Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Would You Distribute Root Access?

Posted by Cliff on from the elevated-privileges dept.

dhanks asks: "I'm one of 10 administrators in our group. We're equally responsible for about 300 UNIX servers. We're having problems keeping track of all the root passwords and some of the administrators have taken it upon themselves to implement different security standards. (sudo with silly !SHELLS restrictions) How do other companies and system administrators handle the distribution of root access? I've been charged with coming up with a security policy and I would like to receive some feedback. I'm currently thinking of personal root accounts that would be locked via the /etc/passwd and would only be accessible via 'sudo su - adm_userid' that way each administrator may have full root access only using his regular user password instead of having to keep track of root passwords." While this is similar to an earlier question, this question deals with insuring authorized administrators have the access they need. How would you distribute root over hundreds of Unix machines to the administrators that need it?

3 of 148 comments (clear)

  1. I would combine them. by Anonymous Coward · · Score: 5, Funny

    First, create one super administrator from the 10 (sorta like Voltron).

    Second, create one giant supercomputer cluster from the 300 machines.

    Third, give your new super administrator root access (with their choice of password) on the new supercomputer.

  2. What about key-based SSH authentication? by DocSnyder · · Score: 5, Insightful
    Every admin can generate his SSH key pair and have the public key appended to /root/.ssh/authorized_keys. Maybe the private keys could be stored on a USB stick or a chip card for better security. They should be protected by key-specific passwords, too.

    So nobody would get in touch with actual root passwords, which can be stored at a safe place.

  3. dealing with this as well... by orn · · Score: 5, Interesting

    I'm a user dealing with this right now. Here's what I wish they'd implement at my place.

    Give _everyone_ root access. These machines are behind a firewall, right? These are used by developers working to design/forward your company's projects right? If there's the slightest chance that they'll need root, give it to them.

    Now, how do you deal with the chaos that results?

    Simple. Write a script that reimages the drives on a regular basis. Daily, weekly, monthly, or even by command. In that way, you know the machines will always be kept up to date.

    Use your existing admins to maintain and develope the image that you push down to the client machines. Every user should know that the machines will be reimaged often and that they can't plan on the machine always being in the same state. If they have an application or library that they want to persist, then have a procedure for having one of your admins add it to the master image.

    User files should be kept on a file server elsewhere. Home directories may or may not be mounted to the machines as you like.

    Everyone deserves root. Even those people that are going to screw the system up. (Once or twice, and they won't do it again.)

    --
    1. 2.