On Tue, Jun 20, 2000 at 09:04:46PM -0400, Derek Martin
<[EMAIL PROTECTED]> wrote:
> Today, Bob Bell gleaned this insight:
> root access, yes. root password, no. Actually as Paul pointed out, sudo
> can be used to provide any granularity of root access that is desired. We
> regularly use it ourselves, despite actually having the root password.
> This, at least, provides some accounting of what was done.
sudo is not always available...
> However, I would maintain that in a well-designed environment, you would
> not be doing OS development on your "regular" desktop workstation... you
> would have a lab workstation which does not do things like:
>
> * Mount NFS directories
> * participate in NIS
> * have any other sort of network trust relationships.
Yes, I normally work on designated workstations, although I do
muck with my own machine from time to time (we like to try to sleep in the
bed that we've made). However, in my environment I do more than just
test kernels. I may actually need to check NFS directories, try
different NIS setups, etc. Having an entire test network set up could
get quite expensive.
I also never quite know what I am going to need to do next. This
makes it hard to just grant certain priveleges. It would be a *huge*
damper on productivity if I had to ask for permission each time I
needed to try something different as root. And what would be the
point of using sudo to grant full access to everything?
> My answer to non-administrator (and in some cases even administrator) root
> access is sudo. There is nothing you can't do as root with it, except
> perhaps repair it if you can't boot past single user mode. But at that
> point the administration staff should be involved anyway.
Umm, I often can't boot past single user mode. Yes, I can hose my
machine that much. In fact, recently I've been doing it
intentionally, as I've been working on a cluster recovery script. I
need to be able to reinstall the OS from CD. I'm going to grab some
administrator and get him to type something in when it asks for the
root password? Ridiculous!
--
Bob Bell Compaq Computer Corporation
Software Engineer 110 Spit Brook Rd - ZKO3-3/U14
TruCluster Group Nashua, NH 03062-2698
[EMAIL PROTECTED] 603-884-0595
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
