Re: shared root account

To: debian-security@lists.debian.org
Subject: Re: shared root account
From: Rainer Weikusat <weikusat@mail.uni-mainz.de>
Date: 08 Jul 2001 17:46:35 +0200
Message-id: <[🔎] 87lmlzo23o.fsf@winter.inter-i.uni-mainz.de>
In-reply-to: Eric E Moore's message of "08 Jul 2001 16:17:16 +0100"
References: <[🔎] B76B3592.2110%robert@sciresearch.com> <[🔎] 20010706094355.A25712@micromuse.com> <[🔎] 20010706152456.M26109@plato.local.lan> <[🔎] 87hewpy26m.fsf@dyn006239.shef.ac.uk> <[🔎] 20010707015850.T26109@plato.local.lan> <[🔎] 87n16fwiv7.fsf@dyn006239.shef.ac.uk>

Eric E Moore <e.e.moore@shef.ac.uk> writes:
> Ok, the amount of aiming away from your foot that you can do with
> giving someone priveleges by giving them the root password is a proper
> subset of the aiming away from your foot that you can do when
> granting priveleges through sudo.

Think of a daemon (vtund in this case) that needs to reconfigure
interfaces at run time. With sudo, said daemon can run under his own
uid and can call ifconfig as root. Definitely better than 'uid 0' all
the time.

Reply to:

References:
- Re: shared root account
  - From: "Robert L. Yelvington" <robert@sciresearch.com>
- Re: shared root account
  - From: Nathan E Norman <nnorman@micromuse.com>
- Re: shared root account
  - From: Ethan Benson <erbenson@alaska.net>
- Re: shared root account
  - From: Eric E Moore <e.e.moore@shef.ac.uk>
- Re: shared root account
  - From: Ethan Benson <erbenson@alaska.net>
- Re: shared root account
  - From: Eric E Moore <e.e.moore@shef.ac.uk>

Prev by Date: Re: shared root account
Next by Date: Re: shared root account
Previous by thread: Re: shared root account
Next by thread: Re: shared root account
Index(es):
- Date
- Thread