Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 exptools 1/6/84; site iwu1d.UUCP Path: utzoo!linus!vaxine!wjh12!genrad!decvax!harpo!floyd!vax135!houxz!houxm!ihnp4!iwu1d!grd From: grd@iwu1d.UUCP (grd) Newsgroups: net.unix Subject: Re: more on superuser Message-ID: <205@iwu1d.UUCP> Date: Mon, 18-Jun-84 15:19:54 EDT Article-I.D.: iwu1d.205 Posted: Mon Jun 18 15:19:54 1984 Date-Received: Thu, 21-Jun-84 04:22:25 EDT References: <924@ihuxi.UUCP> Organization: AT&T Bell Labs, Naperville, IL Lines: 27 ... Dave: We had a similiar problem like this which we resolved as follows: We used two login accounts to accomplish this task. Login xx root level was owned by login yy. The profile was also owned by login yy and granted write permission via su within the profile. A limited number of functions were allowed via profile control. Traps were set to ignore breaks etc on login. This will prevent the su people to even look at anything because the permission level will not permit them to do so. The only fallacy... They still can play games etc in the /usr/tmp or /tmp or their own ids, but I don't think you were concered about this because if they already have an account on the machine, they work for the company. Garry R. Daly iwu1d!grd AT&T-T ..