On 7/28/06, Boris Veytsman <borisv@lk.net> wrote:
One of the most important implication for our setup here is the
follwing. We have a rule that after each root login the admin makes
an entry in the system ChangeLog file. If I do this from emacs, and
hit C-x 4 a, the following entry appears when I use su:
2006-07-28 Boris Veytsman <borisv@lk.net>
*
When I use 'su -', the entry is marked as done by root, which is less
convenient in a multi-admin situation.
I've seen multi-admin systems where each admin has a separate login with a distinct password not known to the other admins, but all with uid 0. I'm not sure how the logging appears in this case, so I don't know if it really solves the same problem. One problem it *does* solve is being able to disable the root access of someone who is no longer on the admin staff without having to change the root password. -- Michael A. Marsh http://www.umiacs.umd.edu/~mmarsh http://mamarsh.blogspot.com