Nice little storm of a chain I managed to start here... Quite off the original topic, mainly, where I trust the users. Many good points have been noted and basically all of them have been argued both pro and con. I will do a little summary here:
1) Some people like sudo, some think it is not secure enough. In my situation, where I am not worried about legitimate users trying to get elevated privileges, this might just work. On the other hand, the point that sudo elevates ordinary users' passwords into root passwords obviously makes it easier for an illegitimate user to gain root - it suffices to gain any sudoer's password and then employing any of the methods mentioned here to gain root with sudo regardless of the permissions allowed to that users by sudo. Solution to that would be expiring passwords and installing some password sanity checker - that way at least the users' passwords ought to be fairly good and new, i.e. hard to crack. Of course if someone cracks user A, who is NOT a sudoer and attempts to sudo, we get log entries and even if A IS a sudoer, but the culprit has simply managed to spawn A's shell and is trying to sudo, we get log entries. No use of sudo's logging, as noted earlier, if the attacker really has the password of a sudoer: logs can be cleaned unless they are a) sent to another, secure, machine or b) they are written to a write-once medium (anyone logging onto paper or CD, for example? - grepping a paper ought to be ... fun?). 2) A few people like ssh RSA-auth. Good idea. But I may (will) need access to these machines in situations when there is no network, i.e. running manual fsck's after a power failure. No way of ssh'ing into the box at that time. I will need the root password anyway. 3) A few people would create additional uid=0 accounts. Since my situation is akin to one with multiple admins trusting each other (more exactly - it's _they_ who are trusting _me_, not the other way around), this might be a good idea. No one would have to get familiar with sudo (I know that would cause some resistance - it would be viewed as something they do not need to get accustomed to) and I would get my root. Of course, sudo would give me nice logs of what the others have done - which is quite important if I am to keep the boxes secure: not knowing what's been changed makes that pretty hard. This is my option number 2 anyway, if people resist learning to type 'sudo' instead of logging in as root or saying 'su'. 4) Someone also noted that having linux workstations in the first place is a bad idea due the X's flawed security but I do not seem to remember any way of popping up windows on someone else's display when X server is properly configured (i.e. only to accept connections from localhost with a proper MIT secret cookie (or other auth mechanism). As I said above, in my situation, sudo is very appealing: keeping root password to myself and letting the workstation users sudo (or vice versa). One question raises however: If I have multiple uid=0 accounts, will any of their passwords suffice as "root" password when entering single user mode? Obviously sudo will not do here, so I will need a root password, period. The other users will have to make do with either sudo or multiple uid=0 accounts. Multiple uid=0 accounts sounds better in that it does not elevate ordinary passwords into root passwords (of course, in practice people may keep them the same - can that be helped?) but on the other hand, sudo would log... I will have to see how much use of their root accounts these people really make. Although many of the replies did not answer my question at all, some of them had good points, thanks to those. -- ----------------------------------------------- | Juha Jäykkä, [EMAIL PROTECTED] | | home: http://www.utu.fi/~juolja/ | -----------------------------------------------