William T Wilson wrote: > > On Sun, 9 Jan 2000, Patrick Kirk wrote: > > > I need to add a second superuser. > > No you don't. > > If you want someone else to have root access, then just give them the root > password. > > If you want someone else to be able to do some root tasks but not really > be root, you have two choices. > 1) Make the program setuid root. > 2) Use sudo. > > Neither of these options is especially secure, but they're better than > nothing. > > If you put another user with UID 0 in /etc/passwd then that login will > also be root, it will just have another name. This will confuse some > things and accomplish nothing as it will provide no security benefit. > Just give them the root password.
But it does provide security benefits. I've worked in multiple admin environments where (before we discovered sudo) we did this so that each admin could change his password without worrying about having the other admins out for his blood. It was in a .edu environment where we were forced by the powers that be to do root stuff from users machines occasionally, and (after having been burned once of course) had a strict policy of changing our personal root password whenever we'd used it where students had a chance of watching the keyboard. RMS can call me selfish, but when I'm the one responsible for keeping a machine running for a large group of users, I want to be the one who broke it by doing something stupid^Wignorant as root. Let them learn how to be an admin on their own machines, not the ones people are doing classwork on. jpb -- Joe Block <[EMAIL PROTECTED]> CREOL System Administrator Social graces are the packet headers of everyday life.
