On Thursday 10 March 2005 4:52 am, Frank Steiner wrote:
Hi,
are there any security (or other) problems when having a second user with uid 0? We would like to mainain a user "rootid" which has uid 0 and should be used for normal users logging in as root when the admin (me) is e.g. on holidays and sth. fails and needs to be repaired. For this, we have sealed envelopes with the root passwords which some users can open to get the password (the boss wants it like that).
<snip> IANAL and not as knowledgable as others on the list, but you might consider the "Administrators" setup where they aren't logged into the computer as a regular user. In other words, the Administrator account really isn't at least under the same user name an account on the computer. That might slow down any uninvited boost to the "normal" user rights.. Seriously tho, Something important to consider : you need to have a serious chat w/ the boss.. perhaps a meeting setup and scheduled to apprise him/her/them w/ the actual things a "root" user can do that might actually not be what the company would want to allow. It appears what your boss wants is not to be bothered during times you aren't around w/ any fiddley little things that go wrong w the computers, he just wants them to keep working... And no doubt hasn't considered any other ramifications. Industrial espionage, or just plain boredom or curiosity can lead to people "just looking" at information they do not have any need to know. As others have said, a root user has access to all information on your network systems. This might and can eventually lead to legal problems for your boss and the company depending on where mischief or curiosity leads, and what legal or fiduciary responsibilities the company may have. Those get very very expensive and you do not want to be associated in any way w/ setting up a system that might lead to such things w/o absolutely making certain your immediate superior(s) are fully apprised of the dangers. After all, your future is at stake as well as theirs. Imagine attempting to get another IT job if some fiasco happened to a company where you were the IT dept. Or the head of same... It would be bad enough if it didn't get publicized. I doubt there would be any future in the industry should anything untoward happen and you have not protected yourself by apprising those who should know of the potential for minor ( he types "rm -rf .*" in some user directory ) or major... (think the current fuss over info released about Paris Hilton's address book and translate it to , oh, release of people's info by a doctor, lawyer, hospital etc... ) -- j I'm putting on the B-mer Brothers Would you mind putting on this grass skirt?