Re: Why are we using priveleged images / state so much? (Was Re:

[jna () concorde com (John Adams)]

Paul Robertson makes some extremely compelling points, but I still see
a few places of disagreement:

> Hmm.  Why does ROOT even have to be on the system as a user account?
> There are some things people have to do as root, but why not request
> special programs (like 'Shutdown') or other features, to be set up to
> allow only users in a certain class or certain userid to do them.

Yes, but even on the AS/400 there's a "root-like" account, QSYSOPER,
and that holds true for the 370. If these users need to be in special
accounts, how can we be expected to administer the groups? Who shall
administrate the administrators?

On the IBM AS/400 (at least on the Model D that we had), you couldn't
drop the system to the OS/400 equlivant of "single-user" mode nor
login with a privledged account if the key switch was set to
"Safe". Much like the way the Cyber worked, I assume.

But then remote administration goes all to hell. Secure external
access methods (Skey, SecureID, et al.) could be used to admin the
machines remotely, but the inital setup would cost a considerable
amount of time.

> If stuff like this had been done, I think the number of accidental root
> or priveleged access holes would be reduced to maybe 1% of what they have
> been.

I disagree. Maybe all that we're doing is increasing the complexity
of the issue, and make it harder for the admins to work.

                -john