[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: duplicating root?
- To: Alex Shnitman <alexsh(at-nospam)hectic.net>
- Subject: Re: duplicating root?
- From: Alon Altman <alon(at-nospam)vipe.technion.ac.il>
- Date: Wed, 21 Mar 2001 15:48:39 +0200 (IST)
- Cc: linux-il(at-nospam)linux.org.il
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <20010321145554.D2233@mangodsp.com>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Wed, 21 Mar 2001, Alex Shnitman wrote:
> Hi, Nadav!
>
> On Wed, Mar 21, 2001 at 02:37:08PM +0200, you wrote the following:
>
> > But the more traditional way to solve your problem is to give each person
> > his own personal account, and when that person needs root-like privileges
> > he or she does "su".
>
> But then there's only one root password. I think the idea behind many
> UID 0 users is that you can give them different passwords, and then if
> you need to revoke root access from that person, you delete the
> account, and you don't need to bother everyone else with a new root
> password.
However, as previously mentioned, a better solution to the multiple-
password problem is using sudo(8) that enables users be root using their own
passwords, and enables root to change access by editing the sudoers file.
Note, however, that once a user has root, s/he can do anything on your
system, such as creating a backdoor for themselves and removing all evidence
from logs.
Alon
--------- if you cut here, you'll probably destroy your monitor ----------
This message was sent by Alon Altman (Psycho99@bigfoot.com) ICQ:1366540
The RIGHT way to contact me is by e-mail. I am otherwise nonexistent :)
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il