Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Problem with second user with uid 0?
  • From: "E. Oosterhuis" <E.Oosterhuis@xxxxxxxxxx>
  • Date: Thu, 10 Mar 2005 13:57:31 +0100
  • Message-id: <200503101357.31609.E.Oosterhuis@xxxxxxxxxx>

If your system boots with an initrd (check this in /boot/grub/menu.lst) a
"new" root account does not work. Your college will need the password stored
in the initrd. ( If fsck checkes / )


On Thursday 10 March 2005 10:52, Frank Steiner wrote:
> Hi,
> are there any security (or other) problems when having a second user
> with uid 0?
> We would like to mainain a user "rootid" which has uid 0 and should
> be used for normal users logging in as root when the admin (me) is
> e.g. on holidays and sth. fails and needs to be repaired. For this,
> we have sealed envelopes with the root passwords which some users
> can open to get the password (the boss wants it like that).
> To avoid changing "my" root password afterwards, users should get the
> password for "rootid" and work with that account. After my return,
> I would just have to change the rootid password and could still work
> with my normal root password. "sudo" etc. is not a real solution,
> because users might need to login during boot when fsck fails. And
> then you need a root password and no sudo etc.
> Are there any problem with such a setup? Of course the rootid account
> must be protected the same way the root account is.
> In a first test, I could do anything with the rootid user, but I'm not
> sure if there are any security traps that I don't recognize...
> cu,
> Frank
> --
> Dipl.-Inform. Frank Steiner Web:
> Lehrstuhl f. Bioinformatik Mail:
> LMU, Amalienstr 17 Phone: +49 89 2180-4049
> 80333 Muenchen, Germany Fax: -4054
> * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *

Groeten van

Enno Oosterhuis


< Previous Next >