((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Corinna Vinschen
vinschen at redhat.com
Sun Feb 16 03:53:17 EST 2003
On Fri, Feb 14, 2003 at 05:08:19PM -0600, Ben Lindstrom wrote:
> IF you have multiple uid=0 users you are doing stupid things.
>
> I refuse to buy into the "But I want multiple uid=0 sers". It is a load
> of bullshit.
> [...]
> There is only one 'superuser' account.. So it is acceptable and correct to
> bypass.
Ben, you *know* that's not exactly true. On NT there's a superuser
group ("Administrators" on english versions) and there's an arbitrary
number of accounts which could be members of that group. Even this
description doesn't completely cover the complexity of possible rules
used in NT systems and regardless of my own opinion, this is *fact*.
I don't think it's the correct way to deal with this by ignoring it.
That's the reason I already asked at least twice for changing all
if uid == 0
or similar to
if is_root(uid)
with is_superuser being system-dependent.
Corinna
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
More information about the openssh-unix-dev
mailing list