user with root priviledge
Jeff Vian
jvian10 at charter.net
Mon Apr 19 16:48:13 UTC 2004
Björn Persson wrote:
>>> Our Windows solution is to create two administrator-capable
>>> accounts. How
>>> can we best do the same with Linux machines?
>>
>
> I may be wrong but I think it's possible to have several user names
> with user ID 0.
>
> Keven Ring wrote:
>
>> Third, too many "system administrators" [read: ROOT USERS] are likely
>> to cause more headaches than it is worth.
>
>
> If more than one person needs root access, and a few selected commands
> through sudo isn't enough, then surely it's better to have multiple
> root accounts that to share a password.
>
> Björn Persson
>
I disagree!
Here is a situation where this does not make sense, and the use of sudo
does make sense
1. Multiple users with root authority.
john, bill, and sam
one of these 3 happens to get mad/upset/frustrated/careless
This user (lets say john) logs in and runs some commands that are very
destructive to the system
(have you ever heard of "rm -rf /" being run????)
All three users actions are recorded as being done by root, thus no way
to track who did what or when.
The analysis of the problem shows that "root" did some
dumb/careless/harmfull things to the system.
Who is responsible????? Answer: one of the above
2. One closely guarded root account with multiple users allowed the same
access with sudo.
again, users john, bill, and sam (but none of these users know the
root password)
The same user decides to do the dirty deed he did in the above scenario.
Sudo actions are logged by user name, the user only has limited
privledges when not using sudo.
John now uses sudo to do his dirty work, and it is logged by user
name/time/command
Analysis shows john did the nasty deed.
Who is responsible????? Answer: john.
3. An additional valid argument against allowing users to routinely log
in and function as root is that a single careless keystroke can take the
system completely down and cost you (or the company) thousands or even
millions in doing recovery and possible lost business or sales.
All system administrators have at some time done something they wished
they hadn't, and if they were not logged in as root the results would
likely be harmless. After all, "joe user" cannot delete all the files
in /usr. However, "root" can do just that.
Bottom Line:
Sudo can give any chosen user the right to take whatever actions he/she
is allowed without compromising the root password, and also logs what
actions that user actually takes. It does this without compromising the
security of your data/applications that could result from a careless
action of a root user.
Remember, when something bad happens, an explaination is due. Logs
provide a means of identifying who/what/when happened. The root user
(and anyone with his privledges) has free rein to do anything without
having his actions logged. Sudo provides the same freedom but adds the
logging of who/what/when.
More information about the fedora-list
mailing list