[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: multiple root passwords...



>> How about this instead?  su would simply check to see if the user is a
>> member of the rootadmin group and then optionally prompt for a rootadmin
>> password.  Access this way would be logged.  In fact, isn't there already
a
>> module that does this?  The wheel module I think.  (I've never used it; I
>> use sudo instead.)
>
>Does that method provide different passwords for different root users
though?
>My point being that there could be multiple admins that may only need
access
>for a certain amount of time.  For example when a contractor comes in to
help
>setup an ISP he might need root access for the month that he's working
there.
>With multiple root passwords you could then just take away his root access
>without disrupting any other roots on the system.


The idea was to create a non-root login for the admin, (therefore their
own private password) but give them access to root via su (or sudo).
Then su (or sudo) would log the access to root.  When it is time to stop
root access, then you delete the admin account or take away sudo or
su access.

The wheel module, I believe, was designed for use by su, and if the
user is a member of "wheel", then they are authenticated.

Scott




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []