user with root priviledge

Jeff Vian jvian10 at charter.net
Mon Apr 19 16:48:13 UTC 2004 


Björn Persson wrote:

>>> Our Windows solution is to create two administrator-capable 
>>> accounts.  How
>>> can we best do the same with Linux machines?
>>
>
> I may be wrong but I think it's possible to have several user names 
> with user ID 0.
>
> Keven Ring wrote:
>
>> Third, too many "system administrators" [read: ROOT USERS] are likely 
>> to cause more headaches than it is worth.
>
>
> If more than one person needs root access, and a few selected commands 
> through sudo isn't enough, then surely it's better to have multiple 
> root accounts that to share a password.
>
> Björn Persson
>
I disagree!

Here is a situation where this does not make sense, and the use of sudo 
does make sense

1. Multiple users with root authority.
    john,     bill,  and   sam

one of these 3 happens to get mad/upset/frustrated/careless
This user (lets say john) logs in and runs some commands that are very 
destructive to the system
       (have you ever heard of "rm -rf /" being run????)
All three users actions are recorded as being done by root, thus no way 
to track who did what or when.
The analysis of the problem shows that "root" did some 
dumb/careless/harmfull things to the system.

Who is responsible?????       Answer: one of the above

2. One closely guarded root account with multiple users allowed the same 
access with sudo.
    again,   users john, bill, and sam (but none of these users know the 
root password)

The same user decides to do the dirty deed he did in the above scenario.
Sudo actions are logged by user name,  the user only has  limited 
privledges when not using sudo.
John now uses sudo to do his dirty work, and it is logged by user 
name/time/command
Analysis shows john did the nasty deed.

Who is responsible?????    Answer:  john.


3.  An additional valid argument against allowing users to routinely log 
in and function as root is that a single careless keystroke can take the 
system completely down and cost you (or the company) thousands or even 
millions in doing recovery and possible lost business or sales.

All system administrators have at some time done something they wished 
they hadn't, and if they were not logged in as root the results would 
likely be harmless.  After all, "joe user" cannot delete all the files 
in /usr. However, "root" can do just that.


Bottom Line:
Sudo can give any chosen user the right to take whatever actions he/she 
is allowed without compromising the root password, and also logs what 
actions that user actually takes.  It does this without compromising the 
security of your data/applications that could result from a careless 
action of a root user.

Remember, when something bad happens, an explaination is due.  Logs 
provide a means of identifying who/what/when happened.  The root user 
(and anyone with his privledges) has free rein to do anything without 
having his actions logged.  Sudo provides the same freedom but adds the 
logging of who/what/when.

More information about the fedora-list mailing list