> Nobody should ever login directly as root either, unless these logins
> are restricted to secure terminals and you can verify who accessed the
> terminal via something like an audit trail from the machine room lock.

What does this have to do with multiple accounts with uid==0? :)

> So, taken together this implies that every user who admins the machine
> and deserves full uid==0 priviledges for these tasks should know the
> root password and should 'su' after logging in to their own account,

It's difficult to share the same root's password when the people using
it live over 400 km apart.

> of course they should never type the root password over an insecure
> channel.

We're using ssh here, so that's not a problem.

> a secure
> hardware terminal connection, for all admin activities).

A 400 km long serial cable with 200000 armed men watching it, perhaps? ;-)
Would certainly reduce the unemployment level here...

> This is not to say that programs shouldn't be able to tell the
> difference between login user-id and uid....  There can be some
> justification for using multiple user-id's with the same uid in some
> specialized applications.

I have run into situations like this more than once and it would be
nice if the same uid could be shared (of course, if we had ACL's,
the problem wouldn't be as bad in the first place).

  -jm


-- 

                     ---> http://www.jmp.fi/~jmarin/ <---