Re: Root user

[Steve Borho <sborho ststech com>]

On Thu, Dec 31, 1998 at 08:11:16PM -0900, Ramon Gandia wrote:
> Steve Borho wrote:
> > 
> > On Thu, Dec 31, 1998 at 04:26:43PM -0400, Shera wrote:
> > > How do you make a second root user.  I know to make a user you do adduser
> > > but how do you give that user root privledges.
> > 
> > Don't take this the wrong way, but why?
> > 
> > A second root account is redundant.  If you want to give some root
> > priveledges to selective users without giving them the root password, then
> > install sudo.
> > 
> > Otherwise, what's the point?
> 
> I don't want to sound rude or anything like that, but a question was
> asked.....never mind the reasons.  It might not be a good idea to
> create a second rootlike account on MOST circumstances, but nevertheless
> we have a question on the floor.  I would like to know the answer 
> myself.  And I can think of a few scenarios where it would be better to
> have such an account.

adduser rewt
vi /etc/passwd /etc/group # change rewt's uid & gid to 0

This is what most of the root kit exploits do.

> Example:  Hire a consultant.  You want to give him root priviledge but
> keep track of his logins, for instance so you can "talk" to him, or
> you can keep track of where he is, or for time billing, etc.

But I still think that it's better to give the consultant a normal user
account (you don't stay logged in as root all day, do you?) and use sudo
to allow them to run certain commands as root, without needing to know the
system's real root password. sudo also logs each command line.

Wouldn't this work better than giving them a "second root" account?

Uh oh.
/me grabs beer and makes toast.
Happy new year everyone!

-- 
Steve Borho <sborho ststech com>