With access to /etc/shadow, getting a user's password is a simple perl one-liner. I have seen places that create super-user accounts and only high-level people like VP's and the CTO/CEO have the actual root user password. They wrote a little utility similiar to sudo that runs any command as root but any files with only root bits are denied. Needless to say, the admin turnaround their was an average of 6 months. (I lasted a miserably seven, but this was right at the beginning of the market slump)
-CC > > On Thu, Jan 03, 2002 at 06:04:41PM -0400, Rob Wolfe wrote: > > I am a DBA by trade and don't do THAT much sysadmin work (mostly HP/UX > > anyway) but isn't it a questionable security policy for sysadmins to have > > the actual passwords for users? I would think that it is a little more > > normal to have an admin account that can change the password when it is > > buggered up and then put an immediate expire on the password so that on > > next login it must be changed by the owner of the account. > > In a word, yes. > > Cheers, > -- > Dave Ihnat > [EMAIL PROTECTED] > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
