l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2003 Nov 23 00:54

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] User with root privileges
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] User with root privileges



On Sat 22 Nov 03,  4:32 PM, Michael J Wenk <wenk@praxis.homedns.org> said:
> On Fri, Nov 21, 2003 at 09:47:23AM -0800, Peter Jay Salzman wrote:
> > On Fri 21 Nov 03,  9:15 AM, David Margolis <margolid@ecs.csus.edu> said:
> > > On Thu, 20 Nov 2003, Peter Jay Salzman wrote:
> > > 
> > > > >
> > > > >    On my SuSE box, I can make any user a member of the group "root" and they
> > > > >    will have full privileges.
> > > >
> > > > that's not quite accurate.  UID != GID.
> > > >
> > > > pete
> > > 
> > > 
> > > Yeah, but that's still not a bad idea.  If files owned by root are also
> > > owned by the group root, then adding joeuser to the group root would have
> > > largely the desired effect (without messing with sudo or the root user
> > > itself).
> >  
> > i agree with you.  it's not a bad idea.  it's a TERRIBLE idea.
> > 
> > first, it'll only "work" the way you claim it will if umask is set up in
> > a very special way.  the "u" and "g" permissions are not the same thing.
> > there are lots of files owned by root that should NOT be in the root
> > group.   and if you don't believe me, look in your /dev and /var
> > directories.  it's asking for trouble.
> > 
> > 
> > but never mind that.  let's talk about something else.
> > 
> > so we have a guy who presumably owns a solaris box.  he wants to install
> > something.  i forget what it was.  oracle?  anyway.  he wants to do it
> > from an account named "joeschmo", rather than "root".
> > 
> > do you really not see anything wrong with that?
> > 
> > the only person who should be doing that is a hacker.
> 
> Or an oracle DBA/sysadmin... oracle is not installed as root, although
> there are 2-3 parts that require you to run a script as root to do
> somethings. 

and you would change a user's UID or GID to do this?

you ain't administrating any machine that i own, that's for sure!  ;)

pete

-- 
"Nobody steals our chicks.  And lives." -- Duke Nukem (played on Linux)
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.