Date: Thu, 10 Oct 2002 11:22:18 -0400 (EDT) From: Jerry McAllister <jerrymc@clunix.cl.msu.edu> To: pdesai1@cs.uh.edu (Pranav A. Desai) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: How to create another account with root privileges ? Message-ID: <200210101522.g9AFMIr23233@clunix.cl.msu.edu> In-Reply-To: <Pine.GSO.4.33.0210091959180.670-100000@themis.cs.uh.edu> from "Pranav A. Desai" at Oct 09, 2002 08:02:08 PM
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hi! > I have been asked to create admin accounts for a machine such that > all of them can access that machine as root but with different username > and password. First, see if you can get by with a web based system admin tool such as webmin. Or check out sudo or some other similar utility that allows you to grant specific tasks to non-root accounts. These can allow you to delegate most useful admin tasks to a non-root user - things such as creating or deleting accounts, cleaning out piles of spam that is clogging mailboxes, etc. If that won't satisfy the powers that be, then it is not difficult to create whatever additional root accounts that you need. Just use vipw and make additional entries with UID or 0 and GID of 0. Probably the easiest way is to copy the toor line and then edit the username, shell and home directory. We have several machines with extra root accounts. Our practice is to create usernames for those that start with uppercase R as in Rjoe being a root account for joe, Rfred for user fred, etc. Also we create separate home directories for those extra root accounts in the /root directory (eg /root/Rjoe and /root/Rfred). Some cautions: Make sure that /root directory is never moved to any other file system outside of / This is because you want it to be readable for a single user boot. Make sure the shell you specify is one that will be available for a single user boot. Generally, make sure there is a copy in /bin. When you set the password you _always_ have to specify the username, as in passwd Rjoe because, even if you are already logged in as that other root user (Rjoe), if you do not specify the username, it will change root-s password and not Rjoe-s. This is because root has the same UID as Rjoe and comes first in the file. You can't fix this by just moving root later in the passwd file because then you will just have Rfred changing Rjoe-s password if Rjoe comes before Rfred in the file and Rfred forgets to put his own username on the passwd command. So, just put any new Rroot ids after root and toor and make sure everyone uses the idname when changing passwords. Finally, be very paranoid about giving out root accounts to people. Even best intentioned people make disastrous skrewups which can take up to weeks to recover from. Some things are just better put off until you get back from vacation (what vacation?) rather than giving root to someone and coming back to find everything trashed. We joke about the rm -rf * done in the root directory, but I have seen it done - by accident. Each time the person was absolutely sure he was in his own directory. (And not just in UNIX systems; though the command syntax was different, the result was the same in those other systems) So, have fun, ////jerry > > Thanks > > -pranav > > ******************************************************************* > Pranav A. Desai > > Home :- (937) 294 1381 > ******************************************************************* > > On 9 Oct 2002, Kirk Strauser wrote: > > > > > At 2002-10-09T17:36:02Z, "Pranav A. Desai" <pdesai1@cs.uh.edu> writes: > > > > > How can I create a user account that can function like a root account with > > > the same prilieges ? I need to create three such account. Is it possible ? > > > > Short answer: you probably don't really want to do this. What problem are > > you needing to solve by having multiple root accounts? > > -- > > Kirk Strauser > > In Googlis non est, ergo non est. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210101522.g9AFMIr23233>