Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
RE: [suse-security] Problem with second user with uid 0?
  • From: "Wilde, Martin" <martin.wilde@xxxxxxxxx>
  • Date: Thu, 10 Mar 2005 12:26:41 +0100
  • Message-id: <253D42C2917FD511880E00508B66B670066E3CE8@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Hi Frank,

if your rootid user is managed on a per host basis I would not expect
*technical* security traps. During logon the passwd file is checked, if
there is a user named "rootid", then the crypted password is taken from the
shadow file and if there is a match then the userid 0 (or any other id from
the passwd file) is set. AFAIK: after login all programs just test the
userid (0) to find out if you have root permissions. So everything should be
fine except all commands that do an id-to-username translation (like id(1)
e. g.).

other problems: As you are talking about "normal" users: I do not know if
they *really* know what to do. So you usually need someone "trusted" that is
aware of what is meant by "having root permissions" - e. g. what happens
when he types "rm -rf .*" in some user directory.


In case you are using NIS: Be aware that those users will have root
permissions on *all* systems.

Also keep in mind that this user has access to *all* files including
documents from your genaral manager or the human ressources people!

Be also sure, that the password for the rootid user is as strong as yours
should be!



Martin

-----Original Message-----
From: Frank Steiner [mailto:fsteiner-mail@xxxxxxxxxxxxxx]
Sent: Thursday, March 10, 2005 10:53 AM
To: SuSE Securitylist
Subject: [suse-security] Problem with second user with uid 0?


Hi,

are there any security (or other) problems when having a second user
with uid 0?
We would like to mainain a user "rootid" which has uid 0 and should
be used for normal users logging in as root when the admin (me) is
e.g. on holidays and sth. fails and needs to be repaired. For this,
we have sealed envelopes with the root passwords which some users
can open to get the password (the boss wants it like that).

To avoid changing "my" root password afterwards, users should get the
password for "rootid" and work with that account. After my return,
I would just have to change the rootid password and could still work
with my normal root password. "sudo" etc. is not a real solution,
because users might need to login during boot when fsck fails. And
then you need a root password and no sudo etc.

Are there any problem with such a setup? Of course the rootid account
must be protected the same way the root account is.

In a first test, I could do anything with the rootid user, but I'm not
sure if there are any security traps that I don't recognize...

cu,
Frank


--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: -4054
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

< Previous Next >
Follow Ups