More Than One root

Posted on 1999-01-15
Last Modified: 2010-04-21
How Do I give 3 users root permissions on a UNIX System ?

I mean full root permission.

I tried putting these users in the root (GID 0) group, but it does not seem to work. Itried putting them in the sys group but it still does not work.

any ideas ?
Question by:mohammedg
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +5

Expert Comment

ID: 2008729
I would keep the group Idea...  Its just that you need to change the rights that group has

do a man on chmod chgrp and umask.... What OS are you running..?

Expert Comment

ID: 2008730
heres a program to do this tesan/products/sudo/

Expert Comment

ID: 2008731
their are lot of was if you want to give root permission to any user , one very simple way is to make user id off all the user '0'in /etc/passwd file , then all of them will become root but now their will be no distinction between all the (root) users. can u tell me why u want to make three user as root ?so that i can tell you some other way to achive your goal .
Thanks & Regards,
Rajeev Mishra
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 2008732
Thank you but I already know about sudo, I think su does the same job as well. But what I need is flexibility like the windows NT Administration groups. In which you can add a user to the Admin group and make that user an adminstrator. I need to do this because some times I have to assign an administration job to another user if I am away or too busy. The OS's that we run are IRIX 6.x and SOlaris 2.5.x.

Expert Comment

ID: 2008733
If want -full- root permission, you need uid 0.  You can have any username you want, but uid 0 = root.

Author Comment

ID: 2008734
O.K. user id 0 seems to work but again as rajeevm has said that there will be no distinction between all the (root) users.

If there is no way to distinguish between all the root users, then I will have to live with the above, and split the points between rajeevm and mfarnam (any body knows how I can split the points) ?


Expert Comment

ID: 2008735
If you want to give them full root privileges why not just give them the root password and let them use su as necessary?

Expert Comment

ID: 2008736
sudo is your best bet.  

You probably want to be able to give access to root, and then take it back later.  If you give the root password, and allow users to "su - root" then you will need to change the root password each time you want to drop somebody from the list of users allowed to "su - root", and of course, notify the remaining users of the change.  

Creating multiple users with UID 0 is not such a good idea either.  You would have the same amount of overhead required to manage it as if you gave the root password out.  You would need to modify their UID to be 0 to give root, and then change it back to remove root.  What about files that they might need to create for themselves, while they have root, you would need to chown the files back to the user's original UID or they would not be able to modify them (this may or may not be an issue in your particular case).  

However, there are important security implications against both giving root password, and seting multiple users to UID 0.  The more people that know the root password, the more chance that the password will get leaked to unauthorized people.  If you set multiple users to UID 0, then there are more chances that if your box gets hacked that one of the hacked accounts will be one of the root accounts.  Can you be sure that your users will use a strong password, that they haven't already given it to somebody else, or written it down on a sticky-note taped to their monitor, etc...

Sudo allows you to keep the root password a secret.  You do not need to set multiple UID's to zero.  You can easily control who has root privelege by including or excluding them from a group (/etc/group) that is allowed to use sudo to get a root shell.  This gives you better control.  Sudo also allows a fine granularity of root acccess.  You can allow users or groups to run only a sub-set of commands as root.  Each time a command is used by a sudo user it is logged, giving you an excellent audit trail.  "su - root", and UID 0 solutions do not give you the audit trail.  

We have been successfully using sudo here for over 2 years, on about 20 systems that we manage.  We have deplayed sudo on client systems that we manage, and allow them restricted root access, with logging.  

I hope that this information helps you make your decision.  



Expert Comment

ID: 2008737
blowfish, has explaned the solution in a very good way, thank you blowfish.

Author Comment

ID: 2008738
I agree with blowfish, and thank you blowfish, I still have not tested it yet (too busy), but I will take your word for it.

How can I give the blowfish the 40 points for this question ?

Blowfish can answer the question, and I will accept his answer.

Accepted Solution

blowfish earned 40 total points
ID: 2008739
This answer allows mohammedg to award points for previously entered comments regarding use of sudo.  

Author Comment

ID: 2008740
The Points are yours, keep up the good work.

Expert Comment

ID: 2008741
If you want them to be root it is easy.
Give them the root password and let them su
the root - wheel group - don't forget to kill them
rememebr you life on the line. If you are in a corp you better
get something in writting !!


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
removing nim resources 5 74
unix scripting question 1 120
unable to put logic for reading multiple repo in a single file 4 107
grep command usage 10 34
Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question