LinuxQuestions.org - Two-Person Rule or Password Split

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Two-Person Rule or Password Split (https://www.linuxquestions.org/questions/linux-security-4/two-person-rule-or-password-split-680196/)

puruntong

10-31-2008 01:48 AM

Two-Person Rule or Password Split

Hello!

Stated on the subject above Is it possible to have two password whenever you try to access the root (su)? What are the steps on how to do this kind of thing? i.e. If I type SU on the command line...

$ su -
password 1/2:
password 2/2:

#

Just a similar example above. Is this really possible?

Thanks in advance.

OdinnBurkni

10-31-2008 07:03 PM

root password

Hi there.
I'm no expert in this but I don't think it's possible, but maybe it is. What I would suggest is have a strong password, i.e. use upper and lower case and numbers and have the password minimum 8 characters.

Regards,
Odinn Burkni

unSpawn

11-01-2008 04:36 AM

Two passwords regularly means two accounts. You could deny every GID >= 500 access to 'su' and require users to 'sudo su' to a specific unprivileged account from which a 'sudo su root'-like command is accessable. If you have specific requirements to do things like that, then maybe also see 'rootsh' and 'sudosh' which allow for logging everything done as a (configurable) user.

All times are GMT -5. The time now is 06:47 AM.