Subject: Re: Changing root's shell to /bin/sh
To: None <email@example.com>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 03/18/1999 03:32:36
[ On Wednesday, March 17, 1999 at 21:09:52 (-0600), Michael Richardson wrote: ]
> Subject: Re: Changing root's shell to /bin/sh
> Okay, please contribute code to allow me to have multiple system(s)
> managers, each with a password that is useful in single user
> Remember that I need at least two root passwords in many situations:
> one for the engineer who's machine it is (and is permitted to do quite
> a number of things), another for the system manager who comes to fix
> it when the engineer occasionally screws things up. If you think
> letting user's have root on the desktop screws up network security,
> then I hope you have no PCs or Mac's on your network.
I've seen kerberos used quite effectively to meet such requirements.
There's also 'sudo', which if used *very* carefully offers even more
finely grained control, but even in general seems to meet your
> Also remember that when one has more than 20 machines, if one
> system administrator leaves, then you have a real tough job if you
> have been sharing root passwords.
Again, kerberos can be your friend here....
Greg A. Woods
+1 416 218-0098 VE3TCP <email@example.com> <robohack!woods>
Planix, Inc. <firstname.lastname@example.org>; Secrets of the Weird <email@example.com>