[Top] [All Lists]

Re: [nv-l] Root Authority

To: nv-l@lists.tivoli.com
Subject: Re: [nv-l] Root Authority
From: "Leslie Clark" <lclark@us.ibm.com>
Date: Thu, 27 Jun 2002 22:02:00 -0400
Now why would I tell them that? ;)
Really, I think the point of that maneuver is to protect the
root password. The other uid 0 users don't need to know
the password used for root by the system administrator.
I guess it all depends on what they are paranoid about.


Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking

                      "Gavin Newman"                                            
                      <NEWMANGJ@banksa.        To:       
                      com.au>                  cc:                              
                                               Subject:  [nv-l] Root Authority  
                      06/27/2002 07:05                                          


In your second paragraph you say that sites add a "non-root user with a uid
of 0"

They should be aware that it is not the name "root" that has the magic
powers but the uid number 0. You can have any number of names, each with a
UID of 0, and they all have "root power" so if the sites you refer to think
they have circumvented the root "problem" then they are probably in for a

Cheers - Gavin

>>> "Leslie Clark" <lclark@us.ibm.com> 27/06/2002 21:27:07 >>>
Of the one hundred or so sites where I have implemented Netview, I have
encountered only three that absolutely would not give root to the Netview
administrator. In all three cases those customers followed a policy of
pushing out a common /etc/passwd file to all AIX systems, so a common
root password was in use for all systems.  Not a fashionable approach,
but not all that uncommon.

Some sites add a non-root userid with an effective uid of 0, allowing
most function without the user needing to know root's password. I have
not seen this lately and don't know what the limitations might be if any.
The sudo approach is pretty common and seems to work well.

Many sites with strict AIX support teams simply opt out of AIX support.
They would rather go it alone than put up with the delays involved in
getting someone to come over and type something in for them.

I personally always put it right in the contract that I will have root
while I am onsite implementing Netview. Time is money, after all.


To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com

This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web