Re: Adding a superuser

[Dave Sherohman]

On Sun, Jan 09, 2000 at 03:05:12PM -0500, Arcady Genkin wrote:
 IIRC, bash is almost always dynamically linked, while sh is statically
 linked.

Guess again:

kuno ~$ ls -l /bin/sh
lrwxrwxrwx1 root root4 May 25  2000 /bin/sh - bash
kuno ~$

 It's a good measure to have a fall-back superuser account for
 emergencies, IMHO.

Yes, it is.  Just use sash (apt-get install sash) as the backup shell instead
of /bin/sh.

-- 
SGI products are used to create the 'Bugs' that entertain us in theatres
and at home. - SGI job posting
Geek Code 3.1:  GCS d? s+: a- C++ UL++$ P+ L+++ E- W--(++) N+ o+
!K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI D G e* h+ r y+

Re: Adding a superuser

[2]

Why on Earth would u want to???
unless u have a really, really good reason to, don't bother and just have the
one superuser. the more superusers u have the more of a security risk you 
create since it makes available more priveleged accounts for malicious users
to hack and do whatever they please with your system. This may mean nothing
to you, but it's still good policy to be at least a little concerned about
security.
if you need someone
else with root priveleges, and you trust them to use them correctly, give them
the root password. if the other person only needs access to a few things
look into using the super package.

if all you're trying to do is add a user to group root (which doesn't make
them a superuser i might add) just edit /etc/group by hand and append the
usernames separated by commas.

from

da Bobstopper

Original Message--

I need to add a second superuser.

useradd -G root name fails as does every permutation I can think of.

Would someone mind just dropping me a line with the correct useradd or adduser 
or usermod syntax?

Thanks!

Patrick


-- 
Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED]  /dev/null

- End of forwarded message from Patrick Kirk -

Re: Adding a superuser

[Arcady Genkin]

Robert Marlow (2) [EMAIL PROTECTED] writes:

 Why on Earth would u want to???

Well, I have two superuser accounts on my system: root with default
shell bash, and toor with default shell sh. This is very common
usage on BSD systems -- if bash becomes corrupted or inaccessible, you
can login with toor and do your thing.

IIRC, bash is almost always dynamically linked, while sh is statically
linked. It's a good measure to have a fall-back superuser account for
emergencies, IMHO.

The way to add a superuser is to create another user account with a
userid 0.

,[ For example ]
| tea:~# useradd -u 0 -o -g root -d /root -s /bin/sh toor
`

Don't forget to do a passwd toor after that.
-- 
Arcady Genkin http://www.thpoon.com
'What good is my pity? Is not the pity the cross upon which he who
loves man is nailed?..' (Zarathustra - F. Nietzsche)

Re: Adding a superuser

[John Hasler]

Arcady Genkin writes:
 Well, I have two superuser accounts on my system: root with default shell
 bash, and toor with default shell sh.
 ...
 IIRC, bash is almost always dynamically linked, while sh is statically
 linked.

lrwxrwxrwx1 root root4 Nov  6 19:39 /bin/sh - bash

Make 'sash' toor's shell.
-- 
John Hasler
[EMAIL PROTECTED]
Dancing Horse Hill
Elmwood, Wisconsin

Re: Adding a superuser

[Arcady Genkin]

John Hasler [EMAIL PROTECTED] writes:

 lrwxrwxrwx1 root root4 Nov  6 19:39 /bin/sh - bash

Geez! Thanks for pointing this out, I had no idea. I wonder what would
be the rationale for not including a standard sh in a distro... 8-/

 Make 'sash' toor's shell.

Done. Thanks for the tip.
-- 
Arcady Genkin http://www.thpoon.com
'What good is my pity? Is not the pity the cross upon which he who
loves man is nailed?..' (Zarathustra - F. Nietzsche)

Re: Adding a superuser

[John Hasler]

Brian Servis writes:
 If sh - ash and 'things break' then those 'things' should call bash or
 whatever shell explicitly, and a bug report should be filed against that
 'thing' .

Yes, of course.  However, the gentleman's goal appears to be improved
robustness, not Debian debugging.

 I have had sh - ash for several months now and have not had any
 problems.

Excellent.
-- 
John Hasler
[EMAIL PROTECTED]
Dancing Horse Hill
Elmwood, Wisconsin

Re: Adding a superuser

[William T Wilson]

On Sun, 9 Jan 2000, Patrick Kirk wrote:

 I need to add a second superuser.

No you don't.

If you want someone else to have root access, then just give them the root
password.

If you want someone else to be able to do some root tasks but not really
be root, you have two choices.
1) Make the program setuid root.
2) Use sudo.

Neither of these options is especially secure, but they're better than
nothing.

If you put another user with UID 0 in /etc/passwd then that login will
also be root, it will just have another name.  This will confuse some
things and accomplish nothing as it will provide no security benefit.  
Just give them the root password.

If you are trying to get around some various restriction on root (for
example, the prohibition on logging in via telnet) then you can add as
many superusers as you like, the restrictions will apply to them all.  If
you really want to get around them, then you should configure the program
in question to stop enforcing those restrictions.

Re: Adding a superuser

[Patrick Kirk]

Thinking about it, you're right so I won't use it.  Thanks.

Re: Adding a superuser

[Patrick Kirk]

Thinking about it, you're right.

Thanks.

Patrick

Re: Adding a superuser

[Joe Block]

William T Wilson wrote:
 
 On Sun, 9 Jan 2000, Patrick Kirk wrote:
 
  I need to add a second superuser.
 
 No you don't.
 
 If you want someone else to have root access, then just give them the root
 password.
 
 If you want someone else to be able to do some root tasks but not really
 be root, you have two choices.
 1) Make the program setuid root.
 2) Use sudo.
 
 Neither of these options is especially secure, but they're better than
 nothing.
 
 If you put another user with UID 0 in /etc/passwd then that login will
 also be root, it will just have another name.  This will confuse some
 things and accomplish nothing as it will provide no security benefit.
 Just give them the root password.

But it does provide security benefits.  I've worked in multiple admin
environments where (before we discovered sudo) we did this so that each
admin could change his password without worrying about having the other
admins out for his blood.

It was in a .edu environment where we were forced by the powers that be
to do root stuff from users machines occasionally, and (after having
been burned once of course) had a strict policy of changing our personal
root password whenever we'd used it where students had a chance of
watching the keyboard.

RMS can call me selfish, but when I'm the one responsible for keeping a
machine running for a large group of users, I want to be the one who
broke it by doing something stupid^Wignorant as root.  Let them learn
how to be an admin on their own machines, not the ones people are doing
classwork on.

jpb
-- 
Joe Block [EMAIL PROTECTED]
CREOL System Administrator

Social graces are the packet headers of everyday life.