[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)

Yaroslav Halchenko <debian@onerussian.com> writes:

> Actually it seems to be not mine, and not sash fault -- it seems to be a
> common practice mentioned in multiple howto's around the web such like
> http://linuxgazette.net/issue48/tag/16.html

It's a really *bad* common practice.  Use of the root account in general
should be minimized and ideally done through an auditing method; creating
*more* root-level accounts, particularly with separate passwords, can
cause all sorts of interesting problems.  I've worked in organizations
that did this as a matter of course and seen disaster as a result.

The reason why sash does this is different than the reason why people
usually talk about it on the web, but while the sash use makes a moderate
amount of sense at first glance, I'm not sure how often it's really useful
compared to booting single-user or just changing the shell of the root
account itself and normally using sudo.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: