Re: sudo questions

[berenger.morel@neutralite.org]

Le 16.08.2013 16:03, Jerry Stuckle a écrit :
> On 8/16/2013 8:31 AM, berenger.morel@neutralite.org wrote:
> > Le 15.08.2013 04:11, Richard Hector a écrit :
> > > By using su, with root's password, that means everyone who has root 
> > > has
> > > full root and knows the same password, so that will have to be 
> > > changed
> > > if they are to be blocked, which means communicating the new 
> > > password to
> > > all the required users.
> >
> > I apologize, but I think that this statement about everyone with 
> > root
> > access having the same password is wrong.
> > You can just create an root account for every people with root 
> > access,
> > giving them the ID 0 and you will not need to communicate highly
> > sensitive passwords.
>
> Which would be a major security risk.  You do NOT want a bunch of ids
> with root privileges.  Nor do you want anyone but the system
> administrator (and backup) to have full root access to the system.

Why would it be worse than a shared admin account? For the shared 
account, I can easily understand why it's not something to do, but I can 
not see the problem with multiple "root" accounts?
(I did not said that the admins should use them for daily tasks, just 
that it was possible to use that to avoid changing a password when 
someone lost his rights.)