From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gshang10@scu.edu.au>
Received: from axis.scu.edu.au(wwwproxy.scu.edu.au[203.2.32.1]) (2323 bytes)
 by braille.uwo.ca
	via smail with P:esmtp/D:aliases/T:pipe
	(sender: <gshang10@scu.edu.au>)
	id <m13nffj-0013vsC@braille.uwo.ca>
	for <speakup@braille.uwo.ca>; Mon, 23 Oct 2000 07:21:43 -0400 (EDT)
	(Smail-3.2.0.102 1998-Aug-2 #2 built 1999-Sep-5)
Received: from alsvid.scu.edu.au (alsvid.scu.edu.au [203.2.33.1])
	by axis.scu.edu.au (8.9.1a/8.9.1) with ESMTP id VAA27138
	for <speakup@braille.uwo.ca>; Mon, 23 Oct 2000 21:21:41 +1000 (EST)
Received: from data.home (mail@annex6.scu.edu.au [203.2.32.106])
	by alsvid.scu.edu.au (8.9.2/8.9.2) with ESMTP id WAA01926
	for <speakup@braille.uwo.ca>; Mon, 23 Oct 2000 22:21:40 +1100 (EST)
Received: from geoff by data.home with local-esmtp (Exim 3.12 #1 (Debian))
	id 13namQ-0004p8-00; Mon, 23 Oct 2000 17:08:18 +1100
Date: Mon, 23 Oct 2000 17:08:18 +1100 (EST)
From: Geoff Shang <gshang10@scu.edu.au>
To: speakup@braille.uwo.ca
Subject: Re: Root access (was RE: which prebuilt linux boxes seem to   work
 best?)
In-Reply-To: <3.0.6.32.20001022185041.007cfaa0@mail.ufw2.com>
Message-ID: <Pine.LNX.4.21.0010231701390.1519-100000@data.home>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
List-Id: <speakup.linux-speakup.org>

On Sun, 22 Oct 2000, Brent Harding wrote:

> What access does the root group give? Setting up virtual hosts, or whatever
> involves a lot of access, depending which virtual service one is using,

This would vary from system to system, depending on what files belong to
the root group and the permissions on those files.

> unless there were a script out that I could be given access to to get all
> of it done that'd run as root.

You could do this, but it'd be up to the sysadmin to do this.

> Wouldn't it take the luck of the draw, for say the admin gives the access
> to /dev/pts/0 and someone else is logged in to that, so my connection could
> be pts/4 or 5 depending who's on? I'd some how have to move them to another
> device so I could get my privileges.

Yes, which is why you wouldn't ever put a pts device in
/etc/securetty.  And the sysadmin would still have to give out the root
account's password to you.  In fact, if I were a sysadmin, I'd consider
clearing out /etc/securetty altogether so no one could login directly as
root, meaning that everyone would either have to know both a user name and
password and the root password, or have access to sudo as a user.  Sounds
much more secure.

Geoff.




-- 
Geoff Shang <gshang10@scu.edu.au>
ICQ number 43634701