Björn Persson wrote:
Our Windows solution is to create two administrator-capable accounts. How
can we best do the same with Linux machines?
I may be wrong but I think it's possible to have several user names with user ID 0.
Keven Ring wrote:
Third, too many "system administrators" [read: ROOT USERS] are likely to cause more headaches than it is worth.
If more than one person needs root access, and a few selected commands through sudo isn't enough, then surely it's better to have multiple root accounts that to share a password.
Björn Persson
I disagree!
Here is a situation where this does not make sense, and the use of sudo does make sense
1. Multiple users with root authority. john, bill, and sam
one of these 3 happens to get mad/upset/frustrated/careless
This user (lets say john) logs in and runs some commands that are very destructive to the system
(have you ever heard of "rm -rf /" being run????)
All three users actions are recorded as being done by root, thus no way to track who did what or when.
The analysis of the problem shows that "root" did some dumb/careless/harmfull things to the system.
Who is responsible????? Answer: one of the above
2. One closely guarded root account with multiple users allowed the same access with sudo.
again, users john, bill, and sam (but none of these users know the root password)
The same user decides to do the dirty deed he did in the above scenario.
Sudo actions are logged by user name, the user only has limited privledges when not using sudo.
John now uses sudo to do his dirty work, and it is logged by user name/time/command
Analysis shows john did the nasty deed.
Who is responsible????? Answer: john.
3. An additional valid argument against allowing users to routinely log in and function as root is that a single careless keystroke can take the system completely down and cost you (or the company) thousands or even millions in doing recovery and possible lost business or sales.
All system administrators have at some time done something they wished they hadn't, and if they were not logged in as root the results would likely be harmless. After all, "joe user" cannot delete all the files in /usr. However, "root" can do just that.
Bottom Line:
Sudo can give any chosen user the right to take whatever actions he/she is allowed without compromising the root password, and also logs what actions that user actually takes. It does this without compromising the security of your data/applications that could result from a careless action of a root user.
Remember, when something bad happens, an explaination is due. Logs provide a means of identifying who/what/when happened. The root user (and anyone with his privledges) has free rein to do anything without having his actions logged. Sudo provides the same freedom but adds the logging of who/what/when.
