[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: multiple root passwords...



Not to get too far into the absurd, but I do echo the idea that once I'm
uid 0 it's pretty much game over. In your example, I just install a
modified set of binaries which log the other root passwords, to get me
onto those systems, in addition to doing whatever I can in terms of
messing with the dns, /etc/exports or /etc/fstab to get myself
bootstrapped on the next machine.

But yeah, I'm sure there IS some specific scenario where this multiple
root password thing would be cool. I just can't think of one that doesn't
suffer from this sort of problem. =) Perhaps it's something as obvious as
we don't want our (mutually trusted) roots to write their various root
passwords down so we have them all pick root passwords (still unique per
machine mind you) that are good yet easily remembered by them. I remember
the last place I worked (Compu-Aid) when Ipicked the root's I thought they
were the easiest thing ever but when I let the next guy pick 'em I
(*blush*) was forced to write them down and learned them only after much
repetition.

jim

On Thu, 15 Apr 1999, Michael K. Johnson wrote:

> 
> gsri@cobaltnet.com writes:
> >i seem to miss the idea behind this. the motivation for multiple uid=0 accounts
> >or different passwords for different wheel users using pam_wheel seems to be
> >that the root users mistrust each other.
> 
> Not always precisely.  Sometimes it is a mangement issue.  For example,
> all root accounts might be valid on machine X, only a few on machine Y,
> and none on machine Z.  If you trust your users not to try to sniff for
> passwords and want to have each person only have to remember a single
> root password for all machines (so that they are less likely to write
> it down somewhere) multiple roots can be useful.
> 
> Clearly, multiple root accounts/passwords aren't any sort of panacea,
> but there are environments (my example was only an example, not the
> only reason you might want them) where they are appropriate.
> 
> michaelkjohnson
> 
> "Magazines all too frequently lead to books and should be regarded by the
>  prudent as the heavy petting of literature."            -- Fran Lebowitz
>  Linux Application Development       http://www.redhat.com/~johnsonm/lad/
> 
> 

-- 
"[T]hey said something to the effect that Linux has 'the tendency not to 
crash.' ... It's like me listing 'the tendency not to murder people' as one of
my good character traits. :-> It seems that people have grown so accustomed to
buggy OS's that when Linux simply does what it's supposed to do, it comes 
across as something new and different." Scott Webster on linux-biz 20 Feb 1999



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []