From owner-freebsd-chat  Mon Jan  7 21:17:46 2002
Delivered-To: freebsd-chat@freebsd.org
Received: from mail.thpoon.com (CPE0080c8f2c614.cpe.net.cable.rogers.com [24.42.106.79])
	by hub.freebsd.org (Postfix) with SMTP id E53A837B419
	for <chat@freebsd.org>; Mon,  7 Jan 2002 21:17:35 -0800 (PST)
Received: (qmail 82409 invoked from network); 8 Jan 2002 05:17:34 -0000
Received: from unknown (HELO tea.thpoon.com) (qmailr@192.168.1.2)
  by 192.168.1.1 with SMTP; 8 Jan 2002 05:17:34 -0000
Received: (qmail 3684 invoked by uid 1000); 8 Jan 2002 05:17:31 -0000
To: chat@freebsd.org
Subject: Multiple root accounts
From: Arcady Genkin <agenkin-dated-1011329481.db2849@thpoon.com>
X-Face: 
 0=A/O5-+sE[Tf%X>rYr?Y5LD4,:^'jaJ!4jC&UR*ZrrK2>^`g22Qeb]!:d;}2YJ|Hq"LHdF
 OX`jWX|AT-WVFQ(TPhFVak)0nt$aEdlOq=1~D,:\z5QlVOrZ2(H,mKg=Xr|'VlHA="r
Date: Tue, 08 Jan 2002 00:17:31 -0500
Message-ID: <87zo3p776c.fsf@tea.thpoon.com>
Lines: 31
User-Agent: Gnus/5.090004 (Oort Gnus v0.04) XEmacs/21.4 (Common Lisp,
 i686-pc-linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-chat.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-chat>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-chat>
X-Loop: FreeBSD.org

What is the better scenario for a situation with multiple sysadmins
for one system:
  a. all admins share one root account and pass
  b. there is a separate root account per each admin, with its own
     pass 

Historically, at my ork place there are five admins sharing the same
root account.  I think that scenario (b) is better, but maybe there
are gotchas with this approach.

Here's what I can think of with regards to having one UID 0 account
per each admin:

Pros:
- each admin can have his own customization (dot files etc.)
- possibly, accountability is increased
- each admin can choose a password that's easy to remember for him
- no need to communicate a new password, like it would have to be
  communicated if one root account were shared

Cons:
- there is a chance that some admin would choose a weak root password
- anything else?..

What am I missing?  It would be nice to hear how others approach this
problem.

FWIW, the network consists of almost equal shares of Solaris and Linux
computers (no BSD boxes so far) with /etc/password shared over NFS.
-- 
Arcady Genkin

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message