Subject: Re: Changing root's shell to /bin/sh
To: None <email@example.com (NetBSD Userlevel Technical Discussion>
From: Michael Richardson <firstname.lastname@example.org>
Date: 03/18/1999 20:11:35
>>>>> "Greg" == Greg A Woods <email@example.com> writes:
Greg> [ On Wednesday, March 17, 1999 at 21:09:52 (-0600), Michael
Greg> Richardson wrote: ]
>> Subject: Re: Changing root's shell to /bin/sh
>> Okay, please contribute code to allow me to have multiple
>> system(s) managers, each with a password that is useful in
>> single user mode. Remember that I need at least two root
>> passwords in many situations: one for the engineer who's
>> machine it is (and is permitted to do quite a number of
>> things), another for the system manager who comes to fix it
>> when the engineer occasionally screws things up. If you think
>> letting user's have root on the desktop screws up network
>> security, then I hope you have no PCs or Mac's on your network.
Greg> I've seen kerberos used quite effectively to meet such
Remember: the reason why these are not NIS passwords is because they
are needed to fix the machine when it breaks.
Greg> There's also 'sudo', which if used *very* carefully offers
Greg> even more finely grained control, but even in general seems
Greg> to meet your requirements.
Totally fails to authenticate anyone when booting single user.
Greg> Again, kerberos can be your friend here....
For users and routine maintenance, yes. For dealing with network
] Why doesn't my notebook fit on the food tray on this flight? | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] firstname.lastname@example.org http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [