Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!uxc.cso.uiuc.edu!uxc.cso.uiuc.edu!paul
From: paul@uxc.cso.uiuc.edu
Newsgroups: comp.unix.wizards
Subject: Re: Multiple Root ID's considered evil?
Message-ID: <174500009@uxc.cso.uiuc.edu>
Date: 16 Sep 89 19:24:00 GMT
References: <1723@convex.UUCP>
Lines: 18
Nf-ID: #R:convex.UUCP:1723:uxc.cso.uiuc.edu:174500009:000:810
Nf-From: uxc.cso.uiuc.edu!paul    Sep 16 14:24:00 1989


Re: multiple su accounts:

By and large we don't use them here.  The exception is for people like me
who act as floating fire-fighter and network cowboy on several systems. 
Keeping track of the root password on machines administered by different
people isn't possible w.o. writing them down.  By having an individual su on
those machines (with a strong password that's regularly changed) I can
fix problems w.o. tracking down the sysadmin.  All of our systems allow
direct root login from the console only.

The Next machine has a good idea: anyone in group 0 may su using their own
password.  The key here is to make sure those people pick good passwords.
Once someone no longer needs root access, simply edit /etc/group to remove
their user-id from the 0 group.

         Paul Pomes
	 Univ of Illinois, CSO