Date: Fri, 8 Dec 2000 10:05:19 -0500 From: "Christian Kuhtz" <ck@arch.bellsouth.net> To: "Forrest Houston" <fhouston@east.isi.edu> Cc: <security@freebsd.org> Subject: RE: toor account Message-ID: <NEBBJKIJGLMGELMBGHEOMEHNCHAA.ck@arch.bellsouth.net> In-Reply-To: <Pine.WNT.4.10.10012080958150.-531279@ipce-adm.east.isi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Still bad policy. Seen this exact thing blow up too many times. If you need distributed admin rights, use sudo. -- Christian Kuhtz <ck@arch.bellsouth.net> -wk, <ck@gnu.org> -hm Sr. Architect, Engineering & Architecture, BellSouth.net, Atlanta, GA, U.S. "I speak for myself only." > -----Original Message----- > From: Forrest Houston [mailto:fhouston@east.isi.edu] > Sent: Friday, December 08, 2000 10:05 AM > To: Christian Kuhtz > Cc: security@FreeBSD.ORG > Subject: RE: toor account > > > Personally I've found the toor account helpful on "shared" machines. So > if there a group that has primary sysadmin responsibility for the machine > they get the root password. However as the network admin there might be > times things need to change/fix something so the netadmin has the toor > password. That way each group can use their own password schemes, which > will also hopefully eliminate the need for password lists. > > Just a thought > Forrest > > On Fri, 8 Dec 2000, Christian Kuhtz wrote: > > > > > Sorry, no coffee yet. Let's try this again. > > > > Inconsistent site policy is a bad practice. Choose one. Worse, > never have > > two > > role accounts for the same function. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBJKIJGLMGELMBGHEOMEHNCHAA.ck>