Multiple Root ID's considered evil?
paul at uxc.cso.uiuc.edu
paul at uxc.cso.uiuc.edu
Sun Sep 17 05:24:00 AEST 1989
Re: multiple su accounts:
By and large we don't use them here. The exception is for people like me
who act as floating fire-fighter and network cowboy on several systems.
Keeping track of the root password on machines administered by different
people isn't possible w.o. writing them down. By having an individual su on
those machines (with a strong password that's regularly changed) I can
fix problems w.o. tracking down the sysadmin. All of our systems allow
direct root login from the console only.
The Next machine has a good idea: anyone in group 0 may su using their own
password. The key here is to make sure those people pick good passwords.
Once someone no longer needs root access, simply edit /etc/group to remove
their user-id from the 0 group.
Paul Pomes
Univ of Illinois, CSO
More information about the Comp.unix.wizards
mailing list