Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!mit-eddie!ll-xn!ames!oliveb!sun!limes From: limes@sun.uucp (Greg Limes) Newsgroups: comp.unix.questions Subject: Re: Workstations: good reasons for owner root access Message-ID: <64601@sun.uucp> Date: 17 Aug 88 17:52:42 GMT References: <8338@smoke.ARPA> <2757@bgsuvax.UUCP> <183@ndc.UUCP> Reply-To: limes@sun.UUCP (Greg Limes) Organization: Sun Microsystems, Inc. Lines: 33 In article <183@ndc.UUCP> sgf@ndc.UUCP (Sharon Gates-Fishman) writes: >I work on a diskless microVAX 2000, so I don't do my own system >administration, but I occasionally _must_ have su privledge (sp?). >That happens when my system must be rebooted, so I have to do a >shutdown. Now, my system administrator _could_ walk around to >every uVax in the building (we don't have all that many), and >reboot them herself, but it's a lot easier for her to call me >(and the other VaxStation folks) and ask me to do it myself. Actually, this can be solved without giving the workstation owner the root password. Generate a small script that allows specific actions to be done, and wire it up to a maintenance login: maint::0:1:Maintenance Account:/:/usr/local/bin/maint Now give "maint" a password only known by the workstation's owner. This "maint" program can be as simple or as complex as the installation wants. For an even easier case -- I administer a small lab, containing eight workstations and a server. Sometimes I have to reboot machines, and frankly I would rather not stand there at the console waiting to log in as root. The solution? A "yoyo" account: yoyo::0:1:Bouncer:/:/yoyo with a script that runs /etc/fastboot, if and only if it is run from the console and there is nobody else on the system. No password needed. Generalize for your installation, tune for smoke. -- redhead [limes@sun.com] for uucp, backbone!ucbvax!sun!limes