Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

More Than One root

Posted on 1999-01-15
13
Medium Priority
?
325 Views
Last Modified: 2010-04-21
How Do I give 3 users root permissions on a UNIX System ?

I mean full root permission.

I tried putting these users in the root (GID 0) group, but it does not seem to work. Itried putting them in the sys group but it still does not work.

any ideas ?
0
Comment
Question by:mohammedg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +5
13 Comments
 

Expert Comment

by:tgreaser
ID: 2008729
I would keep the group Idea...  Its just that you need to change the rights that group has

do a man on chmod chgrp and umask.... What OS are you running..?
0
 

Expert Comment

by:tgreaser
ID: 2008730
heres a program to do this
http://www.courtesan.com/cour tesan/products/sudo/
0
 

Expert Comment

by:rajeevm
ID: 2008731
Hello,
their are lot of was if you want to give root permission to any user , one very simple way is to make user id off all the user '0'in /etc/passwd file , then all of them will become root but now their will be no distinction between all the (root) users. can u tell me why u want to make three user as root ?so that i can tell you some other way to achive your goal .
Thanks & Regards,
Rajeev Mishra
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:mohammedg
ID: 2008732
Thank you but I already know about sudo, I think su does the same job as well. But what I need is flexibility like the windows NT Administration groups. In which you can add a user to the Admin group and make that user an adminstrator. I need to do this because some times I have to assign an administration job to another user if I am away or too busy. The OS's that we run are IRIX 6.x and SOlaris 2.5.x.
0
 

Expert Comment

by:mfarnam
ID: 2008733
If want -full- root permission, you need uid 0.  You can have any username you want, but uid 0 = root.
0
 
LVL 1

Author Comment

by:mohammedg
ID: 2008734
O.K. user id 0 seems to work but again as rajeevm has said that there will be no distinction between all the (root) users.

If there is no way to distinguish between all the root users, then I will have to live with the above, and split the points between rajeevm and mfarnam (any body knows how I can split the points) ?


0
 

Expert Comment

by:spunkinheimer
ID: 2008735
If you want to give them full root privileges why not just give them the root password and let them use su as necessary?
0
 
LVL 2

Expert Comment

by:blowfish
ID: 2008736
sudo is your best bet.  

You probably want to be able to give access to root, and then take it back later.  If you give the root password, and allow users to "su - root" then you will need to change the root password each time you want to drop somebody from the list of users allowed to "su - root", and of course, notify the remaining users of the change.  

Creating multiple users with UID 0 is not such a good idea either.  You would have the same amount of overhead required to manage it as if you gave the root password out.  You would need to modify their UID to be 0 to give root, and then change it back to remove root.  What about files that they might need to create for themselves, while they have root, you would need to chown the files back to the user's original UID or they would not be able to modify them (this may or may not be an issue in your particular case).  

However, there are important security implications against both giving root password, and seting multiple users to UID 0.  The more people that know the root password, the more chance that the password will get leaked to unauthorized people.  If you set multiple users to UID 0, then there are more chances that if your box gets hacked that one of the hacked accounts will be one of the root accounts.  Can you be sure that your users will use a strong password, that they haven't already given it to somebody else, or written it down on a sticky-note taped to their monitor, etc...

Sudo allows you to keep the root password a secret.  You do not need to set multiple UID's to zero.  You can easily control who has root privelege by including or excluding them from a group (/etc/group) that is allowed to use sudo to get a root shell.  This gives you better control.  Sudo also allows a fine granularity of root acccess.  You can allow users or groups to run only a sub-set of commands as root.  Each time a command is used by a sudo user it is logged, giving you an excellent audit trail.  "su - root", and UID 0 solutions do not give you the audit trail.  

We have been successfully using sudo here for over 2 years, on about 20 systems that we manage.  We have deplayed sudo on client systems that we manage, and allow them restricted root access, with logging.  

I hope that this information helps you make your decision.  

Cheers,

--frankf
0
 
LVL 2

Expert Comment

by:khaled022498
ID: 2008737
blowfish, has explaned the solution in a very good way, thank you blowfish.
0
 
LVL 1

Author Comment

by:mohammedg
ID: 2008738
I agree with blowfish, and thank you blowfish, I still have not tested it yet (too busy), but I will take your word for it.

How can I give the blowfish the 40 points for this question ?

Blowfish can answer the question, and I will accept his answer.
0
 
LVL 2

Accepted Solution

by:
blowfish earned 120 total points
ID: 2008739
This answer allows mohammedg to award points for previously entered comments regarding use of sudo.  
0
 
LVL 1

Author Comment

by:mohammedg
ID: 2008740
The Points are yours, keep up the good work.
0
 

Expert Comment

by:what9
ID: 2008741
If you want them to be root it is easy.
Give them the root password and let them su
the root - wheel group - don't forget to kill them
rememebr you life on the line. If you are in a corp you better
get something in writting !!


0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question