topic Re: backup of root user in Operating System - Linux

backup of root user

praveen.. — Thu, 04 Jan 2007 03:17:12 GMT

Hi,
Some times , I need to share the root password of my linux servers with another team

So 1st I changed the root password and then inform them.

once their activity had been done completely,
again I need to change it back.

So I want to keep a backup root username always before changing and handing over to another team incase some one from another team mistakely changes the root password or resets and forgets.

Please suggest
Thanks

Re: backup of root user

Ivan Krastev — Thu, 04 Jan 2007 03:25:18 GMT

Better way is to use sudo - you can grant root access to specific users/groups without sharing root password.

regards,
ivan

Re: backup of root user

Alexander Chuzhoy — Thu, 04 Jan 2007 03:33:26 GMT

Agree with Ivan.
Never give your root password.
With sudo you can specify a list of command that can be run as root, thus limiting unnecessary access.
You can edit the sudoers file with `visudo`.

Re: backup of root user

Zeev Schultz — Thu, 04 Jan 2007 04:41:12 GMT

If your colleagues access to your servers via ssh you may do the following - let them ssh to your server with public keys authentication only. In this case they don't know root password but receive access as root to your server. Obviously,once got root access they can change things as they like. So I'd see this as a "lasy" option while sudo can be more secure but time consuming to set :)

Re: backup of root user

Arnd Kohlen — Thu, 04 Jan 2007 09:28:49 GMT

"sudo" is the best choice.

One more possibility is to add an user with group id "0" (root) so it should have enough permissions to run the needed operations. Just disable this user if the work is done.

Re: backup of root user

Roland Piette — Fri, 05 Jan 2007 11:19:02 GMT

Hello,

To prevent root password lost (I suppose it's what you want) follow these steps :

As root
copy a shell in a user dir (Ksh for example)
change owner of the file with chown root:root
change file attribute : chmod 6555
His attribute will be r-sr-sr-x.

To keep save your work :
Copy these file on a backup media (a tape, or cd) before removing from your local user directory.

When necessary, restore this file in a user directory and use it. You will gain the root rights when this (unsafe) shell will start.

Roland

Re: backup of root user

Steven E. Protter — Sat, 06 Jan 2007 11:53:38 GMT

Shalom,

If you don't trust the other team not to change the root password then you should not give it to them.

There is no way to prevent a user with root priviledges to do anything, so backing up files is useless as you won't be able to restore them.

Our team gives sudo to particular commands, even though it can be a pain to configure as they always find more commands they need.

SEP

Re: backup of root user

praveen.. — Wed, 10 Jan 2007 03:05:35 GMT

Hi,
No issue is with sharing the root password with other team,

But in case, they forgot the password & changed it by mistake,

so i want one more user with root preveliages so that if in case, we forgot the root password, we can get it back.

should i create a user with user id "0"

Please suggest

thanks

Re: backup of root user

Alexander Chuzhoy — Wed, 10 Jan 2007 04:32:50 GMT

1. Have a document (encrypted) with root's password.
2. In case you lost root's password - you can always boot to "Single" init. In this init - you won't be prompted for password and you have the ability to change a password with "passwd" command.
To boot to single mode:

Select Red Hat Linux with the version of the kernel that you wish to boot and type e for edit. You will be presented with a list of items in the configuration file for the title you just selected.

Select the line that starts with kernel and type e to edit the line.

Go to the end of the line and type single as a separate word (press the [Spacebar] and then type single). Press [Enter] to exit edit mode.

Back at the GRUB screen, type b to boot into single user mode.

Re: backup of root user

Roland Piette — Wed, 10 Jan 2007 07:48:19 GMT

Hi all,

I have to come back on the solution of Alexander. How is it possible to execute the shutdown or init -0 command without root privilege? Is possible only if you are already connected as root. In this case you can simply change de root password ! In all other cases you have to use the BRS (Big Red Switch) to power off the system and gain access to GRUB.

Roland

Re: backup of root user

Yogeeraj_1 — Wed, 10 Jan 2007 23:19:58 GMT

hi,

depending on the criticality of the server and the trust you have on the other team member, you might as well create another user with id "0".

it will also depend on the policy you have implemented there.

anyway, even if they change the root password without you knowing it you can always reboot the server in single-mode and change it back. Well, this will be definitely an inconvenience but this will again depends on the criticality of the servers.

Since you have many linux serversm, SSH will be my preferred solution as well.

hope this helps too!

kind regards
yogeeraj