Date: Tue, 25 Feb 1997 17:21:14 -0600 (CST) From: "Kenneth P. Stox" <ken@stox.pr.mcs.net> To: Chuck Robey <chuckr@glue.umd.edu> Cc: Guido van Rooij <guido@gvr.win.tue.nl>, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.bin/su su.1 su.c Message-ID: <Pine.BSI.3.95.970225170421.9325I-100000@stox.pr.mcs.net> In-Reply-To: <Pine.OSF.3.95q.970225173550.3982A-100000@modem.eng.umd.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Feb 1997, Chuck Robey wrote: << text deleted >> > Guido, I'm curious. Are there really (that you know of) shops that want > to be so free with root privs that they don't even need to know who has > them? If there is, then I guess you're justified, but I wouldn't have > thought such existed. I beg to disagree. There are many shops which allow all the users of the machine(s) to have root access. Encouraging them to do so via su(1) instead of having the root password passed around is infinitely desirable. This is a far from ideal situation, but many shops choose to not invest in the administrative resources that are really necessary for the objectives they wish to achieve. Instead, many administrative tasks get spread over a group of developers, etc. In many cases I have witnessed, there may be one or more administrator/gurus within the organization performing consultation to a community of developers who have chosen to share responsibilities on the machine. In these situations, it would be in the best interests of all to make su(1) as "easy" as possible. The number one enemy I have confronted when I have worked in such an environment is not from hackers, but the developer with root privileges who makes a "harmless" configuration change. The change is not made maliciously. Typically, such behaviors involve machines which are not in a machine room. The glass wall does have its advantages at times. :-) -Ken Stox ken@stox.pr.mcs.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970225170421.9325I-100000>