On Thursday 10 October 2002 12:38 am, Peter Leftwich appears to have written: > On Thu, 10 Oct 2002, Bob Johnson wrote: > > On Wednesday 09 October 2002 09:02 pm, Pranav A. Desai appears to have written: > > > Hi! I have been asked to create admin accounts for a machine such > > > that all of them can access that machine as root but with > > > different username and password. > > > > In many environments, this is reasonable. Sometimes you have > > more than one person who is must have full administrative rights, > > unless you plan to have your one administrator be on 24/7 call. It > > is good policy to prohibit anyone, even administrators, from > > sharing accounts, so you give each admin their own account. Of > > course, if they only need limited admin rights, then sudo is > > probably a better solution. Talk to your customer and find out > > what they are really trying to accomplish. > > man su >
Yes, most facilities have admins login with their personal accounts and then su to root. It is the traditional way, but doesn't answer the original question. There is something to be said for being able to instantly change the root password without having to propagate a new password to the other admins who may be off duty, on vacation, or whatever. E.G., what happens if an admin screws up and reveals their password to the world? No, it isn't a perfect system, but I think the advantages outweigh the disadvantages. My feelings won't be hurt if someone points out that I missed something obviously wrong with this. I've also found it difficult to keep some admins from logging in at the console as root (because it's "too hard" to log in as a user and then su to root, and besides, that's how they've always done it). You can't (or at least you probably don't want to) disable console logins by admin accounts, so the next best thing is to give each admin their own account and don't tell them the root password. The point here isn't to keep a dishonest admin from hiding their tracks (it takes a lot more effort to do that, if you can do it at all), but to keep the lazy admins honest. In my case it is actually site policy (created with no particular operating system in mind) that no two users, even admins, may share an account unless absolutely necessary. I went ahead and set up to comply with the policy since I couldn't think of a reason not to, and I also agree that it is good policy. We are trying to get people out of the habit of casually sharing passwords. In any case, it's a tool that may be useful in some situations. > > The "toor" account is an example of exactly what you want, although > > by default it is disabled (by an invalid password field). To > > create a similar account, use "vipw" to edit the password file. > > Copy the root entry, but give each person their own name and the > > shell of their choice (the shell must be in /etc/shells). > > What -is- that toor (root backwards) account for anyways?? > The toor account was originally an admin account with the bash shell. root used sh. You do not (or did not at that time) want to set the root shell to be bash, it causes a bunch of not immediately obvious problems, so the toor account was created for those who like bash. It took a few iterations to find the various utilities confused by multiple root accounts and fix them. > Is there a command similar to vipw that uses a simpler editor, like > pico? > No but you can change the default editor that vipw uses by setting the EDITOR variable. > > Leave everything else the same as for root. If you copy the > > password field from the root account, then the new admin account > > will have the same password, which should be changed by the user of > > the account. Also, never change the shell for root. It needs to be > > as it is for some things to work right. That's why the toor > > account exists: so you can set up an admin account with your choice > > of shell. > > I always log in 100% of the time to my box as root and my shell is > tcsh > That is generally considered to be a really bad thing. If you screw up and issue a highly destructive command, nothing stops root from destroying your entire system. If some attacker manages to gain access to your account, they own the entire system if your account is root. > Does it matter that (I think) I changed the shell for root? > It can. If the shell you selected is not in /bin, or it needs libraries that are not in /bin, you may find it difficult to fix problems that require you to interrupt a boot before all the drives are mounted. Thus, since bash is not in /bin, you want to create a second admin account (toor) if you happen to want to use bash as your admin shell. If it happens that that is no longer necessary, well, at least now you know the historical reason. There used to be problems with some boot-time scripts not executing properly if the root shell wasn't sufficiently similar to sh, but I _think_ that's cleaned up now so that they all run in an explicitly specified shell. [...remainder deleted...] - Bob To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
