien Tougas <damien@carroll.com>
Date: Thu, 21 Sep 2000 17:26:43 -0700 (PDT)
Cc: Lyndon Nerenberg <lyndon@orthanc.ab.ca>,
	freebsd-stable@freebsd.org
From: Dima Dorfman <dima@unixfreak.org>
Reply-To: dima@unixfreak.org
X-Mailer: ELM [version 2.4ME+ PL61 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <20000922002643.4200C1F25@static.unixfreak.org>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> On Thu, Sep 21, 2000 at 02:09:47PM -0600, Lyndon Nerenberg wrote:
> 
> >It's not a NIS bug, it's operator error. Not having local entries
> >for root and wheel is just asking for trouble.
> 
> I would disagree with you there. We do not want to have root password
> files on hundreds of thin client workstations, if we have to change
> the root password for those workstations, we want to change it once.
> If the computer boots without network services, we don't care, because
> it dosen't have anything of value on it. When the network comes back
> up, just reboot it, these things are designed to be 'dumb'.

How about leaving the 'root' entry in master.passwd intact (so you can
still boot single user, etc.), and adding a 'toor' or 'nisroot' (call
it whatever you want) user to the NIS maps.  This way, your machine
can function without an NIS server should the need arise, but you
still have a global superuser account.  You can even disable the local
root account if you wish (use '*' in the password field).  As Lyndon
said, and I agree, "not having local entries for root and wheel is
just asking for trouble."

Hope this helps

-- 
Dima Dorfman <dima@unixfreak.org>
Finger dima@unixfreak.org for my public PGP key.

"You know if they ever find a way to harness sarcasm as an energy source,
you people are all going to owe me big."
	-- Bill Paul


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message