So I'm designing/setting up a central admin framework for UNIX (Solaris/Linux/HPUX) This framework will allow me to run commands locally targeted at other hosts enrolled in this management framework.

Example: I have a password change program that I can run on my CAF server

./passchange.pl --host=<TARGET HOST> --user=<USER> --password=<password>

This script would be executed remotely on the target machine changing the users password. (This is just a example of one of the many features)

I've setup a non privileged account on all my systems because I want root login of ssh to be disabled for security reasons. The non-privileged account is locked so it can not be logged into in any manner other than sudo.

I have a few routes in which I can accomplish this. I can write a cronjob that would poll a workq on each host every minute looking for jobs to execute as root. So the password command in this case would scp a file with the specifics of the job to the target host and the cronjob on the target would poll the workq and find this job and then execute it. This lacks realtime execution and providing realtime results of the execution.

I could also make the non-privlidged account a member of the root group.

My question here is would making this non-privlidged account a member of the root group present any security concerns? Assuming the account is well locked down with ACL's and directory permissions restricitng access so no one could manually populate the workq on the local machine would this be acceptable? Perhaps I could setup some form of trust keys for the poller and the CAF server to authenticate jobs as legitimate?

Does anyone have any input here on what I'm trying to accomplish?