nanog mailing list archives
Really, really, really off topic, but (was Re: Security Practices question)
From: Etaoin Shrdlu <shrdlu () deaddrop org>
Date: Sun, 22 Sep 2002 15:47:56 -0700
"John M. Brown" wrote:
I have question for the security community on NANOG.
I confess that I think of NANOG as not being a security community, rather it is a group of north american network operators. That said, you can find all sorts of info for the somewhat naive question below by a slightly judicious use of our friend, Google. That said, and since I'm avoiding work that I SHOULD be doing, I will answer your Important question.
What is your learned opinion of having host accounts (unix machines) with UID/GID of 0:0
This shows a certain naiveté, and suggests that you have not heard of truly useful tools such as sudo. If it's UNIX, sudo builds. Why is this a bad thing? The first number in your password entry implies USER. Not users. There is simply no way to tell which of many multiples of people might have made a change in your system, since the UID is the same for all.
otherwords jmbrown_r:password:0:0:John M. Brown:/export/home/jmbrown:/bin/mysh
I also truly hope that this was just a quick copy by you, and that you are not truly discussing a system here that allows the password file to actually contain the password. Please tell me that your password file is at least shadowed, and that was just a typo.
The argument is that way you don't hav to give out the root password, you can just nuke a users UID=0 equiv account when the leave and not have to change the real root account.
I will also supply you with a bit of advice, one that I see even using SSH over the network to my own machines: "Don't login as root, use su"
Now, don't flame me over the question, but provide valid pro's or con's for this practice from your experience.
There are no positive aspects to this practice. I suggest that you get the wonderful red book (now colored purple, last I recall) by Evi Nemeth et al, and study it thoroughly. I now return you to the discussion on (wireless and other) security, how much is too much, and so on. -- ...some sort of steganographic chaffing and winnowing scheme already exists in practice right here: I frequently find myself having to sort through large numbers of idiotic posts to find the good ones. -- Rufus Faloofus
Current thread:
- Security Practices question John M. Brown (Sep 22)
- Re: Security Practices question Bradley Dunn (Sep 22)
- Really, really, really off topic, but (was Re: Security Practices question) Etaoin Shrdlu (Sep 22)
- Re: Really, really, really off topic, but (was Re: Security Practices question) John M. Brown (Sep 22)
- Re: Security Practices question Allan Liska (Sep 22)
- Re: Security Practices question Ryan Fox (Sep 22)
- Re: Security Practices question D'Arcy J.M. Cain (Sep 23)
- Re: Security Practices question E.B. Dreger (Sep 22)
- Re: Security Practices question Barb Dijker (Sep 23)
- Re: Security Practices question Scott Francis (Sep 23)