One user ID for all users

[Kevin J. Burdish]

Hey gang!
The System Admistrator and the Application Developer here want to get
all users to log in with the same UNIX user ID for the application. This
would make their lives easier... In turn I'm sure this will make my life
harder (as it usually does!)
especially when trying to track down who has something locked etc. Can
someone give me the pros and cons of doing this?
I know Pro: we don't have to add and delete UNIX user id's every time a
new user wants to use the system.
and Con: It may not be possible to track down who has a lock on
something, who is using more resources etc.

I'm sure there is a lot more, but can anybody advise me on what they
have done??

Please respond to kevin_...@timeinc.com as well as to the newsgroup.

Thanks in advance!
Kevin

[Neil Truby]

>> > and Con: It may not be possible to track down who has a lock on
> something, who is using more resources etc.

It's not going to be desperately easy to enforce application security
either, is it?!

Kevin J. Burdish <kevin_...@timeinc.com> wrote in message
news:39FDC4C6...@timeinc.com...

[Carlos Benjamin]

--- "Kevin J. Burdish" <kevin_...@timeinc.com>

> wrote:
>Hey gang!
>The System Admistrator and the Application Developer here want to get
>all users to log in with the same UNIX user ID for the application. This
>would make their lives easier... In turn I'm sure this will make my life
>harder (as it usually does!)
>especially when trying to track down who has something locked etc. Can
>someone give me the pros and cons of doing this?
>I know Pro: we don't have to add and delete UNIX user id's every time a
>new user wants to use the system.
>and Con: It may not be possible to track down who has a lock on
>something, who is using more resources etc.
>
>I'm sure there is a lot more, but can anybody advise me on what they
>have done??
>
>Please respond to kevin_...@timeinc.com as well as to the newsgroup.
>
>Thanks in advance!
>Kevin

You could tell your sysadmin that you propose all users be allowed to log in as root, that way they won't have to administer anything and the users would have access to whatever they needed without having to be added to various groups and stuff like that.

==
Maintainer of the procrastinator's FAQ. Well, maybe tomorrow I will be.

_____________________________________________________________
Want a new web-based email account ? ---> http://www.firstlinux.net

Half.com the hottest site for DVDs, CDs & more! Get $5 off your 1st
purchase of $10 or more. http://ads.adflight.com/mach1.asp?a=19061&b=46867&c=3094

[Impy]

In article <8tks3k$1re$1...@news.xmission.com>,

How about if a user goes in and changes the password and forgets to
tell anyone?
Or how about if a user leaves and for security purposes the password is
changed. How do you get this info out in a timely manner to the
remaining users?

Sent via Deja.com http://www.deja.com/
Before you buy.

[Brett Geer]

Firstly, educate your admin, any attempt to make a program handle
UNIX security is not only silly but extremely dangerous.

UNIX security mechanisms are there for a reason, use them.

Rant aside, you can always do what our legacy stock control system does,
fire up the client and make the user login there, then it holds the
'user' in a variable.

However you will have endless trouble tracking locks down unless you
note the session id as a user connects and store that with the 'user'
variable..

Again, use the unix user-id option, much better idea.

brett

"Kevin J. Burdish" wrote:
>
> Hey gang!
> The System Admistrator and the Application Developer here want to get
> all users to log in with the same UNIX user ID for the application. This
> would make their lives easier... In turn I'm sure this will make my life
> harder (as it usually does!)
> especially when trying to track down who has something locked etc. Can
> someone give me the pros and cons of doing this?
> I know Pro: we don't have to add and delete UNIX user id's every time a
> new user wants to use the system.
> and Con: It may not be possible to track down who has a lock on
> something, who is using more resources etc.
>
> I'm sure there is a lot more, but can anybody advise me on what they
> have done??
>
> Please respond to kevin_...@timeinc.com as well as to the newsgroup.
>
> Thanks in advance!
> Kevin

--

-----------------------------------------------------------------
Brett's seventh law of UNIX administration...
People never get tired of calling support.
-----------------------------------------------------------------
Brett Geer - UNIX Admin/Analyst/Programmer - Intratex Holdings.
Tel. +27 31 717 4000 Direct. +27 31 717 4146
Fax. +27 31 717 4001
-----------------------------------------------------------------
Programming today is a race between software engineers striving
to build bigger and better idiot-proof programs, and the Universe
trying to produce bigger and better idiots....
So far, the Universe is winning.
-----------------------------------------------------------------

[Obnoxio The Clown]

From: Impy <wyn...@my-deja.com>

>
>In article <8tks3k$1re$1...@news.xmission.com>,
> be...@firstlinux.net wrote:
> >
> >
> > --- "Kevin J. Burdish" <kevin_...@timeinc.com>

> > > wrote:
> > >Hey gang!
> > >The System Admistrator and the Application Developer here want to get
> > >all users to log in with the same UNIX user ID for the application.
>This
> > >would make their lives easier... In turn I'm sure this will make my
>life
> > >harder (as it usually does!)
> > >especially when trying to track down who has something locked etc.
>Can
> > >someone give me the pros and cons of doing this?
> > >I know Pro: we don't have to add and delete UNIX user id's every
>time a
> > >new user wants to use the system.
> > >and Con: It may not be possible to track down who has a lock on
> > >something, who is using more resources etc.
> > >
> > >I'm sure there is a lot more, but can anybody advise me on what they
> > >have done??
> > >
> > >Please respond to kevin_...@timeinc.com as well as to the
>newsgroup.
> > >
> > >Thanks in advance!
> > >Kevin
> >

> > You could tell your sysadmin that you propose all users be allowed to
>log in as root, that way they won't have to administer anything and the
>users would have access to whatever they needed without having to be
>added to various groups and stuff like that.
>
>
>How about if a user goes in and changes the password and forgets to
>tell anyone?
>Or how about if a user leaves and for security purposes the password is
>changed. How do you get this info out in a timely manner to the
>remaining users?

Sorry, mate, I prefer Carlos's idea -- much simpler.

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.

[Impy]

In article <8tlti8$bp0$1...@news.xmission.com>,

Oh, well, if you're gonna take that tack how about we make all the
user's ceo of the company then they can...shudder, nevermind.

[Carlos Benjamin]

--- "Obnoxio The Clown" <obn...@hotmail.com>

> wrote:
>From: Impy <wyn...@my-deja.com>
>>
>>In article <8tks3k$1re$1...@news.xmission.com>,
>> be...@firstlinux.net wrote:
>> > You could tell your sysadmin that you propose all users be allowed to
>>log in as root, that way they won't have to administer anything and the
>>users would have access to whatever they needed without having to be
>>added to various groups and stuff like that.
>>
>>
>>How about if a user goes in and changes the password and forgets to
>>tell anyone?
>>Or how about if a user leaves and for security purposes the password is
>>changed. How do you get this info out in a timely manner to the
>>remaining users?
>
>Sorry, mate, I prefer Carlos's idea -- much simpler.
>

Yep. When I start my own company that'll be the tag line on all our literature and ad campaigns, "Simple ideas for simple minds." Either that or, "We do more things accidentally than most others can on purpose." You know, something to instill confidence.

[Carlos Benjamin]

--- Impy <wyn...@my-deja.com>

> wrote:
>In article <8tks3k$1re$1...@news.xmission.com>,
> be...@firstlinux.net wrote:
>>
>>
>> You could tell your sysadmin that you propose all users be allowed to
>log in as root, that way they won't have to administer anything and the
>users would have access to whatever they needed without having to be
>added to various groups and stuff like that.
>
>
>How about if a user goes in and changes the password and forgets to
>tell anyone?
>Or how about if a user leaves and for security purposes the password is
>changed. How do you get this info out in a timely manner to the
>remaining users?
>

Man! You come up with a great idea and some people just have to find fault with it. How am I supposed to maintain my positive attitude and creative flow when surrounded by such negativity?

[Impy]

Alright, Alright, I wasn't responding to you, good grief, I made a mistake
and replied on your response. I was answering the original question. He
asked for some thoughts on using one user id for multiple users.

I thought your idea had a lot of merit but also thought we should give the
user's CEO status, in addition to root access. That way in addition to
having access to whatever they wanted, they could fire the sysadmin, dba
and programmer's on a whim. Sound good?

"Carlos Benjamin" <be...@firstlinux.net> wrote in message
news:8tmm40$j60$1...@news.xmission.com...

[Jun Nolasco]

Which begs the the question: how do people implement security for
applications with 100 users? 1,000 users? 10,000 users?

Jun Nolasco

[Martin, Wayne E.]

permissions and roles come to mind....

Wayne E. Martin
Informix Database Administrator
Kmart Corp.

[Suji...@bankofamerica.com]

Kevin/Jun

In a past life, I had designed an access module that will allow all users of the
system to log in with the same Unix userid, but the access module will save the
user's sessionid in the database. When the user exited the application, the
record would be deleted.

HTH
Sujit

Jun Nolasco <nol...@inx.net> on 11/01/2000 07:43:31 PM

Please respond to Jun Nolasco <nol...@inx.net>

To: inform...@iiug.org
cc: