Subject: Re: Changing root's shell to /bin/sh
To: Soren S. Jorvang <firstname.lastname@example.org>
From: Michael Richardson <email@example.com>
Date: 03/17/1999 21:09:52
>>>>> "Soren" == Soren S Jorvang <firstname.lastname@example.org> writes:
Soren> As I see it, having [the ability to have] more than one
Soren> user profile per uid is a hack/artifact of the way the
Soren> traditional password database implementation and the world
Soren> would be a simpler place without it.
Soren> Having two root accounts is just asking for confusion.
Okay, please contribute code to allow me to have multiple system(s)
managers, each with a password that is useful in single user
Remember that I need at least two root passwords in many situations:
one for the engineer who's machine it is (and is permitted to do quite
a number of things), another for the system manager who comes to fix
it when the engineer occasionally screws things up. If you think
letting user's have root on the desktop screws up network security,
then I hope you have no PCs or Mac's on your network.
Aside from it being just bad password hygiene to share passwords,
it is a total pain to change the root password on all machines when
someone leaves. (No, NIS doesn't help, since these are often local
Also remember that when one has more than 20 machines, if one
system administrator leaves, then you have a real tough job if you
have been sharing root passwords.
Soren> Also, while I think /bin/sh would be more suitable as the
Soren> default root shell, a better generalization would perhaps
Soren> be to have init make a relaxed attempt at finding root's
Soren> shell from /etc/passwd and offer that when booting in
Soren> single-user mode?
Init *ASKS* what shell you want in single user mode.
If anything, I'd like it to make sure to start the shell as a login
shell, possibly with HOME=/root if that directory exists. I don't
think this happens right now.
] At IETF44 in Minneapolis, MN | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] email@example.com http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [