Re: Adding a superuser
On Sun, Jan 09, 2000 at 03:05:12PM -0500, Arcady Genkin wrote: IIRC, bash is almost always dynamically linked, while sh is statically linked. Guess again: kuno ~$ ls -l /bin/sh lrwxrwxrwx1 root root4 May 25 2000 /bin/sh - bash kuno ~$ It's a good measure to have a fall-back superuser account for emergencies, IMHO. Yes, it is. Just use sash (apt-get install sash) as the backup shell instead of /bin/sh. -- SGI products are used to create the 'Bugs' that entertain us in theatres and at home. - SGI job posting Geek Code 3.1: GCS d? s+: a- C++ UL++$ P+ L+++ E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI D G e* h+ r y+
Re: Adding a superuser
Why on Earth would u want to??? unless u have a really, really good reason to, don't bother and just have the one superuser. the more superusers u have the more of a security risk you create since it makes available more priveleged accounts for malicious users to hack and do whatever they please with your system. This may mean nothing to you, but it's still good policy to be at least a little concerned about security. if you need someone else with root priveleges, and you trust them to use them correctly, give them the root password. if the other person only needs access to a few things look into using the super package. if all you're trying to do is add a user to group root (which doesn't make them a superuser i might add) just edit /etc/group by hand and append the usernames separated by commas. from da Bobstopper Original Message-- I need to add a second superuser. useradd -G root name fails as does every permutation I can think of. Would someone mind just dropping me a line with the correct useradd or adduser or usermod syntax? Thanks! Patrick -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null - End of forwarded message from Patrick Kirk -
Re: Adding a superuser
Robert Marlow (2) [EMAIL PROTECTED] writes: Why on Earth would u want to??? Well, I have two superuser accounts on my system: root with default shell bash, and toor with default shell sh. This is very common usage on BSD systems -- if bash becomes corrupted or inaccessible, you can login with toor and do your thing. IIRC, bash is almost always dynamically linked, while sh is statically linked. It's a good measure to have a fall-back superuser account for emergencies, IMHO. The way to add a superuser is to create another user account with a userid 0. ,[ For example ] | tea:~# useradd -u 0 -o -g root -d /root -s /bin/sh toor ` Don't forget to do a passwd toor after that. -- Arcady Genkin http://www.thpoon.com 'What good is my pity? Is not the pity the cross upon which he who loves man is nailed?..' (Zarathustra - F. Nietzsche)
Re: Adding a superuser
Arcady Genkin writes: Well, I have two superuser accounts on my system: root with default shell bash, and toor with default shell sh. ... IIRC, bash is almost always dynamically linked, while sh is statically linked. lrwxrwxrwx1 root root4 Nov 6 19:39 /bin/sh - bash Make 'sash' toor's shell. -- John Hasler [EMAIL PROTECTED] Dancing Horse Hill Elmwood, Wisconsin
Re: Adding a superuser
John Hasler [EMAIL PROTECTED] writes: lrwxrwxrwx1 root root4 Nov 6 19:39 /bin/sh - bash Geez! Thanks for pointing this out, I had no idea. I wonder what would be the rationale for not including a standard sh in a distro... 8-/ Make 'sash' toor's shell. Done. Thanks for the tip. -- Arcady Genkin http://www.thpoon.com 'What good is my pity? Is not the pity the cross upon which he who loves man is nailed?..' (Zarathustra - F. Nietzsche)
Re: Adding a superuser
Brian Servis writes: If sh - ash and 'things break' then those 'things' should call bash or whatever shell explicitly, and a bug report should be filed against that 'thing' . Yes, of course. However, the gentleman's goal appears to be improved robustness, not Debian debugging. I have had sh - ash for several months now and have not had any problems. Excellent. -- John Hasler [EMAIL PROTECTED] Dancing Horse Hill Elmwood, Wisconsin
Re: Adding a superuser
On Sun, 9 Jan 2000, Patrick Kirk wrote: I need to add a second superuser. No you don't. If you want someone else to have root access, then just give them the root password. If you want someone else to be able to do some root tasks but not really be root, you have two choices. 1) Make the program setuid root. 2) Use sudo. Neither of these options is especially secure, but they're better than nothing. If you put another user with UID 0 in /etc/passwd then that login will also be root, it will just have another name. This will confuse some things and accomplish nothing as it will provide no security benefit. Just give them the root password. If you are trying to get around some various restriction on root (for example, the prohibition on logging in via telnet) then you can add as many superusers as you like, the restrictions will apply to them all. If you really want to get around them, then you should configure the program in question to stop enforcing those restrictions.
Re: Adding a superuser
Thinking about it, you're right so I won't use it. Thanks.
Re: Adding a superuser
Thinking about it, you're right. Thanks. Patrick
Re: Adding a superuser
William T Wilson wrote: On Sun, 9 Jan 2000, Patrick Kirk wrote: I need to add a second superuser. No you don't. If you want someone else to have root access, then just give them the root password. If you want someone else to be able to do some root tasks but not really be root, you have two choices. 1) Make the program setuid root. 2) Use sudo. Neither of these options is especially secure, but they're better than nothing. If you put another user with UID 0 in /etc/passwd then that login will also be root, it will just have another name. This will confuse some things and accomplish nothing as it will provide no security benefit. Just give them the root password. But it does provide security benefits. I've worked in multiple admin environments where (before we discovered sudo) we did this so that each admin could change his password without worrying about having the other admins out for his blood. It was in a .edu environment where we were forced by the powers that be to do root stuff from users machines occasionally, and (after having been burned once of course) had a strict policy of changing our personal root password whenever we'd used it where students had a chance of watching the keyboard. RMS can call me selfish, but when I'm the one responsible for keeping a machine running for a large group of users, I want to be the one who broke it by doing something stupid^Wignorant as root. Let them learn how to be an admin on their own machines, not the ones people are doing classwork on. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.