multiple root accounts
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Tue Mar 7 00:08:14 UTC 2006
Craig White wrote:
> everyone else has suggested that you change the uid # in /etc/passwd to
> 0 which may very well do what you want but there is another mechanism in
> place...sudo which might be more in line with security...
>
> an entry in /etc/sudoers like...
>
> craig ALL=(ALL) ALL
>
> would do something similar but you would have to supply root password to
> have root privileges.
>
> if you did something like this...
>
> Cmnd_Alias IPOD=/sbin/modprobe -r sbp2
> Cmnd_Alias EJECT=/usr/bin/eject /dev/sda2,/usr/bin/eject /dev/sdb2
>
> craig ALL= NOPASSWD : IPOD, EJECT
>
> then user 'craig' could do those specific commands without a password.
> Suit yourself, it's your system but I would ***heavily*** recommend
> against a real 'user' having a uid of "0"
>
> Craig
>
For added security, I would not use the NOPASSWD option. That way,
craig would have to supply his password (not root's password) when
he wants to run the commands. It gives added protection if you are
called away, and someone else tries to run the commands.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
More information about the fedora-list
mailing list