multiple root accounts
Craig White
craigwhite at azapple.com
Tue Mar 7 01:28:02 UTC 2006
On Mon, 2006-03-06 at 18:08 -0600, Mikkel L. Ellertson wrote:
> Craig White wrote:
> > everyone else has suggested that you change the uid # in /etc/passwd to
> > 0 which may very well do what you want but there is another mechanism in
> > place...sudo which might be more in line with security...
> >
> > an entry in /etc/sudoers like...
> >
> > craig ALL=(ALL) ALL
> >
> > would do something similar but you would have to supply root password to
> > have root privileges.
> >
> > if you did something like this...
> >
> > Cmnd_Alias IPOD=/sbin/modprobe -r sbp2
> > Cmnd_Alias EJECT=/usr/bin/eject /dev/sda2,/usr/bin/eject /dev/sdb2
> >
> > craig ALL= NOPASSWD : IPOD, EJECT
> >
> > then user 'craig' could do those specific commands without a password.
> > Suit yourself, it's your system but I would ***heavily*** recommend
> > against a real 'user' having a uid of "0"
> >
> > Craig
> >
> For added security, I would not use the NOPASSWD option. That way,
> craig would have to supply his password (not root's password) when
> he wants to run the commands. It gives added protection if you are
> called away, and someone else tries to run the commands.
----
perhaps but when he is assigning multiple users the uid of "0", it would
appear that security is not the primary motivator here.
Craig
More information about the fedora-list
mailing list