Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
RE: [suse-security] Problem with second user with uid 0?
  • From: "Mike Tierney" <miket@xxxxxxxxxxxxxxxx>
  • Date: Fri, 11 Mar 2005 10:36:34 +1300
  • Message-id: <200503102131.j2ALVVdr022008@xxxxxxxxxxxxxxxx>
I'm in a similar situation of having to leave root passwords in "a secure
place" incase I am not around. :(

Though in the fsck case there is an alternative I have just thought of, but
the solution may be WORSE than the problem! If you want people to be able to
do a fsck in an emergency, then you could always leave a "Rescue CD" with
your boss... Then if anyone needs to actually do a fsck on a crashed server
they can use the rescue disk to boot up and fsck the filesystem in question,
and then reboot the server.

The drawback to this is that you have to leave the server bootable from CD
:(, which is in itself a security hole. On a positive note though, people
don't just have the root password "on tap" and are hopefully less inclined
to obtain the rescue disk and boot up as root "just for the hell of it".

It's always good to have rescue disks handy anyway, just incase the
root/boot file system gets corrupted/damaged. Like I experienced last week
during a routine outage...

> -----Original Message-----
> From: Frank Steiner [mailto:fsteiner-mail@xxxxxxxxxxxxxx]
> Sent: Thursday, 10 March 2005 10:53 p.m.
> To: SuSE Securitylist
> Subject: [suse-security] Problem with second user with uid 0?
>
> Hi,
>
> are there any security (or other) problems when having a second user
> with uid 0?
> We would like to mainain a user "rootid" which has uid 0 and should
> be used for normal users logging in as root when the admin (me) is
> e.g. on holidays and sth. fails and needs to be repaired. For this,
> we have sealed envelopes with the root passwords which some users
> can open to get the password (the boss wants it like that).
>
> To avoid changing "my" root password afterwards, users should get the
> password for "rootid" and work with that account. After my return,
> I would just have to change the rootid password and could still work
> with my normal root password. "sudo" etc. is not a real solution,
> because users might need to login during boot when fsck fails. And
> then you need a root password and no sudo etc.
>
> Are there any problem with such a setup? Of course the rootid account
> must be protected the same way the root account is.
>
> In a first test, I could do anything with the rootid user, but I'm not
> sure if there are any security traps that I don't recognize...
>
> cu,
> Frank
>
>
> --
> Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
> Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
> LMU, Amalienstr 17 Phone: +49 89 2180-4049
> 80333 Muenchen, Germany Fax: -4054
> * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here


< Previous Next >
References