[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shared root account



On Fri, Jul 06, 2001 at 12:15:43PM +0300, Juha Jäykkä wrote:

Make multiple root-accounts. We for example have normal users
accounts and 3-5 root-accounts depending on machine. Just give
UID/GID to new user.

>   I have a bit of a situation: I have a handful of linux machines
> (almost all with different distributions and kernels and software -
> one hell to keep secure) and all the machines have different roots.
> These guys want to keep their root passwords (or at least the root
> privileges) so they can update their X/KDE/whatever when/if they feel
> like it but on the other hand, they would like to see someone (me)
> keep their machines secure - something they themselves do not have
> time (we all know keeping up security is a fulltime job). Obviously to
> install patches etc I, also, need root privileges.
>   This poses a problem if I am not to remember all those different
> root passwords and without making all the passwords the same! How can
> that _safely_ be accomplished? There are versions of su, sudo etc) that
> do not ask passwords, there are suid binaries but which is _THE_ way
> of accomplishing this? Presently there are only shared root passwords
> between the server admins but now we are trying to get the workstation
> security boosted up as well - being behind one firewall does not seem
> to be enough in an environment where a whole class B network is behind
> that one fw...
> 
> -- 
> 		 -----------------------------------------------
> 		| Juha Jäykkä, juolja@utu.fi			|
> 		| home: http://www.utu.fi/~juolja/		|
> 		 -----------------------------------------------
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
	ytti



Reply to: