Date: Thu, 10 Oct 2002 16:07:50 -0500 (CDT) From: "Pranav A. Desai" <pdesai1@cs.uh.edu> To: <freebsd-questions@FreeBSD.ORG> Subject: Re: How to create another account with root privileges ? Message-ID: <Pine.GSO.4.33.0210101600090.10316-100000@themis.cs.uh.edu> In-Reply-To: <200210101522.g9AFMIr23233@clunix.cl.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all! Thanks a lot to all those who replied. I will try to convince them to use sudo, as most of you have mentioned that it is a better option than changing /etc/passwd. If it doesnt work with them then I will use the second option of changing passwd. Thanks once again. -Pranav ******************************************************************* Pranav A. Desai Home :- (937) 294 1381 ******************************************************************* On Thu, 10 Oct 2002, Jerry McAllister wrote: > > > > Hi! > > I have been asked to create admin accounts for a machine such that > > all of them can access that machine as root but with different username > > and password. > > First, see if you can get by with a web based system admin tool > such as webmin. Or check out sudo or some other similar utility > that allows you to grant specific tasks to non-root accounts. > These can allow you to delegate most useful admin tasks to a non-root > user - things such as creating or deleting accounts, cleaning out > piles of spam that is clogging mailboxes, etc. > > If that won't satisfy the powers that be, then it is not difficult > to create whatever additional root accounts that you need. Just > use vipw and make additional entries with UID or 0 and GID of 0. > Probably the easiest way is to copy the toor line and then edit > the username, shell and home directory. > > We have several machines with extra root accounts. Our practice is > to create usernames for those that start with uppercase R as in Rjoe > being a root account for joe, Rfred for user fred, etc. Also we create > separate home directories for those extra root accounts in the /root > directory (eg /root/Rjoe and /root/Rfred). > > Some cautions: > > Make sure that /root directory is never moved to any other file system > outside of / This is because you want it to be readable for a single > user boot. > > Make sure the shell you specify is one that will be available for > a single user boot. Generally, make sure there is a copy in /bin. > > When you set the password you _always_ have to specify the username, as in > passwd Rjoe > because, even if you are already logged in as that other root user (Rjoe), > if you do not specify the username, it will change root-s password and > not Rjoe-s. > > This is because root has the same UID as Rjoe and comes first in the file. > You can't fix this by just moving root later in the passwd file because > then you will just have Rfred changing Rjoe-s password if Rjoe comes before > Rfred in the file and Rfred forgets to put his own username on the passwd > command. So, just put any new Rroot ids after root and toor and make sure > everyone uses the idname when changing passwords. > > Finally, be very paranoid about giving out root accounts to people. > Even best intentioned people make disastrous skrewups which can take > up to weeks to recover from. Some things are just better put off until > you get back from vacation (what vacation?) rather than giving root to > someone and coming back to find everything trashed. We joke about > the rm -rf * done in the root directory, but I have seen it done - by > accident. Each time the person was absolutely sure he was in his own > directory. (And not just in UNIX systems; though the command syntax > was different, the result was the same in those other systems) > > So, have fun, > > ////jerry > > > > > > Thanks > > > > -pranav > > > > ******************************************************************* > > Pranav A. Desai > > > > Home :- (937) 294 1381 > > ******************************************************************* > > > > On 9 Oct 2002, Kirk Strauser wrote: > > > > > > > > At 2002-10-09T17:36:02Z, "Pranav A. Desai" <pdesai1@cs.uh.edu> writes: > > > > > > > How can I create a user account that can function like a root account with > > > > the same prilieges ? I need to create three such account. Is it possible ? > > > > > > Short answer: you probably don't really want to do this. What problem are > > > you needing to solve by having multiple root accounts? > > > -- > > > Kirk Strauser > > > In Googlis non est, ergo non est. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.33.0210101600090.10316-100000>