hi all well if i may jump into this discussion ... id like to share alternative ways instead of giving out root passwords...
we have several machines with several admins and we use 'sudo' to give root priveleges to the admins. we dont even have to know the 'root' password to do root commands. the root password is kept by the head admin only. (of course, you shouldnt change the root password ;-) ) we also use SSH rsa/dsa identity on our load-balanced web servers. on these machines, we dont need root passwords, we just have to be able to login to one main machine with a correct ssh identity and key. from there as root, you can login to all the other machines directly just using ssh. well have a merry christmas and a happy new year too to all listers! cheers dianne --- John McQuillen <[EMAIL PROTECTED]> wrote: > On Mon, 2002-12-23 at 05:47, Brian York wrote: > > If you make all the root passwords on every > machine (17 linux machines) you > > are asking for more trouble than my way because > if an unauthorized user > > gets the root password then they can shut down > everthing. Were I work we > > have 83 machines (linux, VMS, windows) the > root/administrator password is > > different for each and VNC password is different. > Brush up on your security > > before you start telling people that they are > asking for troble. > > > > And another thing I don't know what you > affiliation with linux is and how > > you use it but when you login to a server it is > for superuser type > > activities any way. Its not you typical browse > around to see whats on it or > > experiment with "new commands". > > Yeah, but under your plan, your admins won't even > have an unprivileged > account to experiment with even if they wanted or > needed to. The first > thing most n00bs are taught about *nix, is 'DON'T > LOG ON AS ROOT', and > you're considering worse than this, you're > considering logging on as a > user, with root privs. > > The only reason I even suggested making all the root > passwords the same > was that you were worried that your admins wouldn't > be able to remember > a different password for each one. IMO this would be > better at least > than just giving root privileges to your admins user > accounts. > > Don't tell me to brush up on my security. You are > the one who seems > intent on allowing your admins to log in to your > systems with root > privileges. > > And by the way, I don't work day to day with linux, > but I do work in a > large network operations centre and I have loads of > admin passwords for > routers and switches to remember. If I can't > remember the password, I > can't get on. > > If you insist on giving root to your admins user > accounts, go ahead. > > And also by the way, you'd be asking for trouble. > Don't say I didn't > tell you so. > > John... > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com