Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I was wondering if there was an easy way to give other users root acces.
Before I get lecture about the security impact, let me explain the reason I want to do this.
I maintaint the linux server on our network. Recently, my workload is a bit big! So a second person was found to assit me for a limited period of time. He will need root acces to be able to work. But I feel a little unconfortable to give my root password.
My point is, he wont be there for ever. I know I could change the root password after he leave, but I would like to avoid that. Espacilly since I may get supplementary help help in the future. Imagine a rotating team and constantly changing root password!! What a nightmare!
Any ideas that could ease my natural paranoia of giving my root password??
Thanks for the help, I really appeciate it.
P.S. By the way, I run Debian, in case you were wondering.
Looks interesting.
I have taken a quick look. If I understand it allows the authorized users to run any command that root can. The only "cost" is that you need to type sudo before the actual command.
I will look further into it. If ever I was not satisfactory, any other suggestions?
can't you just change the id in /etc/passwd to 0?
Changing gid is not a "best practice" solution, IMNSVHO it's a recipe for disaster: imagine the user fscks up a command or the account got cracked. I recommend anyone who needs additional users to do administrative tasks to NOT DO THIS but use sudo instead.
Dataforce, if you disagree, please tell me the pro's and con's of your solution. I'm always willing to learn something new.
2- As for the tasks needed to be done by the other user. Well, for the moment, disk maintenance stuff. Install a raid partition, set-up backup scripts. Prepare disaster recovery procedure (and test them)
3- As for the approach of changing the gid, would'nt I also need to change the uid? (Many files dont have write and execute for the group) In that way, the second user actully logs on as root, but with a different password?
I know it is not really a "secure" practice but in a situation where there are two admin, would'nt it be an effective way to be able to de-active the password of the second one when he leaves?
On the other hand, wont this change make the system behave strangely? I'm not familiar enough with the login process to predict the effects of having two users share the same uid.
Changing the GID seems to work perfectly for us, it allows our admin user to do most tasks he needs, and else he can simply su to root or what ever.
Sure its not the most secure method, but it allows the other admin user, the access he needs, he can perform kernel upgrades, and anything we need, and we don't need to disclose our root password, so imo, where as it possibly lacks in security, it gains in practicality.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.