Using Unknown Passwords
Ed Schaefer and John Spurgeon
Often, several administrators have root privileges on a system. In cases where
people are allowed to log in as root or use su to become root, more than one
person needs to know root's password.
Sharing root's password presents challenges and raises security concerns.
How do you know who did what as root? Who gets to change root's password, and
how is information communicated? How do you revoke or change someone's access
to a system when they know root's password?
Instead of sharing root's password, consider setting root's password to a
value that nobody knows.
With sudo, root privileges can be granted to individuals even though root's
password is unknown. (This technique can be used to manage passwords for any
privileged account -- not just root.) A carefully crafted program can automatically
generate a strong password. Finally, an entry in root's crontab file can periodically
set root's password to a random value.
This column describes the sudo setup; a Korn shell script, genpass, that generates
a random password; and two methods for root to automatically set the password.
Granting Root Privileges with sudo
Sudo is a free utility that allows a user to run commands as root or any other
user without having to know another user's password.
Below is a simple /etc/sudoers file that gives tom, dick, and harriet the
ability to become root without needing to know root's password:
Cmnd_Alias BECOME_ROOT = /sbin/su - root
User_Alias SUPER_USERS = tom, dick, harriet
SUPER_USERS ALL = BECOME_ROOT
For members to log in as root, they must execute this command:
sudo su -
If this seems too complicated, you could create an alias such as:
become='sudo su -'
Now, all the user has to type to become root is:
become root
Although sudo setup is outside the scope of this article, it is worth noting that
you should always edit the /etc/sudoers file using visudo; this is analogous
to using vipw to edit /etc/password.
|
