Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security Practices question

  • From: Valdis.Kletnieks
  • Date: Thu Oct 03 12:29:56 2002

On Wed, 02 Oct 2002 17:48:16 PDT, just me said:
> In an situation where the team needs root; all per-admin UID 0
> accounts add is accountability and personalized shells/environments.

Accountability is always good, but you can do even better with sudo (Sorry,
I couldn't resist).

As far as personalized shells/environments go, I've found that this helps
a lot:

export ENV=~/.kshrc   (for ksh-based systems)
export BASH_ENV=~/.bashrc (for bash-based boxes)
su -m    (or whatever "save the environment" parameter your su has)

and voila, you have your preferred environment.

Bottom line - per-admin UID 0 doesn't give you anything you couldn't get
via other means.

(And please, no flames about using su rather than sudo, or the wisdom of
using su and preserving the environment - I've already done the analysis
and decided it's correct *for the machines in question*.)
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

Attachment: pgp00007.pgp
Description: PGP signature




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.