Today, Benjamin Scott gleaned this insight:
> On Tue, 20 Jun 2000, Kevin D. Clark wrote:
> > Yes, I understand the security implications here, but I'm telling you
> > that in my experience not giving an engineer the root password causes
> > more problems then it solves.
>
> Like anything else, I think it depends on what you're doing, and the
> environment in which you're doing it.
>
> If one is doing pure user-land application development on a shared machine,
> then I don't think one needs superuser access. On the other end of the
> spectrum (no pun intended), if you're working with low-level networking code
> on a dedicated workstation, I think you're justified in wanting the root
> password.
I still disagree. As I said in a private reply to someone else:
root access, yes. root password, no. Actually as Paul pointed out, sudo
can be used to provide any granularity of root access that is desired. We
regularly use it ourselves, despite actually having the root password.
This, at least, provides some accounting of what was done, in the event
that the user totally fscks up the workstation. Kinda analogous to
throwing yourself a bone, so to speak.
However, I would maintain that in a well-designed environment, you would
not be doing OS development on your "regular" desktop workstation... you
would have a lab workstation which does not do things like:
* Mount NFS directories
* participate in NIS
* have any other sort of network trust relationships.
For such a workstation, you can have the root password. Just don't ask
for my help when you fry it.
My answer to non-administrator (and in some cases even administrator) root
access is sudo. There is nothing you can't do as root with it, except
perhaps repair a sick machine if you can't boot past single user mode. But
at that point the administration staff should be involved anyway.
But also, there are many, many things that people often say they need root
access for, that they just don't. All it takes is an adjustment in the way
you think and/or work. In my 5 or so years working with Unix, I have only
seen ONE problem where a developer or engineer claimed to need the root
password of a production machine (including user desktops) that could not
have been solved another way (discounting sudo, which works for all
cases), that I can remember. And that involved debugging the kernel on our
production NFS server.
--
PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
