cancel
Showing results for 
Search instead for 
Did you mean: 

To keep the root password

Son dam bi
Advisor

To keep the root password

In my network , there are many unix / linux server , and we have a few administrators have these server's root password , our administrator will base on user request to change the user's password but however sometimes we have uncarelessly changed root password , then we have to do something ( reboot , single login ... ) to get back the password .

Therefore , I would like to ask what is the best way to prevent the lost of root password in my case , I know if release the .ssh without password to another server , it can prevent the password lost but I concern the security issue .

Can you please advise the way . Thanks

ps. the administrators must have all server's password , this is company policy so I can't assign the root premission to a specific administrator .
6 REPLIES
Sunny Jaisinghani
Trusted Contributor

Re: To keep the root password

Direct root login is a security concern.
Hence it is advised to use "sudo".

You can ssh to any remote host using your login credentials and then do "sudo su -" to get root login.

Hope this helps

Sunny
Johnson Punniyalingam
Honored Contributor

Re: To keep the root password

Solution:-

implement Sudo or power broker

Problems are common to all, but attitude makes the difference
Vishu
Trusted Contributor

Re: To keep the root password

I agree.

Use sudo. i will prevent you to login directly with root or to anything with the root password.

i hope you find your answer.
OldSchool
Honored Contributor

Re: To keep the root password

"have uncarelessly changed root password "....


right..and they probably did it by getting root access and typing

passwd

-instead of-

passwd

you could write a script that takes the place of the normal passwd command and prevents the first form...potentially messy

or you could set up passwordless login via ssh and keys allowing you access to the server to fix root's passwd when its accidentaly been changed. Still allows the root password to be changed accidentally, but gives you a way in to fix it without going into single-user mode.

I don't believe sudo will fix that issue, as the user with access to the passwd command can still use the first form of the command and "accidentally" change root's password.

PowerBroker might allow you to script this, but it would be a relatively expensive proposition. It could, however, allow you to identify the party(ies) that are doing this...

Unfortunately, technology doesn't fix carelessness....it can only mitigate the fallout.
Tingli
Esteemed Contributor

Re: To keep the root password

sudo can do the trick since it doesn't need root password to get into root.
OldSchool
Honored Contributor

Re: To keep the root password

right...I was thinking more along the lines of "stopping it from happening" in the first place.

of course, anything eliminates the need to hand out the "root" password willy-nilly would be a good thing.

Auditors / compliance officers must have a field day with this as it currently set-up