->> Michael S. Hines wrote:
->>From time to time I note that people are doing routine work at root level.
->>This seems that it would pose a security risk... at least that an
->>accident could product disasterous results.
->
->>Shouldn't sysadmins have a "regular" account that they use most of the
->>time, and a "root" account that is only used for system administration?
->
->>This is true on the routers as well as clients and servers, I think.
->
->>Other opinions?
->
->Yes, That is the way CTOS works.
->CTOS is a unique (UNISYS) flavor of Unix - for those not familiar.
->It has no privleged requirements to run system services.
->Administrators use a confined level of access to do system work.
->If someone breaks into a service, there is no way for the "hacker"
->to gain system wide privledges - like there are on Root Unix services.
->If an admin wants to have access to "everything" s/he needs to use a
->special "volume" password. I believe, but can not confirm, that there
->are organizations using CTOS pentium boxes as firewalls. However, at
->present (and as far as I know) there is only limited access from a CTOS
->box to the internet, ie.. SMTP, FTP, Telnet (out), X Server. However,
->X windows application programers are working on this issue.
->
->___________________________________________________________________________
->Rodger Rossman |
->Unisys Network Administrator | R.ROSSMAN/ARSC @
cgsmtp .
comdt .
uscg .
mil
So how is hacking for the "volume" password any different than hacking for
the "root"? Sounds like the same ol' problem.
As for limited access by not having full internet functionality, I suppose
it would be safer by not being able to offer many of the standard services.
On that note... I'm switching my Sun SPARC firewall for a Casio BOSS! ;-)
If SMTP, FTP and telnet are only provided as client side processes I
don't see how X windows will provide a way for others to contact you...
With any security, that is. I suppose you could put up an X server and
let anyone send stuff to it, but this is hardly a replacement for SMTP,
FTP and telnet daemons.
+==========================---------------------============================+
\ Bill Burge burge @
qdeck .
com / Sys Admin, Postmaster, Newsmaster /
\ Developer Research \ Lead System Crasher /
\ Quarterdeck Office Systems / "Still crazy after all these years" /
+===========================================================================+
|
|
