Path: utzoo!utgpu!water!watmath!clyde!att!cbnews!lvc From: lvc@cbnews.ATT.COM (Lawrence V. Cipriani) Newsgroups: comp.unix.questions Subject: Re: Workstations: good reasons for owner root access Message-ID: <887@cbnews.ATT.COM> Date: 17 Aug 88 22:56:45 GMT References: <8338@smoke.ARPA> <2757@bgsuvax.UUCP> <183@ndc.UUCP> <25952@think.UUCP> Reply-To: lvc@cbnews.ATT.COM (Lawrence V. Cipriani) Organization: AT&T Bell Laboratories, Columbus Lines: 20 In article <25952@think.UUCP> barmar@kulla.think.com.UUCP (Barry Margolin) writes: >Why not just make shutdown setuid root, and executable only by a group >of which you are the sole member? /etc/shutdown is a script, but can be worked around. One other thing that must be done is to stay out of single user mode. If you go to single user from multi-user the user is made root. >These are the kinds of tools someone was referring to when he said >that in a well-designed system you should rarely need to use "su". >"su" should only be for unusual circumstances. Users shutting down >their workstations is not unusual, so there should be a standard tool >for it. Indeed. Isn't it rediculuous that the most mudane operations (backup, recover, creating users, etc.) on a eunuchs computer require the most powerful permissions possible. Sheesh. -- Larry Cipriani, AT&T Network Systems, Columbus OH, (614) 860-4999