fedora core 1 password

hello,
I have a server and sometimes I give the root pass to friends,
so that they can help me install new things, but I really dont want
any of them to maybe steal my machine and change the root pass
is there anyway of creating something that can send me the
current password of my machine to my email?
apleloisAsked:
Who is Participating?
 
GnsCommented:
And a third:
The reason I say "no, not really" (yeah, "Bo,..." ... yet another typo:-) is that the password is only stored in a (hopefully) non-reversible, unambiguous format... On most modern Linuces, that is an MD5-hash. Even though it _might_ be cracked, it should not be easily reversible... And the MD5-hash is such, indeed.
So you have no way of retreiving the password, once it is encoded in the hash.
Authentication is accomplished by taking the "salt" and the cleartext you enter, repeting the encoding and finally comparing the result with the stored ciphertext... If they match, OK, if not ....:-)
So you really cannot retreive the password and mail it to yourself, not when it concerns this.

Hope you appreciate the matter more now.

-- Glenn
0
 
GnsCommented:
Bo, not really.

But instead of giving out the root password, why not investigate/use sudo instead? That would be mych better... Not foolproof, but better.

-- Glenn
0
 
xDamoxCommented:
Hi,

I would strongly recommend giving the user SUDO access, anyways if you dont want to give sudo access you could
issue the following commands so he cant change the root password:

chattr +i /etc/passwd
chattr +i /etc/shadow

This will make the /etc/passwd and /etc/shadow file immunable and will stop him editing them unless he
do:

chattr -i /etc/shadow

but he might not noticed the immune flag :)
0
 
GnsCommented:
Security byobscurity.... how ... qaint:-).
I really don't think that is a good idea.

Either you trust your friend enough to let him/her have the password, or you don't. If you don't, you should look at the (meager) options .... meager in that there aren't a whole lot of options _other_ than sudo.
Sudo can be made to be safe.... you can for example limit the "root access" to only a few commands for the otherwise unpriviledged user.

If you don't trust your friend to have root access, then how can you trust your friend to install software?
I wouldn't, but then.... Maybe I'm paranoid:-).

-- Glenn
0
 
GnsCommented:
Two things:
> Security byobscurity.... how ... qaint:-).
should read
> "Security by obscurity".... how ... quaint:-).

... and start learning about sudo (assuming you have it installed) via "man sudo" or looking here: http://www.courtesan.com/sudo/

-- Glenn
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.