Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!mit-eddie!ll-xn!ames!oliveb!sun!limes
From: limes@sun.uucp (Greg Limes)
Newsgroups: comp.unix.questions
Subject: Re: Workstations:  good reasons for owner root access
Message-ID: <64601@sun.uucp>
Date: 17 Aug 88 17:52:42 GMT
References: <8338@smoke.ARPA> <2757@bgsuvax.UUCP> <183@ndc.UUCP>
Reply-To: limes@sun.UUCP (Greg Limes)
Organization: Sun Microsystems, Inc.
Lines: 33

In article <183@ndc.UUCP> sgf@ndc.UUCP (Sharon Gates-Fishman) writes:
>I work on a diskless microVAX 2000, so I don't do my own system 
>administration, but I occasionally _must_ have su privledge (sp?).
>That happens when my system must be rebooted, so I have to do a
>shutdown.  Now, my system administrator _could_ walk around to
>every uVax in the building (we don't have all that many), and
>reboot them herself, but it's a lot easier for her to call me
>(and the other VaxStation folks) and ask me to do it myself.

Actually, this can be solved without giving the workstation owner the
root password. Generate a small script that allows specific actions to
be done, and wire it up to a maintenance login:

	maint::0:1:Maintenance Account:/:/usr/local/bin/maint

Now give "maint" a password only known by the workstation's owner. This
"maint" program can be as simple or as complex as the installation
wants.

For an even easier case -- I administer a small lab, containing eight
workstations and a server. Sometimes I have to reboot machines, and
frankly I would rather not stand there at the console waiting to log in
as root. The solution? A "yoyo" account:

	yoyo::0:1:Bouncer:/:/yoyo

with a script that runs /etc/fastboot, if and only if it is run from the
console and there is nobody else on the system. No password needed.

Generalize for your installation, tune for smoke.

-- redhead [limes@sun.com]
   for uucp, backbone!ucbvax!sun!limes