Re: FW: What goes where?
Re: FW: What goes where?
- Subject: Re: FW: What goes where?
- From: Jacques <email@hidden>
- Date: Mon, 3 Mar 2003 14:47:02 -0600
The way Apple handled the root account is probably OK in my view.
From an administrator's standpoint, root is not to be given freely, in
fact
not to be shared at all. In networked environments, that can be an
admin's
nightmare. On standalone machines, it is there for the using.
I don't recall liking having to reinstall workstations where a user,
having
grabbed the root password, proceeded to make a total mess -not all users
do this, just the ones in a hurry :-) -
I just haven't seen it as a problem, and is the answer to many a
manager's
requests of: Can't we do this without root?
-jacques.
On Saturday, March 1, 2003, at 07:20 PM, Dave Schroeder wrote:
[3] All unixes are different, and MacOS X is more so. Apple has
made some changes that just seem arbitrary (what's the point
of not having a "root" account?),
Ehh? Mac OS X has a root account; it is just disabled[1]. It can be
enabled any number of ways, most simply by setting a password for it
from any admin account:
sudo passwd root
But, why would you want or need this on the vast majority of Mac OS X
workstations? It's totally unnecessary.
You can do anything you would want or need to do, up to and including
giving yourself a full root shell, with 'sudo'.
The decision to ship with the root account disabled is not at all
arbitrary; it's in fact welcomed that Mac OS X does not need to have
the root account enabled. Having root disabled by default - and
keeping it disabled - is just one more "best practice" in Mac OS X
administration; one less privileged account's password that might be
exploited. Additionally, even on commercial and other UNIX systems,
it's much more desirable to use 'sudo' obtain privileged access to
commands, or for other tasks. Here, on the several hundred Solaris,
AIX, Linux, and other systems we manage, using root for anything after
the machine is set up is frowned upon; the root password is set to an
arbitrary string, sealed in an envelope, and locked away in case of an
emergency. Mac OS X, meanwhile, does not even need the root password
to be set at all for any administration tasks (with *extremely* rare
exceptions).
[1] Early in the days of Rhapsody and Mac OS X Server 1.x, the root
account password was set to the same as the original administrator
account's password. Today, the only machines that ship with root
enabled are the Xserve, where it is set to the first 8 characters of
the machine serial number. Having some fully privileged account is
necessary for full headless setup.
Regards,
Dave Schroeder
University of Wisconsin - Madison
---
/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
_/
/_/ Jacques Brierre
email@hidden /_/
/_/ Please avoid sending me Word or PowerPoint attachments. /_/
/_/ See http://www.fsf.org/philosophy/no-word-attachments.html /_/
/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
_/
_______________________________________________
x11-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/x11-users
X11 for Mac OS X FAQ: http://developer.apple.com/qa/qa2001/qa1232.html
Report issues, request features, feedback: http://developer.apple.com/bugreporter
Do not post admin requests to the list. They will be ignored.