Date: Mon, 7 Jan 2002 15:05:24 +0000 (GMT) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Cliff Sarginson <cliff@raggedclown.net> Cc: FreeBSD-questions <FreeBSD-questions@FreeBSD.ORG> Subject: FYI Re: Can I rename root? Message-ID: <Pine.GSO.4.31.0201071459050.20828-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <20020107143958.GA2968@raggedclown.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 7 Jan 2002, Cliff Sarginson wrote: > On Mon, Jan 07, 2002 at 03:07:45PM +0100, Roman Neuhauser wrote: > > Truth is that telling someone to do or to avoid something, not > > telling them why (giving an example), turns the advice into a dogma, > > and I don't think that's very useful. > Does it ? Yes; that's what "cargo-cult" sysadmin is all about. Slightly more on-topic: the notion of "root" is (very, very slowly) going away - see Trusted Solaris ferinstance. TrustedBSD is working on much the same kind of thing - "fine-grained system capabilities". FS ACLs might be a more obvious output of the project, but the notion is that instead of a single "superuser" account, core system admin roles may be split amongst accounts. Thus you would be able to have, say, a security event auditor who could review audit logs, but with little or no other privileges; and (in a simple scenario) a lower-powered "root" who could do everything else _except_ modify their audit trail. This is, however, some time away from FreeBSD-STABLE (maybe in 5.0?*). > End of thread. jan * that's speculation. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk That which does not kill us goes straight to our thighs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.31.0201071459050.20828-100000>