Workstations: good reasons for owner root access
The Grey Wolf
greywolf at unisoft.UUCP
Tue Aug 23 04:29:42 AEST 1988
In article <887 at cbnews.ATT.COM> lvc at cbnews.ATT.COM (Lawrence V. Cipriani) writes:
# In article <25952 at think.UUCP> barmar at kulla.think.com.UUCP (Barry Margolin) writes:
# >Why not just make shutdown setuid root, and executable only by a group
# >of which you are the sole member?
#
# /etc/shutdown is a script, but can be worked around. One other thing that
# must be done is to stay out of single user mode. If you go to single user
# from multi-user the user is made root.
/etc/shutdown is a script only on SOME system V machines. On most machines I
work with, it is an executable file. And, to boot, under Berkelix 4.x, it
kills all the processes before going single-user on the console. That solves
both problems.
[NOTE: This is NOT to propogate another SysV/BSD war; they both have their
points, good and bad.]
#
# >These are the kinds of tools someone was referring to when he said
# >that in a well-designed system you should rarely need to use "su".
# >"su" should only be for unusual circumstances. Users shutting down
# >their workstations is not unusual, so there should be a standard tool
# >for it.
#
# Indeed. Isn't it rediculuous that the most mudane operations (backup,
# recover, creating users, etc.) on a eunuchs computer require the most
# powerful permissions possible. Sheesh.
geez, you mean I can't add users to my own system without becoming root?
Aw, darn. I can chown things to other people so that they are the ones who
appear to be taking up all the space on the system (under SysV, but then
I guess SysV doesn't support quotas (if it did, accounting procedures would
be for naught under current implementations, but this is another story)).
# --
# Larry Cipriani, AT&T Network Systems, Columbus OH, (614) 860-4999
--
"
Roan Anderson, Software Engineer, UniSoft Corporation, Emeryville, CA.
(415) 420-6400
My opinions are my own, but if you're real nice, I'll share...
[*] AT&T is a trademark of UNIX Inc. :-)
More information about the Comp.unix.questions
mailing list