On Thursday 10 March 2005 13.57, E. Oosterhuis wrote:
Hi,
If your system boots with an initrd (check this in /boot/grub/menu.lst) a "new" root account does not work. Your college will need the password stored in the initrd. ( If fsck checkes / )
Enno
On Thursday 10 March 2005 10:52, Frank Steiner wrote:
Hi,
are there any security (or other) problems when having a second user with uid 0? We would like to mainain a user "rootid" which has uid 0 and should be used for normal users logging in as root when the admin (me) is e.g. on holidays and sth. fails and needs to be repaired. For this, we have sealed envelopes with the root passwords which some users can open to get the password (the boss wants it like that).
To avoid changing "my" root password afterwards, users should get the password for "rootid" and work with that account. After my return, I would just have to change the rootid password and could still work with my normal root password. "sudo" etc. is not a real solution, because users might need to login during boot when fsck fails. And then you need a root password and no sudo etc.
Are there any problem with such a setup? Of course the rootid account must be protected the same way the root account is.
In a first test, I could do anything with the rootid user, but I'm not sure if there are any security traps that I don't recognize...
cu, Frank
-- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: -4054 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
-- Groeten van
Enno Oosterhuis
e.oosterhuis@ewi.utwente.nl
Wont the "second" root be able to reset ordinary roots password? Or add a "backdoor" on the system? Malicious code can easily be installed once logged in as uid 0. "I'll just up my pesonal powers a wee bit" is always the most dangerous thing. -- /Rikard --------------------------------------------------------------- Rikard Johnels email : rikjoh@norweb.se Web : http://www.rikjoh.com/users/rikjoh Mob : +46 735 05 51 01 PGP : 0x461CEE56 ---------------------------------------------------------------