Date: Fri, 11 Oct 2002 10:02:08 -0400 (EDT) From: Jerry McAllister <jerrymc@clunix.cl.msu.edu> To: fgleiser@cactus.fi.uba.ar (Fernando Gleiser) Cc: pdesai1@cs.uh.edu (Pranav A. Desai), freebsd-questions@FreeBSD.ORG Subject: Re: How to create another account with root privileges ? Message-ID: <200210111402.g9BE28K29269@clunix.cl.msu.edu> In-Reply-To: <20021011094242.V3949-100000@cactus.fi.uba.ar> from "Fernando Gleiser" at Oct 11, 2002 09:44:18 AM
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Thu, 10 Oct 2002, Pranav A. Desai wrote: > > > Hi all! > > > > Thanks a lot to all those who replied. I will try to convince them > > to use sudo, as most of you have mentioned that it is a better option than > > changing /etc/passwd. If it doesnt work with them then I will use the > > second option of changing passwd. > > No, the second option is to give them the root password and tell them to log > as a normal user and then su(8) to root. The last option is to give them > accounts with full root privs. > Really, I think that is a less desirable option than just giving them their own root account. They can create one anyway with the su ability and they can log in as main root rather than su-ing which is what they are likely to do and mess around with stuff you have in that account like your .cshrc or .profile and files in root's home directory. Maybe better yet, star(*) out the main root password and make yourself as well as those extra admins use their own root accounts. You're less likely to get in trouble. ////jerry > > Fer > > > > > Thanks once again. > > > > -Pranav > > > > ******************************************************************* > > Pranav A. Desai > > > > Home :- (937) 294 1381 > > ******************************************************************* > > > > On Thu, 10 Oct 2002, Jerry McAllister wrote: > > > > > > > > > > Hi! > > > > I have been asked to create admin accounts for a machine such that > > > > all of them can access that machine as root but with different username > > > > and password. > > > > > > First, see if you can get by with a web based system admin tool > > > such as webmin. Or check out sudo or some other similar utility > > > that allows you to grant specific tasks to non-root accounts. > > > These can allow you to delegate most useful admin tasks to a non-root > > > user - things such as creating or deleting accounts, cleaning out > > > piles of spam that is clogging mailboxes, etc. > > > > > > If that won't satisfy the powers that be, then it is not difficult > > > to create whatever additional root accounts that you need. Just > > > use vipw and make additional entries with UID or 0 and GID of 0. > > > Probably the easiest way is to copy the toor line and then edit > > > the username, shell and home directory. > > > > > > We have several machines with extra root accounts. Our practice is > > > to create usernames for those that start with uppercase R as in Rjoe > > > being a root account for joe, Rfred for user fred, etc. Also we create > > > separate home directories for those extra root accounts in the /root > > > directory (eg /root/Rjoe and /root/Rfred). > > > > > > Some cautions: > > > > > > Make sure that /root directory is never moved to any other file system > > > outside of / This is because you want it to be readable for a single > > > user boot. > > > > > > Make sure the shell you specify is one that will be available for > > > a single user boot. Generally, make sure there is a copy in /bin. > > > > > > When you set the password you _always_ have to specify the username, as in > > > passwd Rjoe > > > because, even if you are already logged in as that other root user (Rjoe), > > > if you do not specify the username, it will change root-s password and > > > not Rjoe-s. > > > > > > This is because root has the same UID as Rjoe and comes first in the file. > > > You can't fix this by just moving root later in the passwd file because > > > then you will just have Rfred changing Rjoe-s password if Rjoe comes before > > > Rfred in the file and Rfred forgets to put his own username on the passwd > > > command. So, just put any new Rroot ids after root and toor and make sure > > > everyone uses the idname when changing passwords. > > > > > > Finally, be very paranoid about giving out root accounts to people. > > > Even best intentioned people make disastrous skrewups which can take > > > up to weeks to recover from. Some things are just better put off until > > > you get back from vacation (what vacation?) rather than giving root to > > > someone and coming back to find everything trashed. We joke about > > > the rm -rf * done in the root directory, but I have seen it done - by > > > accident. Each time the person was absolutely sure he was in his own > > > directory. (And not just in UNIX systems; though the command syntax > > > was different, the result was the same in those other systems) > > > > > > So, have fun, > > > > > > ////jerry > > > > > > > > > > > > > > Thanks > > > > > > > > -pranav > > > > > > > > ******************************************************************* > > > > Pranav A. Desai > > > > > > > > Home :- (937) 294 1381 > > > > ******************************************************************* > > > > > > > > On 9 Oct 2002, Kirk Strauser wrote: > > > > > > > > > > > > > > At 2002-10-09T17:36:02Z, "Pranav A. Desai" <pdesai1@cs.uh.edu> writes: > > > > > > > > > > > How can I create a user account that can function like a root account with > > > > > > the same prilieges ? I need to create three such account. Is it possible ? > > > > > > > > > > Short answer: you probably don't really want to do this. What problem are > > > > > you needing to solve by having multiple root accounts? > > > > > -- > > > > > Kirk Strauser > > > > > In Googlis non est, ergo non est. > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210111402.g9BE28K29269>