On Mon, 20 Aug 2001 08:34:43 -0500, David Burgess <burgess@neonramp.com> wrote:
> Do what I do (22 machines, 8 admins).
> 
> - Give each person a login account on the machines in question.  
> - Make each person a member of the wheel group.
> - Disable root login via ssh.
> - Have them log in as themselves.
> - Have them 'su'.
> 
> This way, my root passwords are kept one layer away from the Internet
> and I know who did what as root, since the 'su' is logged.

Maybe I'm missing something here, but isn't it safer to have them
'sudo' instead of 'su'?  That way, you never have to give the real
root password out to anyone.  Plus, you can restrict what they can do
based on their skill level, etc.  I'm not 100% sure but I think sudo
is or can be logged, too.

Cheers,

Ken