You have multiple ways to login as the superuser, login(1) from the console, su(1), ssh(1) etc. Each of them can have different credentials for login if you configure them to use pam(3) (by default they are) and configure them suitably using the configuration files in /etc/pam.d and PAM modules. My mini howto shows one way of adding ssh(1) public key authentication to su(1).
Just to clarify, do you mean multiple passwords, each of which allow a user to log in as root, or the need for the user to enter multiple passwords to log in as root?
For the first case, it would be better to create individual user accounts in group wheel with sudo access. As to the second, just make your password longer.
You could also create a bunch of additionally root accounts. Long before I started here, it was practice for each system administrator to have his or her own root account (initials + root) on all the machines in our datacenter. When I started, it was being done on SunOS 4.x, Solaris 2.x and RHEL servers. We now have FreeBSD servers that we support with this. Though the RHEL servers do get confused by there being more than one root account.
In some cases it has helped us determine which system administrator did what.
It's possible to create a user with useradd and then change it's id to 0 by doing vipw. You'll be able to login as toto and your server will treat you as root.
If not every admin of your system should be allowed full access to the system, I think you should consider using something like security/sudo as mentioned above?
It allows to delegate specific tasks to groups or users, e.g. allowing only to restart the webserver. Maybe have at a look at it?
It's possible to create a user with useradd and then change it's id to 0 by doing vipw. You'll be able to login as toto and your server will treat you as root.
I believe it is very bad too! Also because the filesystem and other accounting tools will report the login name from the UID, so having two,three, four accounts with the UID 0 will make such tools reporting wrong information (file created by root1 is listed as root...). Use sudo to accomplish the task.
I've seen people advising the use of sudo, and I've seen people advising to avoid sudo. Which should I do? I can only see it's advantages.
Sorry for the off topic. If this has already been discussed, please could someone link to it? Otherwise, I'll probably make a thread as I'd really like to get to the bottom of this.
You have to discover it by yourself, and this is the beauty of having a free os!
In the scenario you described, I believe sudo will help you, even if I tend to not use it so much by myself.
You just need to be careful about what you allow with sudo(8). Suppose you're allowed to $ sudo less /var/log/auth.log for example.
less(1) has an option to launch a shell command (!), so somebody could sudo less and get a root shell. This might not be what you expected. Several commands have similar options.
Also note that if the account is bruteforced, the attackers also gain root because sudo(8) uses the same password.
The use of sudo(1) has it's pros and cons. You just need to figure out which one outweighs the other.
If the alternative is giving out multiple accounts with root level access (such as you are considering), then sudo is preferable.
You just need to be careful about what commands you let people run with sudo.
As above, anything started with root level access that can spawn a shell can give the user a root shell. It means you need to audit programs you want users to be able to run, before allowing use via sudo.
If you were to give them a login with UID 0 they would already have a root shell.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
