From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate.ufw2.com([216.163.19.158]) (2758 bytes) by braille.uwo.ca via smail with P:esmtp/D:aliases/T:pipe (sender: ) id for ; Mon, 23 Oct 2000 21:54:39 -0400 (EDT) (Smail-3.2.0.102 1998-Aug-2 #2 built 1999-Sep-5) Received: from [216.163.21.20] by gate.ufw2.com for speakup@braille.uwo.ca id UAA08081; Mon Oct 23 20:54:43 2000 Received: from hardb ([216.163.21.59]) by mail.ufw2.com (Build 101 8.9.3/NT-8.9.3) with SMTP id UAA01051 for ; Mon, 23 Oct 2000 20:55:16 -0500 Message-Id: <3.0.6.32.20001023205511.007d1db0@mail.ufw2.com> X-Sender: bharding@mail.ufw2.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Mon, 23 Oct 2000 20:55:11 -0500 Subject: Re: Root access (was RE: which prebuilt linux boxes seem to work best?) In-Reply-To: References: <3.0.6.32.20001022185041.007cfaa0@mail.ufw2.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: speakup@braille.uwo.ca From: Brent Harding List-Id: There's no securetty that'd work remotely, I'm sure because it doesn't allow you to use an ip address. I'm sure eth0 doesn't count, as it's not really considered a device file in /dev. I'm not fond of the idea of multiple root privileged users, especially if it's not really needed. At 05:08 PM 10/23/00 +1100, you wrote: >On Sun, 22 Oct 2000, Brent Harding wrote: > >> What access does the root group give? Setting up virtual hosts, or whatever >> involves a lot of access, depending which virtual service one is using, > >This would vary from system to system, depending on what files belong to >the root group and the permissions on those files. > >> unless there were a script out that I could be given access to to get all >> of it done that'd run as root. > >You could do this, but it'd be up to the sysadmin to do this. > >> Wouldn't it take the luck of the draw, for say the admin gives the access >> to /dev/pts/0 and someone else is logged in to that, so my connection could >> be pts/4 or 5 depending who's on? I'd some how have to move them to another >> device so I could get my privileges. > >Yes, which is why you wouldn't ever put a pts device in >/etc/securetty. And the sysadmin would still have to give out the root >account's password to you. In fact, if I were a sysadmin, I'd consider >clearing out /etc/securetty altogether so no one could login directly as >root, meaning that everyone would either have to know both a user name and >password and the root password, or have access to sudo as a user. Sounds >much more secure. > >Geoff. > > > > >-- >Geoff Shang >ICQ number 43634701 > > >_______________________________________________ >Speakup mailing list >Speakup@braille.uwo.ca >http://speech.braille.uwo.ca/mailman/listinfo/speakup > > >