I'm managing a few linux boxes (in testing phase) and am wondering what best practices exist for handling the root account. As of today, root has been assigned the same password on all machines and members of my group know this common password. What would be really nice is to have something like NT's Domain Admin group where members can have the high level of permissions by association. I guess that would involve setting up something like OpenLDAP or something...

I guess I'd just love to hear ideas, comments, etc from others that have thought about this and hear about what the various alternatives are.

Should be interesting....

Best,
mtf8

First thing you want to do is make sure nobody but you know the root password. If they do, you could be in for a heap of trouble later.

One thing that you can use is a program called SUDO. This program allows you to assign certain priviledges to users who you want to have those priviledges. Everything else, they can't touch. Check out the man pages for SUDO. Also, the file you'll edit (once you learn how to use it) will be /etc/sudoers

Hope that helps you.


Dark Ninja
http://www.teamvirus.net/

1. Never give the same password to any user across machines, especially root.

2. Install and configure sudo (http://www.courtesan.com/sudo/index.html)

Be careful when configuring sudo! I was able to crack my friend's box because he had sudo misconfigured. Do not allow users to use sudo to run programs that can spawn shells.

ahhh great. I'm off to read about sudo. I'd love to keep this thread going though just to hear more ideas on this important subject :)

thanks!.....