[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Re: Root user



[Steffen Dettmer]

> * Francois Pinard wrote on Wed, Jul 09, 2003 at 10:03 -0400:
> > I once used to have a `root' and a `root2', both having uid 0 in
> > `/etc/passwd', and I used this for quite a while, and do not remember
> > any adverse effect.  

> What does this help?

Someone wrote that this was not to be recommended, yet without giving real
reasons against it.  I just wanted to say that any recommendation should be
backed by some justification.  In my case, I had good reasons to use `root'
and `root2', and saw nothing wrong with it for the time I needed it.

So far in this thread, I did not see a convincing justification yet, for
avoiding two accounts with the same UID.

> It would be interesting to know, "what root" e.g. changed or created a
> file, but as you stated, this is not possible this way.

If there is indeed a need to know, then of course, having two accounts for
the same UID is not acceptable.  That need does not necessarily exist.

> I think this may introduce some confusion (without any positive effect I
> can see) - which I would not recommend.

Or maybe, it just does not introduce any confusion for those needing it.

> Maybe this is a reason: KISS (keep it simple, stupid) is a little violated
> by such a configuration (which I would call uncommon and missleading,
> maybe).

Uncommon, I agree.  But maybe not misleading at all.  I do not think that if
someone knows what s/he is doing (and why!), there is a real problem.

This thread is a bit amusing, as some correspondents try to guess "why", but
do not necessarily guess correctly.  They then reply to their own guesses...

-- 
François Pinard   http://www.iro.umontreal.ca/~pinard

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here