Date: Fri, 11 Oct 2002 09:44:18 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: "Pranav A. Desai" <pdesai1@cs.uh.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: How to create another account with root privileges ? Message-ID: <20021011094242.V3949-100000@cactus.fi.uba.ar> In-Reply-To: <Pine.GSO.4.33.0210101600090.10316-100000@themis.cs.uh.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Oct 2002, Pranav A. Desai wrote: > Hi all! > > Thanks a lot to all those who replied. I will try to convince them > to use sudo, as most of you have mentioned that it is a better option than > changing /etc/passwd. If it doesnt work with them then I will use the > second option of changing passwd. No, the second option is to give them the root password and tell them to log as a normal user and then su(8) to root. The last option is to give them accounts with full root privs. Fer > > Thanks once again. > > -Pranav > > ******************************************************************* > Pranav A. Desai > > Home :- (937) 294 1381 > ******************************************************************* > > On Thu, 10 Oct 2002, Jerry McAllister wrote: > > > > > > > Hi! > > > I have been asked to create admin accounts for a machine such that > > > all of them can access that machine as root but with different username > > > and password. > > > > First, see if you can get by with a web based system admin tool > > such as webmin. Or check out sudo or some other similar utility > > that allows you to grant specific tasks to non-root accounts. > > These can allow you to delegate most useful admin tasks to a non-root > > user - things such as creating or deleting accounts, cleaning out > > piles of spam that is clogging mailboxes, etc. > > > > If that won't satisfy the powers that be, then it is not difficult > > to create whatever additional root accounts that you need. Just > > use vipw and make additional entries with UID or 0 and GID of 0. > > Probably the easiest way is to copy the toor line and then edit > > the username, shell and home directory. > > > > We have several machines with extra root accounts. Our practice is > > to create usernames for those that start with uppercase R as in Rjoe > > being a root account for joe, Rfred for user fred, etc. Also we create > > separate home directories for those extra root accounts in the /root > > directory (eg /root/Rjoe and /root/Rfred). > > > > Some cautions: > > > > Make sure that /root directory is never moved to any other file system > > outside of / This is because you want it to be readable for a single > > user boot. > > > > Make sure the shell you specify is one that will be available for > > a single user boot. Generally, make sure there is a copy in /bin. > > > > When you set the password you _always_ have to specify the username, as in > > passwd Rjoe > > because, even if you are already logged in as that other root user (Rjoe), > > if you do not specify the username, it will change root-s password and > > not Rjoe-s. > > > > This is because root has the same UID as Rjoe and comes first in the file. > > You can't fix this by just moving root later in the passwd file because > > then you will just have Rfred changing Rjoe-s password if Rjoe comes before > > Rfred in the file and Rfred forgets to put his own username on the passwd > > command. So, just put any new Rroot ids after root and toor and make sure > > everyone uses the idname when changing passwords. > > > > Finally, be very paranoid about giving out root accounts to people. > > Even best intentioned people make disastrous skrewups which can take > > up to weeks to recover from. Some things are just better put off until > > you get back from vacation (what vacation?) rather than giving root to > > someone and coming back to find everything trashed. We joke about > > the rm -rf * done in the root directory, but I have seen it done - by > > accident. Each time the person was absolutely sure he was in his own > > directory. (And not just in UNIX systems; though the command syntax > > was different, the result was the same in those other systems) > > > > So, have fun, > > > > ////jerry > > > > > > > > > > Thanks > > > > > > -pranav > > > > > > ******************************************************************* > > > Pranav A. Desai > > > > > > Home :- (937) 294 1381 > > > ******************************************************************* > > > > > > On 9 Oct 2002, Kirk Strauser wrote: > > > > > > > > > > > At 2002-10-09T17:36:02Z, "Pranav A. Desai" <pdesai1@cs.uh.edu> writes: > > > > > > > > > How can I create a user account that can function like a root account with > > > > > the same prilieges ? I need to create three such account. Is it possible ? > > > > > > > > Short answer: you probably don't really want to do this. What problem are > > > > you needing to solve by having multiple root accounts? > > > > -- > > > > Kirk Strauser > > > > In Googlis non est, ergo non est. > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021011094242.V3949-100000>