-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 Hello John, Sunday, September 22, 2002, 6:22:11 PM, you wrote: JMB> I have question for the security community on NANOG. JMB> What is your learned opinion of having host accounts JMB> (unix machines) with UID/GID of 0:0 I'm not sure my opinion is learned, but I would say it is a bad idea. The vast majority of users do not need all of the privileges that root access provides. The reason that *nix systems have different users and groups is to give them different levels of access. In addition, if there are specific programs that need to be run by a user which require root access and administrator can use sudo (http://www.courtesan.com/sudo/) to give faux root access, without having to divulge the root password. JMB> The argument is that way you don't hav to give out the root password, JMB> you can just nuke a users UID=0 equiv account when the leave and not JMB> have to change the real root account. That is an invalid argument for three reasons: 1. As soon as a user leaves an organization, their accounts should be deleted -- that should be SOP at all companies. If you do not allow the root account to connect directly (ie you cannot SSH to the server directly as root -- you have to connect as another user and su) when you delete the user's account they cannot gain root access. 2. You should be rotating your root password often enough that users would be accustomed to a password change. 3. The only users who should be able to gain root access to a system are those in the root wheel, at the very least accounts in the root wheel should be monitored closely and rotated in and out of the wheel as necessary. Hope this helps. allan - -- Allan Liska allan@allan.org http://www.allan.org -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUAPY5Jl3+n87oa5a9VAQHB+AQAhv2sIrAqs0HPUqYPWKxFheDk97lya1fs fS9XZ07mJ+M0Lds0PzDC8k2GL8T8hQrOaCeMckkE9+ssP5SuqVY/bZqGGsltkz79 o7/lT24BE+lpLFXVYddFQaUa9DH1i1wDtpigBxY1PJI014ZRViSS51ydz1X8RBvQ 4Zprc4g6tGo= =Y2iu -----END PGP SIGNATURE-----