Solved

More Than One root

Posted on 1999-01-15
13
323 Views
Last Modified: 2010-04-21
How Do I give 3 users root permissions on a UNIX System ?

I mean full root permission.

I tried putting these users in the root (GID 0) group, but it does not seem to work. Itried putting them in the sys group but it still does not work.

any ideas ?
0
Comment
Question by:mohammedg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +5
13 Comments
 

Expert Comment

by:tgreaser
ID: 2008729
I would keep the group Idea...  Its just that you need to change the rights that group has

do a man on chmod chgrp and umask.... What OS are you running..?
0
 

Expert Comment

by:tgreaser
ID: 2008730
heres a program to do this
http://www.courtesan.com/cour tesan/products/sudo/
0
 

Expert Comment

by:rajeevm
ID: 2008731
Hello,
their are lot of was if you want to give root permission to any user , one very simple way is to make user id off all the user '0'in /etc/passwd file , then all of them will become root but now their will be no distinction between all the (root) users. can u tell me why u want to make three user as root ?so that i can tell you some other way to achive your goal .
Thanks & Regards,
Rajeev Mishra
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:mohammedg
ID: 2008732
Thank you but I already know about sudo, I think su does the same job as well. But what I need is flexibility like the windows NT Administration groups. In which you can add a user to the Admin group and make that user an adminstrator. I need to do this because some times I have to assign an administration job to another user if I am away or too busy. The OS's that we run are IRIX 6.x and SOlaris 2.5.x.
0
 

Expert Comment

by:mfarnam
ID: 2008733
If want -full- root permission, you need uid 0.  You can have any username you want, but uid 0 = root.
0
 
LVL 1

Author Comment

by:mohammedg
ID: 2008734
O.K. user id 0 seems to work but again as rajeevm has said that there will be no distinction between all the (root) users.

If there is no way to distinguish between all the root users, then I will have to live with the above, and split the points between rajeevm and mfarnam (any body knows how I can split the points) ?


0
 

Expert Comment

by:spunkinheimer
ID: 2008735
If you want to give them full root privileges why not just give them the root password and let them use su as necessary?
0
 
LVL 2

Expert Comment

by:blowfish
ID: 2008736
sudo is your best bet.  

You probably want to be able to give access to root, and then take it back later.  If you give the root password, and allow users to "su - root" then you will need to change the root password each time you want to drop somebody from the list of users allowed to "su - root", and of course, notify the remaining users of the change.  

Creating multiple users with UID 0 is not such a good idea either.  You would have the same amount of overhead required to manage it as if you gave the root password out.  You would need to modify their UID to be 0 to give root, and then change it back to remove root.  What about files that they might need to create for themselves, while they have root, you would need to chown the files back to the user's original UID or they would not be able to modify them (this may or may not be an issue in your particular case).  

However, there are important security implications against both giving root password, and seting multiple users to UID 0.  The more people that know the root password, the more chance that the password will get leaked to unauthorized people.  If you set multiple users to UID 0, then there are more chances that if your box gets hacked that one of the hacked accounts will be one of the root accounts.  Can you be sure that your users will use a strong password, that they haven't already given it to somebody else, or written it down on a sticky-note taped to their monitor, etc...

Sudo allows you to keep the root password a secret.  You do not need to set multiple UID's to zero.  You can easily control who has root privelege by including or excluding them from a group (/etc/group) that is allowed to use sudo to get a root shell.  This gives you better control.  Sudo also allows a fine granularity of root acccess.  You can allow users or groups to run only a sub-set of commands as root.  Each time a command is used by a sudo user it is logged, giving you an excellent audit trail.  "su - root", and UID 0 solutions do not give you the audit trail.  

We have been successfully using sudo here for over 2 years, on about 20 systems that we manage.  We have deplayed sudo on client systems that we manage, and allow them restricted root access, with logging.  

I hope that this information helps you make your decision.  

Cheers,

--frankf
0
 
LVL 2

Expert Comment

by:khaled022498
ID: 2008737
blowfish, has explaned the solution in a very good way, thank you blowfish.
0
 
LVL 1

Author Comment

by:mohammedg
ID: 2008738
I agree with blowfish, and thank you blowfish, I still have not tested it yet (too busy), but I will take your word for it.

How can I give the blowfish the 40 points for this question ?

Blowfish can answer the question, and I will accept his answer.
0
 
LVL 2

Accepted Solution

by:
blowfish earned 40 total points
ID: 2008739
This answer allows mohammedg to award points for previously entered comments regarding use of sudo.  
0
 
LVL 1

Author Comment

by:mohammedg
ID: 2008740
The Points are yours, keep up the good work.
0
 

Expert Comment

by:what9
ID: 2008741
If you want them to be root it is easy.
Give them the root password and let them su
the root - wheel group - don't forget to kill them
rememebr you life on the line. If you are in a corp you better
get something in writting !!


0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question