[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: multiple root passwords...



Michael K. Johnson wrote:

>It's certainly possible.  The typical way of doing this is to have multiple
>uid 0 accounts, each with the same uid, home dir, etc., but with a different
>name (lroot,fooroot,whateverroot) and password, and if desired, different
>shell and GECOS.  That way, all the info fits in the normal databases.

>However, your idea doesn't sound like a bad one, either.  More ideas: you
>can check (with getuid()) what user is doing the su and only allow the
>correct password for that particular user.  That is, you have an
>/etc/supasswd file that is mode 600, owner root, with
>username:cryptedpasswd
>pairs in it.  Your module looks up by getpwuid(getuid())->pw_name (of

i seem to miss the idea behind this. the motivation for multiple uid=0 accounts
or different passwords for different wheel users using pam_wheel seems to be
that the root users mistrust each other. if that is true, once uid=0 access
is gained, everything is open and one could do stuff as another wheel user.

if only su logging is required, pam_pwdb does it as Mike suggested.

sridhar.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []