Re: [tlug] on root logins (1)

[Uva Coder <uva.coder@example.com>]

On 12/28/05, Michael Reinsch <mr@example.com> wrote:
>
> But actually my statement was a bit broader. There are more mistakes you
> can make which can compromise the security of the system or the user's
> privacy than simply wipe the system. One advantage of those "wiping the
> system" type of mistakes is also that they are obvious... not all
> mistakes are this obvious.
>
> So I'm still not convinced that giving an administrator more rights in a
> general way as you described (adding his user to the sys group *1) is a
> good idea. In my opinion, an administrator should be required to
> deliberately switch to a status with more rights (*2) for a certain
> task, instead of having those rights all the time.

I agree. Don't use the sys user all the time. And the other extreme of
limiting users can be done through control of groups as I see it.

<digress>
Plan 9 has come a long way toward the idea of defining the
environment, then give the regular users the userland.

For the security conscious, I recommend reading
http://plan9.bell-labs.com/sys/doc/auth.html  Here's an excerpt for
the lazy:
"The security architecture of the Plan 9 operating system [Pike95] has
recently been redesigned to make it both more secure and easier to
use. By security we mean three things: first, the business of
authenticating users and services; second, the safe handling,
deployment, and use of keys and other secret information; and third,
the use of encryption and integrity checks to safeguard communications
from prying eyes."
</digress>