On Wed, 2 Oct 2002, just me wrote:
In an environment where every sysadmin is interchangable, and any one of them can be woken up at 3am to fix the random problem of the day, you tell me how to manage 'sudoers' on 4000 machines.
In an situation where the team needs root; all per-admin UID 0 accounts add is accountability and personalized shells/environments.
Sorry to ruffle your dogma.
Have I missed something here? It seems to me having multiple uid 0's would do no good. Can't a UID 0 user change the password of any other user. Wouldn't a malicious uid 0 user just change the regular root password? How does this add any additional layer of accountability. A uid 0 user can erase the logfiles, unless they are immutable and you are in secure mode. Jason -- Jason Slagle - CCNP - CCDP /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . X - NO HTML/RTF in e-mail . / \ - NO Word docs in e-mail .