Security/User Accounts question

From: William Skulley <skulleyw_at_yahoo.com>
Date: Mon, 23 Sep 2002 09:24:42 -0700 (PDT)

I have a requirement to give our local computer
security department accounts that have the capability
to view configuration information of our Tru64 5.1
boxes. I have negotiated an arrangement that we will
(change and) give them the root password upon specific
request only, but obviously I would prefer to minimize
their use of the root account/password. We do not use
sudo, nor do I see that it would really address the
problem at hand (if I am wrong, please edify).

My personal account has a primary group of system and
no secondary groups. Using my account, I cannot view
the contents of the /sbin/rc.x directories. To allow
the new computer security accounts to view the rc
directories without being root I gave their accounts a
primary group of system (to allow root) and a
secondary account of bin.

How awful is this configuration? I'm afraid I may
have opened up Mack truck sized holes. What is the
best way to meet the access requirements while
minimizing root usage? Security/Account lectures
and/or references, documents, best practices, etc
welcomed.

Thanks
Bill

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
Received on Mon Sep 23 2002 - 16:25:34 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:43 NZDT