Linux Debian support - Re: multiple UID 0 login accounts (was change shell for root)

This is Interesting: Free IT Magazines  
Home > Archive > Linux Debian support > December 2005 > Re: multiple UID 0 login accounts (was change shell for root)





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: multiple UID 0 login accounts (was change shell for root)
Michael Paoli

2005-12-26, 5:47 pm

Michael C. wrote:
> While I'm not positive of all of the security implications, I've
> seen boxes that had a second root account 'toor' with uid and gid
> 0, with a different shell, usually tcsh, I imagine it could make
> logging a nightmare if they were different users, but if they're
> the same that shouldn't be a problem.
>
> Iirc most programs/scripts use uid rather than username which may
> be problematic in some circumstances.

Multiple UID 0 login accounts is generally a bad idea security-wise.

In general, for security,

o To the extent feasible, one should never log in directly as
superuser (root). E.g. use sudo from one's individual personal
login account. Rationale includes auditing/logging and individual
accountability, control and minimal distribution/use of superuser
(root) password(s), etc.
o Don't have multiple superuser (UID 0) accounts. Rationale includes
auditing/logging (unique UID <--> login name mapping), control and
minimal distribution/use of superuser (root) password(s), etc.

Followup-to: adjusted and Subject: updated

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com