Subject: Re: Root, toor accounts.
To: Marc Baudoin <babafou@babafou.eu.org>
From: Frederick Bruckman <fb@enteract.com>
List: netbsd-users
Date: 03/14/1999 14:16:15
On Sun, 14 Mar 1999, Marc Baudoin wrote:
> The operator user does also trigger a warning in /etc/security
> after a clean install:
>
> Login operator is off but still has a valid shell (/bin/csh)
>
> As this user doesn't own a single file in a full installation, I
> wonder if it's useful...
'shutdown' is in group operator, and executable only by root and
operator. Many of the devices are also in the operator group by
default. In a typical organization, you want numerous people to have
operator priviledge, so that they can perform a controlled shutdown
when necessary, but not so many people to have root access. The
alternative of allowing anyone to perform a shutdown is even less
attractive. Even on my desktop computers, I always give the operator a
password, and shell, just in case I get locked out. Of course, I
could always cycle power and Ctl-\ during the fsck, but that's nasty.