multiple root accounts
Craig White
craigwhite at azapple.com
Tue Mar 7 01:28:02 UTC 2006
On Mon, 2006-03-06 at 18:08 -0600, Mikkel L. Ellertson wrote:
> Craig White wrote:
> > everyone else has suggested that you change the uid # in /etc/passwd to
> > 0 which may very well do what you want but there is another mechanism in
> > place...sudo which might be more in line with security...
> >
> > an entry in /etc/sudoers like...
> >
> > craig ALL=(ALL) ALL
> >
> > would do something similar but you would have to supply root password to
> > have root privileges.
> >
> > if you did something like this...
> >
> > Cmnd_Alias IPOD=/sbin/modprobe -r sbp2
> > Cmnd_Alias EJECT=/usr/bin/eject /dev/sda2,/usr/bin/eject /dev/sdb2
> >
> > craig ALL= NOPASSWD : IPOD, EJECT
> >
> > then user 'craig' could do those specific commands without a password.
> > Suit yourself, it's your system but I would ***heavily*** recommend
> > against a real 'user' having a uid of "0"
> >
> > Craig
> >
> For added security, I would not use the NOPASSWD option. That way,
> craig would have to supply his password (not root's password) when
> he wants to run the commands. It gives added protection if you are
> called away, and someone else tries to run the commands.
----
perhaps but when he is assigning multiple users the uid of "0", it would
appear that security is not the primary motivator here.
Craig
More information about the users
mailing list