Mike McCarty wrote:
Let me put it differently. Root's UID is 0 - suppose I change UID 0's
User Login to 'doorknob' - first, can this be done? Second, would I
have to create a new home directory called 'doorknob'? Third, are
there any implications, doing this, for other software and/or settings
in a Linux PC? Fourth - if this shouldn't be done, can a new user, say
UID 15, be created with all the same privileges as root, and can root
then be purged?
You may have as many user names associated with UID 0 as you like.
The home directories may be set independently as you like.
I would not "purge" UID 0, but I cannot think of how that would
conflict.
There is another problem resolving UID=0 to a name
Which name?
At one point I had "john" and "summer" with the same UID and it did not
work very well at all.
A really big flaw in Unix design is the fact one user has the inherent
ability to do everything, the fact that the Unix security model is built
round this.
The windows model is, to my mind better; where it falls down is the
implementation.
I used to be an MVS sysprog (20 years or so ago). The right/ability to
create new accounts was given to individuals (sure, they can create
users with any rights at all, but in fact there aren't many rights in
MVS, and on those machines people cared about security and implemented
audit trails).
Some of us sysprogs "owned" the system libraries, and it was the right
of ownership that gave us the ability to install/udate programs. And
they were protected by passwords and expiry dates, the latter requiring
intervention from operators to okay.
It was way more complicated than that, of course, but it helps
illustrate an alternative security model.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
