From owner-freebsd-questions Thu Oct 10 14: 7:55 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AC5837B401 for ; Thu, 10 Oct 2002 14:07:52 -0700 (PDT) Received: from letos.cs.uh.edu (letos.cs.uh.edu [129.7.240.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBF2043EB1 for ; Thu, 10 Oct 2002 14:07:51 -0700 (PDT) (envelope-from pdesai1@cs.uh.edu) Received: from themis.cs.uh.edu (themis [129.7.240.5]) by letos.cs.uh.edu (8.11.6+Sun/8.11.6) with ESMTP id g9AL7oo27931 for ; Thu, 10 Oct 2002 16:07:50 -0500 (CDT) Received: from localhost (pdesai1@localhost) by themis.cs.uh.edu (8.11.6+Sun/8.11.4) with ESMTP id g9AL7oG10532 for ; Thu, 10 Oct 2002 16:07:50 -0500 (CDT) X-Authentication-Warning: themis.cs.uh.edu: pdesai1 owned process doing -bs Date: Thu, 10 Oct 2002 16:07:50 -0500 (CDT) From: "Pranav A. Desai" To: Subject: Re: How to create another account with root privileges ? In-Reply-To: <200210101522.g9AFMIr23233@clunix.cl.msu.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all! Thanks a lot to all those who replied. I will try to convince them to use sudo, as most of you have mentioned that it is a better option than changing /etc/passwd. If it doesnt work with them then I will use the second option of changing passwd. Thanks once again. -Pranav ******************************************************************* Pranav A. Desai Home :- (937) 294 1381 ******************************************************************* On Thu, 10 Oct 2002, Jerry McAllister wrote: > > > > Hi! > > I have been asked to create admin accounts for a machine such that > > all of them can access that machine as root but with different username > > and password. > > First, see if you can get by with a web based system admin tool > such as webmin. Or check out sudo or some other similar utility > that allows you to grant specific tasks to non-root accounts. > These can allow you to delegate most useful admin tasks to a non-root > user - things such as creating or deleting accounts, cleaning out > piles of spam that is clogging mailboxes, etc. > > If that won't satisfy the powers that be, then it is not difficult > to create whatever additional root accounts that you need. Just > use vipw and make additional entries with UID or 0 and GID of 0. > Probably the easiest way is to copy the toor line and then edit > the username, shell and home directory. > > We have several machines with extra root accounts. Our practice is > to create usernames for those that start with uppercase R as in Rjoe > being a root account for joe, Rfred for user fred, etc. Also we create > separate home directories for those extra root accounts in the /root > directory (eg /root/Rjoe and /root/Rfred). > > Some cautions: > > Make sure that /root directory is never moved to any other file system > outside of / This is because you want it to be readable for a single > user boot. > > Make sure the shell you specify is one that will be available for > a single user boot. Generally, make sure there is a copy in /bin. > > When you set the password you _always_ have to specify the username, as in > passwd Rjoe > because, even if you are already logged in as that other root user (Rjoe), > if you do not specify the username, it will change root-s password and > not Rjoe-s. > > This is because root has the same UID as Rjoe and comes first in the file. > You can't fix this by just moving root later in the passwd file because > then you will just have Rfred changing Rjoe-s password if Rjoe comes before > Rfred in the file and Rfred forgets to put his own username on the passwd > command. So, just put any new Rroot ids after root and toor and make sure > everyone uses the idname when changing passwords. > > Finally, be very paranoid about giving out root accounts to people. > Even best intentioned people make disastrous skrewups which can take > up to weeks to recover from. Some things are just better put off until > you get back from vacation (what vacation?) rather than giving root to > someone and coming back to find everything trashed. We joke about > the rm -rf * done in the root directory, but I have seen it done - by > accident. Each time the person was absolutely sure he was in his own > directory. (And not just in UNIX systems; though the command syntax > was different, the result was the same in those other systems) > > So, have fun, > > ////jerry > > > > > > Thanks > > > > -pranav > > > > ******************************************************************* > > Pranav A. Desai > > > > Home :- (937) 294 1381 > > ******************************************************************* > > > > On 9 Oct 2002, Kirk Strauser wrote: > > > > > > > > At 2002-10-09T17:36:02Z, "Pranav A. Desai" writes: > > > > > > > How can I create a user account that can function like a root account with > > > > the same prilieges ? I need to create three such account. Is it possible ? > > > > > > Short answer: you probably don't really want to do this. What problem are > > > you needing to solve by having multiple root accounts? > > > -- > > > Kirk Strauser > > > In Googlis non est, ergo non est. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message