[ On Monday, January 14, 2002 at 20:47:15 (-0500), dman wrote: ]
> Subject: Re: [Exim] Root is user in Envelope
>
> On Mon, Jan 14, 2002 at 02:16:21PM -0500, Greg A. Woods wrote:
>
> | The usual problems with having multiple superuser accounts is that
> | there's really only one from the kernel's perspective (user-names are
> | not used in the kernel, only the magic number zero),
>
> This is a problem not only with UID '0', but with any UID. If you
> want to see this in action, make two entries in /etc/passwd with 2
> unique names and 1 UID. Make the first name "name1" and the second
> "name2".
Indeed it is, but no other UID is the superuser and with the way most
people treat their systems security the only user-ID where
accountability is important is #0.
> Now use 'visudo' to give "name2" the right to run some command as
> another user. Login as "name2", run "sudo <command>" and you will be
> told that "name1" doesn't have permission.
Using "sudo" is a good way to lose all of your ability to determine
accountability.
--
Greg A. Woods
+1 416 218-0098; <gwoods@???>; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>