Workstations: good reasons for owner root access
Greg Limes
limes at sun.uucp
Thu Aug 18 03:52:42 AEST 1988
In article <183 at ndc.UUCP> sgf at ndc.UUCP (Sharon Gates-Fishman) writes:
>I work on a diskless microVAX 2000, so I don't do my own system
>administration, but I occasionally _must_ have su privledge (sp?).
>That happens when my system must be rebooted, so I have to do a
>shutdown. Now, my system administrator _could_ walk around to
>every uVax in the building (we don't have all that many), and
>reboot them herself, but it's a lot easier for her to call me
>(and the other VaxStation folks) and ask me to do it myself.
Actually, this can be solved without giving the workstation owner the
root password. Generate a small script that allows specific actions to
be done, and wire it up to a maintenance login:
maint::0:1:Maintenance Account:/:/usr/local/bin/maint
Now give "maint" a password only known by the workstation's owner. This
"maint" program can be as simple or as complex as the installation
wants.
For an even easier case -- I administer a small lab, containing eight
workstations and a server. Sometimes I have to reboot machines, and
frankly I would rather not stand there at the console waiting to log in
as root. The solution? A "yoyo" account:
yoyo::0:1:Bouncer:/:/yoyo
with a script that runs /etc/fastboot, if and only if it is run from the
console and there is nobody else on the system. No password needed.
Generalize for your installation, tune for smoke.
-- redhead [limes at sun.com]
for uucp, backbone!ucbvax!sun!limes
More information about the Comp.unix.questions
mailing list