HPE Community
Operating System - Linux
1821244 Members
2825 Online
109632 Solutions
New Discussion юеВ

backup of root user

 
SOLVED
Go to solution
praveen..
Super Advisor

тАО01-03-2007 07:17 PM

тАО01-03-2007 07:17 PM

backup of root user

Hi,
Some times , I need to share the root password of my linux servers with another team

So 1st I changed the root password and then inform them.

once their activity had been done completely,
again I need to change it back.


So I want to keep a backup root username always before changing and handing over to another team incase some one from another team mistakely changes the root password or resets and forgets.

Please suggest
Thanks
0 Kudos
Reply
10 REPLIES 10
Ivan Krastev
Honored Contributor

тАО01-03-2007 07:25 PM

тАО01-03-2007 07:25 PM

Re: backup of root user

Better way is to use sudo - you can grant root access to specific users/groups without sharing root password.


regards,
ivan
Reply
Alexander Chuzhoy
Honored Contributor

тАО01-03-2007 07:33 PM

тАО01-03-2007 07:33 PM

Re: backup of root user

Agree with Ivan.
Never give your root password.
With sudo you can specify a list of command that can be run as root, thus limiting unnecessary access.
You can edit the sudoers file with `visudo`.
Reply
Zeev Schultz
Honored Contributor

тАО01-03-2007 08:41 PM

тАО01-03-2007 08:41 PM

Re: backup of root user

If your colleagues access to your servers via ssh you may do the following - let them ssh to your server with public keys authentication only. In this case they don't know root password but receive access as root to your server. Obviously,once got root access they can change things as they like. So I'd see this as a "lasy" option while sudo can be more secure but time consuming to set :)
So computers don't think yet. At least not chess computers. - Seymour Cray
Reply
Arnd Kohlen
Advisor

тАО01-04-2007 01:28 AM

тАО01-04-2007 01:28 AM

Re: backup of root user

"sudo" is the best choice.

One more possibility is to add an user with group id "0" (root) so it should have enough permissions to run the needed operations. Just disable this user if the work is done.
Reply
Roland Piette
Regular Advisor

тАО01-05-2007 03:19 AM

тАО01-05-2007 03:19 AM

Re: backup of root user

Hello,

To prevent root password lost (I suppose it's what you want) follow these steps :

As root
copy a shell in a user dir (Ksh for example)
change owner of the file with chown root:root
change file attribute : chmod 6555
His attribute will be r-sr-sr-x.

To keep save your work :
Copy these file on a backup media (a tape, or cd) before removing from your local user directory.

When necessary, restore this file in a user directory and use it. You will gain the root rights when this (unsafe) shell will start.

Roland
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО01-06-2007 03:53 AM

тАО01-06-2007 03:53 AM

Re: backup of root user

Shalom,

If you don't trust the other team not to change the root password then you should not give it to them.

There is no way to prevent a user with root priviledges to do anything, so backing up files is useless as you won't be able to restore them.

Our team gives sudo to particular commands, even though it can be a pain to configure as they always find more commands they need.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
praveen..
Super Advisor

тАО01-09-2007 07:05 PM

тАО01-09-2007 07:05 PM

Re: backup of root user

Hi,
No issue is with sharing the root password with other team,

But in case, they forgot the password & changed it by mistake,

so i want one more user with root preveliages so that if in case, we forgot the root password, we can get it back.


should i create a user with user id "0"

Please suggest

thanks
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

тАО01-09-2007 08:32 PM

тАО01-09-2007 08:32 PM

Solution

Re: backup of root user

1. Have a document (encrypted) with root's password.
2. In case you lost root's password - you can always boot to "Single" init. In this init - you won't be prompted for password and you have the ability to change a password with "passwd" command.
To boot to single mode:

Select Red Hat Linux with the version of the kernel that you wish to boot and type e for edit. You will be presented with a list of items in the configuration file for the title you just selected.

Select the line that starts with kernel and type e to edit the line.

Go to the end of the line and type single as a separate word (press the [Spacebar] and then type single). Press [Enter] to exit edit mode.

Back at the GRUB screen, type b to boot into single user mode.
Reply
Roland Piette
Regular Advisor

тАО01-09-2007 11:48 PM

тАО01-09-2007 11:48 PM

Re: backup of root user

Hi all,

I have to come back on the solution of Alexander. How is it possible to execute the shutdown or init -0 command without root privilege? Is possible only if you are already connected as root. In this case you can simply change de root password ! In all other cases you have to use the BRS (Big Red Switch) to power off the system and gain access to GRUB.

Roland
Reply
Yogeeraj_1
Honored Contributor

тАО01-10-2007 03:19 PM

тАО01-10-2007 03:19 PM

Re: backup of root user

hi,

depending on the criticality of the server and the trust you have on the other team member, you might as well create another user with id "0".

it will also depend on the policy you have implemented there.

anyway, even if they change the root password without you knowing it you can always reboot the server in single-mode and change it back. Well, this will be definitely an inconvenience but this will again depends on the criticality of the servers.

Since you have many linux serversm, SSH will be my preferred solution as well.

hope this helps too!

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.