I'm in a similar situation of having to leave root passwords in "a secure place" incase I am not around. :( Though in the fsck case there is an alternative I have just thought of, but the solution may be WORSE than the problem! If you want people to be able to do a fsck in an emergency, then you could always leave a "Rescue CD" with your boss... Then if anyone needs to actually do a fsck on a crashed server they can use the rescue disk to boot up and fsck the filesystem in question, and then reboot the server. The drawback to this is that you have to leave the server bootable from CD :(, which is in itself a security hole. On a positive note though, people don't just have the root password "on tap" and are hopefully less inclined to obtain the rescue disk and boot up as root "just for the hell of it". It's always good to have rescue disks handy anyway, just incase the root/boot file system gets corrupted/damaged. Like I experienced last week during a routine outage...
-----Original Message----- From: Frank Steiner [mailto:fsteiner-mail@bio.ifi.lmu.de] Sent: Thursday, 10 March 2005 10:53 p.m. To: SuSE Securitylist Subject: [suse-security] Problem with second user with uid 0?
Hi,
are there any security (or other) problems when having a second user with uid 0? We would like to mainain a user "rootid" which has uid 0 and should be used for normal users logging in as root when the admin (me) is e.g. on holidays and sth. fails and needs to be repaired. For this, we have sealed envelopes with the root passwords which some users can open to get the password (the boss wants it like that).
To avoid changing "my" root password afterwards, users should get the password for "rootid" and work with that account. After my return, I would just have to change the rootid password and could still work with my normal root password. "sudo" etc. is not a real solution, because users might need to login during boot when fsck fails. And then you need a root password and no sudo etc.
Are there any problem with such a setup? Of course the rootid account must be protected the same way the root account is.
In a first test, I could do anything with the rootid user, but I'm not sure if there are any security traps that I don't recognize...
cu, Frank
-- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: -4054 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here