If security is the issue, sudo is the answer.  If you are concerned about
the root account being somehow damaged so you can't log in that way (or
somebody changes the password on you), you could create another superuser
account.  In any event, you should always be prepared to boot the system
from CD in case the /etc/passwd file somehow gets erased (makes it really
tough to log in).  You can also reset the root password thereby.



_____________________________
William Mansfield
Senior Consultant
Solution Technology, Inc





brian welsh <brianwelsh3 AT HOTMAIL DOT COM>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
04/10/2002 09:07 AM
Please respond to "ADSM: Dist Stor Manager"


        To:     ADSM-L AT VM.MARIST DOT EDU
        cc:
        Subject:        root or sudo


Hello,

I have a question about the root-account. We have 1 NSM-server (TSM on
AIX,
rs6k H70) and for some jobs our TSM-administrator have to log in into AIX
for stop and start TSM, varyoff the ADSMVG during mksysb, varyon after
mksysb, sometimes reboot and so on.

Now we use the root account, but we know it's better to not use the root
account.

I guess there are two scenario's:
Besides the root-account we create another very powerfull user to do the
jobs as describes above. We let the root-account rest, and work with the
new
account. Pro: when something went wrong with the new account, we always
have
the root-account.

Second. We create a kind of 'read'-account and if we have to do something
on
the system as root we use sudo. Is it necessary to have, besides root,
another (sleepy) powerfull account.

Any information is appreciated.

Thanx,

Brian.

_________________________________________________________________
Chat on line met vrienden en probeer MSN Messenger uit:
http://messenger.msn.nl