On 04/08/2005, at 9:22 PM, Ken Foskey wrote:
Got this one today, strange one:
"Do you know if it is possible to setup a Linux redhat server to
require
two passwords to gain root access? The responsibilities for the server
are going to be split over two different teams and we don't want
either
to have root access without the other team knowing about it. Please
let
me know if you can come up with something."
Basically they would like to set up the machine so that it requires
two
people to sign in to root, an application guru and an administrator.
If anything is destroyed then they are both accountable as they look
over each others shoulders.
I'm guessing you could do a dual stage 'sudo su'. One account which
allows sudo su access to pre-root (which the application guy has the
password to) and then a sudo from pre-root -> root using the password
which the admin guy has.
You'd have to watch the console logins, that would be more tricky and
single user mode etc would have to be considered.
There may be holes in this theory, but I'm pretty sure a couple of
sudo statements and a pre-root account could be a way to do it.
--
Tony Green <[EMAIL PROTECTED]>
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
