SUMMARY: user with root priv.

From: Ruben Ruiz (rruiz@spin.com.mx)
Date: Sat Feb 04 1995 - 21:07:21 CST


   Hi Sun Managers!

   Many thanks for your responses. I left the question just a couple of
days ago and i have allready a bunch of responses! Thanks! My original
question follows:

>
> Hi Managers!
>
> I have just been asked to add a user to the system that should have
> the same privileges as root. The first thing i thought was to add a user
> with the group id 0 (root), but that doesn't work. Any ideas are more
> than wellcome.
>
> Thanks!
>
> Ruben Ruiz
> Inttelmex
> rruiz@spin.com.mx

   Many Managers pointed me the risks involved in giving root access to
other users. They also pointed me that i might be able to figure out what
the user was trying to do in order to take another way to do it rather
than giving him root access. Well, I was asked by my boss to have another
user with root privileges just to have that userid and password in a safe
since the information we have in our servers is very important and i am
the only one that knows the root password. One possible solution would be
to give him the root password, but i keep changing this password for
security reasons at least once a month. He told me "I would'nt like it to
happen, but if you have an accident and we don't have the root password,
nobody else is going to be able to log into the computers and do system
administration."
   
   Mainly, the responses i got suggested me to add a user with uid 0, but
i must say that almost everybody who told me that, also pointed that it was
not a very good idea. Also, i got some messages about getting a program
called sudo which would allow users to perform tasks with root privileges.
I also got a message that suggested me to get the GNU su command and
modify it to check on the $USER, uid and gid, and then allow the user to
su to root without prompting for a password.

   I am going to add that other user with uid 0 and then give that password
(which will not be changed periodically) to my boss. BUT, i will ask him
(as someone pointed me) to sign a paper where he removes responsability from
me for the security of the information, since now he is going to be able to
log to the computer with root privileges and do whatever he want's. I would
not ask him to do that, but he just came to the company one week ago and i
do not know him.

   Many thanks to all who replied:

"Tino W. Dai" <oberoc@chartres.ee.tulane.edu>
Sandeep Suryavanshi <ssuryava@cvimail>
"Harry H. Sun" <Harry.H.Sun@jupiter.cc.gettysburg.edu>
Tony Morgan <tonym!tonym@eng.dowjones.com>
Gary Richardson <Gary.Richardson@proteon.com>
Michael Covington <covingto@msmary.edu>
Tom Plesha <tap116@nocc.minsy.navy.mil>
"The best things in life ... are fantasy." <HRSVENER@hrs.gsfc.nasa.gov>
Danny Johnson <danny@esaserv1.dseg.ti.com>
"Michael G. Harrington" <mgh@bihobl2.bih.harvard.edu>
james mularadelis <jamesm@matrix.newpaltz.edu>
Mike Blandford <mikey@truman.lanl.gov>
Richard Pieri <ratinox@unilab.dfci.harvard.edu>
Dan Penrod <penrod@whiplash.er.usgs.gov>
Pamela Pledger <pamela@jupiter.Legato.COM>
Steve Ozoa <sozoa@atmel.com>
Paulo Licio de Geus <paulo@dcc.unicamp.br>
Tom Orban <orban@advtech.uswest.com>
John Stanley <stanley@oce.orst.edu>
Michael Thibodeau x3716 <miket@ice9.HQ.ileaf.com>
Jon Howell <jonh@hitl.washington.edu>
Dave Fetrow <fetrow@biostat.washington.edu>
Kevin Sheehan {Consulting Poster Child} <Kevin.Sheehan@uniq.com.au>
George Pallas <gpallas@freenet.columbus.oh.us>

    Ruben Ruiz
    Inttelmex
    Unix System Administrator and
    Informix Data Base Administrator.
    rruiz@spin.com.mx



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:15 CDT