Quote:
Originally Posted by ghostdog74
Any user with UID of 0 has superuser privilege, regardless of username.
|
The clearest point of all this discussion. I was agree with that initially.
Quote:
Originally Posted by Mr. C.
I said "convenience accounts"
|
Mr.C., I haven't still caught the
convenience explanation. Or does it mean just
switching between sh and csh by user name?
My estimates were built on my 9+ *Nix experience (not BSD, I've never used it). Thus, I know just one admin who renames root accounts, as he says, by force of habit (17years of nix experience, the age of R-commands...). Another one used it before, but gave up. But all others have never used renaming at all. That was the point of my statement.
I didn't mean two or more uid=0 - accounts there.
What about "not for this case", I bet this code
will work on the Suvra's box. User toor is in doubt in this situation, so checking for uid could allow
hacker with uid=0 to perform the operation. It'd probably be stronger to check for both uid and username. Looks funny?
If a system is compromised, such ways don't work at all.
BTW, I remember that
you said nothing about security...
And finally, Mr.C, sometimes you're trying to assure me of things I'm assured myself. So, let me express clearly my position.
I'm absolutely agree that uid=0 is more portable.
I'm agree that users should learn about UID/GID.
However, I'm afraid, Suvra has less than 25 nix experience, and he doesn't run some production server. So, I tried to make it easier, partially at the expense of some features which could never been used.
I'm agree about
sometimes working code. Code should work stable in
normal predefined conditions. However, there is no bug-free code in the world. Each program will fail in certain circumstances. Nevertheless, I agree that we should try to make it better.
I hope, it'll make the debates more constructive.