Reasons for restricting su privilege?

Karl Kleinpaste karl at dinosaur.cis.ohio-state.edu
Wed Oct 19 11:49:02 AEST 1988


Personally, I advocate a menu-driven setuid-root program which allows
for exactly the set of things which a not-normally-administrator
person might possibly have to do in order to stay alive while a real
admin is unavailable.  Restrict it heavily and never give an editor
escape for any reason.

The `old' reasons for not allowing general superuser access are
legion, but a couple of the better ones from a practical point of view
revolve around keeping track of who knows The Password (which is to
say, Whom can you readily accuse of malfeasance/stupidity?, and What
if someone tells It to someone else who shouldn't know?) and the
problem that "a little knowledge is a dangerous thing."

--Karl



More information about the Comp.unix.wizards mailing list