At 994696370s since epoch (07/09/01 04:32:50 -0400 UTC), Juha J?ykk? wrote: > One question raises however: If I have multiple uid=0 accounts, > will any of their passwords suffice as "root" password when entering > single user mode? Obviously sudo will not do here, so I will need a > root password, period.
Our solution to this (multiple admins on a single box) was to write the root password (some horribly cryptic thing) down on a piece of paper and put it in a sealed envelope, which we then stuck to the machine. The machine was locked in the server room, so the only people who could get to the root password (and the console) were the people with keys. If you needed to boot to single-user, you'd rip open the envelope and use the password. When you were done, you'd change the password, write it down on a new piece of paper, and seal in in an evelope. The rest of the time, all admins used sudo. Nobody ever "knew" the root password. > The other users will have to make do with either > sudo or multiple uid=0 accounts. Multiple uid=0 accounts sounds better > in that it does not elevate ordinary passwords into root passwords (of > course, in practice people may keep them the same - can that be > helped?) but on the other hand, sudo would log... Just a reminder, you can configure sudo to use a different password from the regular user account (through PAM). That alternate password could be checked to ensure that it was strong and didn't match the user's password if you really wanted. Jason -- Jason Healy | [EMAIL PROTECTED] LogN Systems | http://www.logn.net/
