((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))

Corinna Vinschen vinschen at redhat.com
Sun Feb 16 03:53:17 EST 2003


On Fri, Feb 14, 2003 at 05:08:19PM -0600, Ben Lindstrom wrote:
> IF you have multiple uid=0 users you are doing stupid things.
> 
> I refuse to buy into the "But I want multiple uid=0 sers".  It is a load
> of bullshit.
> [...]
> There is only one 'superuser' account.. So it is acceptable and correct to
> bypass.

Ben, you *know* that's not exactly true.  On NT there's a superuser
group ("Administrators" on english versions) and there's an arbitrary
number of accounts which could be members of that group.  Even this
description doesn't completely cover the complexity of possible rules
used in NT systems and regardless of my own opinion, this is *fact*.
I don't think it's the correct way to deal with this by ignoring it.

That's the reason I already asked at least twice for changing all

	if uid == 0

or similar to

	if is_root(uid)

with is_superuser being system-dependent.

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com




More information about the openssh-unix-dev mailing list