[log in to unmask] writes:
on Aug 7, Larry boyd wrote:
(big snip)
> However, I have seen in larger shops that the System Manager was not
> allowed OP
Now there's an interesting approach to system security, the "system =20
manager"
can change every password on the system (and lots of other really "neat"
things), but he can't perform operator functions!
Of course, the SM can grant himself OP. In fact, any AM user in an =20
account with SM (like SYS) can grant himself SM or any other CAP that the =20=
=20
account has... You have to re-logon for the change to be effective.
I wonder how the SM in the shops mentioned by Larry apply Patches or load =20=
=20
software. Assuming they follow the rules, they must have an operator =20
standing by to REPLY to the tape requests.....
Carl Hughes =20
[log in to unmask]