Running as root 6764

On Thu, 08 Dec 2005 17:14:37 +0000, Mark Kent

Just a clumsy way of implementing a root account. I'm no master of sudo, but wasn't there some degree of configuration required to determine which user could perferm which functions? If there is, this might be an excellent way of making sure a single mistake can render all administrative functions unaccessible.

On a user level, yes. On an administrative level, there should be some account capable of overriding all others, if only to recover from mistakes made by lower level admins.

If an admin not running games as root qualifies as perfect in your opinion, yes. However, I'd put the bar for perfection rather higher, and consider not abusing the root account a sign of being on the way to becoming a competent admin.

Running as root 6768
On Tuesday 06 December 2005 16:24, Daveman750 stood up and spoke the following words to the mbuttes incomp.os.linux.advocacy...: Error...

No, they rely on the user being utterly clueless, and in many cases this is correct. Based on that buttumption, they've created a system any idiot can use, and as a result many do. Whether this is desirable is another matter.

Running as root 6765
BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 09 Dec 2005 10:35:42 +0100, Sudo can be configured by the root user yes, but distros like Ubuntu have sudo preconfigured for...

Running as root 6767
Daveman750 wrote something like: WHat simple task? I use this box as user all the time. I can do what I want? I can install software and all I need to do...

The same applies in any situation where administrative actions can be taken by a single individual. This is why, for example, ICBMs can only be launched by two (or is it three) people simultaneuosly giving the order. Unless you want a system with mutiple admins that need to cooperate (and independently approve each others actions) for critical tasks, the problem remains.

Most don't appoint the board of directors of the company that owns the system either. Screw ups at the top of the hierarchy habitually ruin the lives of those powerless individuals at the bottom. Welcome to reality.

Of course, and such a system exists. User and group privileges are just that. And on a large system, where different and isolated parts are big enough to require an admin of their own, there should be admin accounts that have admin access only to those components. But at the top, there is an account that hands out those privileges, and the person in control of that account has, by implication, access to any part of the system. If this person does something very stupid, there will be serious trouble, regardless of how difficult you want to make his or her existence.

Rob

Linux | Previous | Next

Running as root 6765

Linux Advocacy from Newsgroups

The #1 Usenet Provider on the Internet

Running as root 6763

PLEX86 x86- Virtual Machine (VM) Program


	CVS \| Mailing List \| Download \| Newsgroups

		Running as root 6764 On Thu, 08 Dec 2005 17:14:37 +0000, Mark Kent Just a clumsy way of implementing a root account. I'm no master of sudo, but wasn't there some degree of configuration required to determine which user could perferm which functions? If there is, this might be an excellent way of making sure a single mistake can render all administrative functions unaccessible. On a user level, yes. On an administrative level, there should be some account capable of overriding all others, if only to recover from mistakes made by lower level admins. If an admin not running games as root qualifies as perfect in your opinion, yes. However, I'd put the bar for perfection rather higher, and consider not abusing the root account a sign of being on the way to becoming a competent admin. Running as root 6768 On Tuesday 06 December 2005 16:24, Daveman750 stood up and spoke the following words to the mbuttes incomp.os.linux.advocacy...: Error... No, they rely on the user being utterly clueless, and in many cases this is correct. Based on that buttumption, they've created a system any idiot can use, and as a result many do. Whether this is desirable is another matter. Running as root 6765 BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 09 Dec 2005 10:35:42 +0100, Sudo can be configured by the root user yes, but distros like Ubuntu have sudo preconfigured for... Running as root 6767 Daveman750 wrote something like: WHat simple task? I use this box as user all the time. I can do what I want? I can install software and all I need to do... The same applies in any situation where administrative actions can be taken by a single individual. This is why, for example, ICBMs can only be launched by two (or is it three) people simultaneuosly giving the order. Unless you want a system with mutiple admins that need to cooperate (and independently approve each others actions) for critical tasks, the problem remains. Most don't appoint the board of directors of the company that owns the system either. Screw ups at the top of the hierarchy habitually ruin the lives of those powerless individuals at the bottom. Welcome to reality. Of course, and such a system exists. User and group privileges are just that. And on a large system, where different and isolated parts are big enough to require an admin of their own, there should be admin accounts that have admin access only to those components. But at the top, there is an account that hands out those privileges, and the person in control of that account has, by implication, access to any part of the system. If this person does something very stupid, there will be serious trouble, regardless of how difficult you want to make his or her existence. Rob Linux \| Previous \| Next



		Running as root 6765 Linux Advocacy from Newsgroups The #1 Usenet Provider on the Internet Running as root 6763