On Wed, Mar 21, 2001, September Donovan wrote about "duplicating root?":
> hello,
> I am new to the list and fairly new to linux ;-)
> I hope my question was not asked too many times and won't be flamed ;-)
>
> I have heard that it is possible to create another user with similar
> permissions as root, I know that in M$ world it's very easy, and I
> understood that in a more complex way it is possible under linux.
> what steps would I go about to create a user as much similiar permission
> wise as root? and what won't he be able to do?
If you really want to have two different users with superuser
abilities, it's easy - just create another account with user id 0. This
user id (and not the name "root") is what gives this account its priviliges,
and you can have two accounts with the same UID and most programs cope with
it fine.
But the more traditional way to solve your problem is to give each person
his own personal account, and when that person needs root-like privileges
he or she does "su". Direct login as root is disallowed (it's easy to set
it up this way) and the logs always say what user did "su".
The philosophy is that "root" is not a person - it is a special account with
elevated privilages that you temporarily enter to gain these privilages.
There's nothing wrong with two different people entering this account for
doing whatever they wanted to do, but they shouldn't be using the root
account as if it was their main account.
If you need to give another user priviliges that traditionally needed
being superuser but you don't want him or her to become a fully-super-user,
then modern Linux has many solutions: you no longer need to be root to
mount removable media (see mount(8)), if you setuid pppd you won't need
to be root to dial your modem, and so on. see also sudo(8).
--
Nadav Har'El | Wednesday, Mar 21 2001, 26 Adar 5761
[EMAIL PROTECTED] |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Just remember that if the world didn't
http://nadav.harel.org.il |suck, we would all fall off.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
