omloo
asked on
Second & Third "root" access
Dear Expert,
I would like to implement below root access security:
Primary administrator to have root acc & PW,
Secondary administrator to have root2 acc & PW,
The superior of Pri admin & Sec Admin to have root3 acc & PW.
Rules:
- root3 can change root & root2 account anytime when the superior need to access root or root2 account.
- both root2 & root3 have similar root priviledges
Can this be done for root account access security & tracability purpose.
Is there any better way?
Thank you.
I would like to implement below root access security:
Primary administrator to have root acc & PW,
Secondary administrator to have root2 acc & PW,
The superior of Pri admin & Sec Admin to have root3 acc & PW.
Rules:
- root3 can change root & root2 account anytime when the superior need to access root or root2 account.
- both root2 & root3 have similar root priviledges
Can this be done for root account access security & tracability purpose.
Is there any better way?
Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What you must remember is that a true root user has full and unrestricted access to the whole system and as such can have no superior. A root user can do whatever he wants.
Having said that, I agree with the others. If you only need for these users to run some commands as root, sudo is the way to go.
Remember that even being allowed to run a few commands as root could mean priveledge escalation to full root access if you're not careful what you give access to.
Having said that, I agree with the others. If you only need for these users to run some commands as root, sudo is the way to go.
Remember that even being allowed to run a few commands as root could mean priveledge escalation to full root access if you're not careful what you give access to.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
for what pupose you need this??
As sunnycoder said you try sudo
sudo allows administrator to give certain users the ability to run some commands as root or another user .
use the command visudo to edit the /etc/sudeors file