Path: utzoo!utgpu!water!watmath!clyde!att!cbnews!lvc
From: lvc@cbnews.ATT.COM (Lawrence V. Cipriani)
Newsgroups: comp.unix.questions
Subject: Re: Workstations:  good reasons for owner root access
Message-ID: <887@cbnews.ATT.COM>
Date: 17 Aug 88 22:56:45 GMT
References: <8338@smoke.ARPA> <2757@bgsuvax.UUCP> <183@ndc.UUCP> <25952@think.UUCP>
Reply-To: lvc@cbnews.ATT.COM (Lawrence V. Cipriani)
Organization: AT&T Bell Laboratories, Columbus
Lines: 20

In article <25952@think.UUCP> barmar@kulla.think.com.UUCP (Barry Margolin) writes:
>Why not just make shutdown setuid root, and executable only by a group
>of which you are the sole member?

/etc/shutdown is a script, but can be worked around.  One other thing that
must be done is to stay out of single user mode.  If you go to single user
from multi-user the user is made root.

>These are the kinds of tools someone was referring to when he said
>that in a well-designed system you should rarely need to use "su".
>"su" should only be for unusual circumstances.  Users shutting down
>their workstations is not unusual, so there should be a standard tool
>for it.

Indeed.  Isn't it rediculuous that the most mudane operations (backup,
recover, creating users, etc.) on a eunuchs computer require the most
powerful permissions possible.  Sheesh.

-- 
Larry Cipriani, AT&T Network Systems, Columbus OH, (614) 860-4999