We (the III yr students) are going to be given the
adminstration power of our CS linux server, which was
being adminstered by our seniors who are leaving this
We, i.e. a group of 6-8 people were informed to
adminster the system. The server is running Debian
GNU/Linux. The root password must be known to two
staffs (one teaching and other non-teaching) in our
department all the time. But they are not on the job
of doing real administration. The whole
administration has to be done by the students.
Our seniors told us that he will giving the root
passwords to all(6-8 students) of us, and we have to
adminster the system. My point is to have only two
students have the root password, and other handle
different parts of adminstration. For example,
webpage maintainers can be added the webmaster group,
so that they have access to the document-root.
Likewise permission in specific stuffs like
maintaining portals, websites can be handled by
creating respecting groups and adding members to that
group. But root password must be known only to two
students. As one of the student is a day-scholar the
other must be a hosteller.
But having given the root password to more than one
student means who is responsible when the system is
compromised by attackers, or when some sort of havoc
has happened. If only one person was allowed to
adminster(root access) the system, he should have felt
a relieve in enforcing security policies and stuffs
like that, because there is no second administrator.
But so far, every year we had more than one student
remembering the root password.
Is it wise to let more than one person to have the
root password of a linux system? If not, is it enough
to delegate responsibilities of different
adminstration activities by creating different
filesystem-groups? Please note that the root password
should (a must) be known to our two department staffs
at any time.
"How do you power off this machine?" (Linus, when upgrading
linux.cs.helsinki.fi, and after using the machine for several months.)
Email: r_sridhar xATx users xDOTx sf xDOTx net
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam