The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > The Lounge > What's on Your Mind?
Reload this Page Root User Management
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: Root User Management
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #3 (permalink)  
Old 01-06-2006
Perderabo's Avatar
Perderabo Perderabo is offline Forum Staff  
Unix Daemon
  
 

Join Date: Aug 2001
Location: Ashburn, Virginia
Posts: 9,131
I have never seen best practices implemented. But in an ideal world... The root account cannot be used to access the box. You sign on as bob, or george, or whatever. Then you su to root, leaving a audit trail. The exception to this is the system console port...you can log on as root there, reboot the machine, etc. The console port can be accessed only from the computer room. Or, if that is too restrictive, the console port is accessed from a remote console server. You need to signin to the console server as yourself and this leaves an audit trail.

The root password is a strong password. It is available only to a few experts. Can you recover from any disaster? If not, no root password for you. (Possibly a manager has, but does not personally use, the password.) When one of these experts leaves, you disable his or her account. And you change the root password.

Other people use sudo if they need root for something... this also leaves an audit trail. This does not mean ALL in sudoers however. Just a few limited commands.

Something like this is our official policy. But various bigshots often arrange exceptions.