Subject: Re: Changing root's shell to /bin/sh
To: None <>
From: Greg A. Woods <>
List: tech-userlevel
Date: 03/18/1999 03:32:36
[ On Wednesday, March 17, 1999 at 21:09:52 (-0600), Michael Richardson wrote: ]
> Subject: Re: Changing root's shell to /bin/sh 
>   Okay, please contribute code to allow me to have multiple system(s) 
> managers, each with a password that is useful in single user
> mode. 
>   Remember that I need at least two root passwords in many situations:
> one for the engineer who's machine it is (and is permitted to do quite
> a number of things), another for the system manager who comes to fix
> it when the engineer occasionally screws things up. If you think
> letting user's have root on the desktop screws up network security,
> then I hope you have no PCs or Mac's on your network. 

I've seen kerberos used quite effectively to meet such requirements.

There's also 'sudo', which if used *very* carefully offers even more
finely grained control, but even in general seems to meet your

>   Also remember that when one has more than 20 machines, if one
> system administrator leaves, then you have a real tough job if you
> have been sharing root passwords. 

Again, kerberos can be your friend here....

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>      <robohack!woods>
Planix, Inc. <>; Secrets of the Weird <>