[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: multiple root accounts



On Mon, 2006-03-06 at 18:08 -0600, Mikkel L. Ellertson wrote:
> Craig White wrote:
> > everyone else has suggested that you change the uid # in /etc/passwd to
> > 0 which may very well do what you want but there is another mechanism in
> > place...sudo which might be more in line with security...
> > 
> > an entry in /etc/sudoers like...
> > 
> > craig   ALL=(ALL) ALL
> > 
> > would do something similar but you would have to supply root password to
> > have root privileges.
> > 
> > if you did something like this...
> > 
> > Cmnd_Alias IPOD=/sbin/modprobe -r sbp2
> > Cmnd_Alias EJECT=/usr/bin/eject /dev/sda2,/usr/bin/eject /dev/sdb2
> > 
> > craig   ALL= NOPASSWD : IPOD, EJECT
> > 
> > then user 'craig' could do those specific commands without a password.
> > Suit yourself, it's your system but I would ***heavily*** recommend
> > against a real 'user' having a uid of "0"
> > 
> > Craig
> > 
> For added security, I would not use the NOPASSWD option. That way,
> craig would have to supply his password (not root's password) when
> he wants to run the commands. It gives added protection if you are
> called away, and someone else tries to run the commands.
----
perhaps but when he is assigning multiple users the uid of "0", it would
appear that security is not the primary motivator here.

Craig


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]