Getting rid of the root account (Was: GNU OS)
Dinah Anderson
dinah at shell.UUCP
Wed Jun 7 02:28:51 AEST 1989
In article <3, I think> jfh at rpp386.cactus.org (John F. Haugh II) writes:
> I think [a previous poster] meant getting rid of UID == 0 being a
> privileged user. Again, this an Orange Book requirement. It also
> makes much sense. Programs should have privilege, not users. The
> ability to access a program can then be limited to a collection of
> users or groups.
But what you are really saying is that a certain group of users would
have the privilege to access a program which provides a certain privilege
or access.
I agree with the basics of what you are saying, but the real issue
is the users running the programs, not the programs themselves. We need
to know who is running what programs (for accountability in extreme
sensitive cases.)
Dinah Anderson
Shell Oil Company, Information Center (713) 795-3287
..!{sun,psuvax,bcm,rice}!shell!dinah
More information about the Comp.unix.wizards
mailing list