The Root Account
There is also access to the all powerful root account.
On a Linux system root can do anything.
Although it is possible to restrict roots access to certain functions, a knowledgeable user with
root privileges can overcome that. There are many instances where you have several people
administering some aspect of the system, such as printers or the physical
network. I have seen it
myself where one person says "Well, he has root access, why can't I?"
Access to the root
account should be limited for a couple of reasons. First, the more people with
root access, the more people who have complete control over the
system. This makes access control difficult.
Also, the more people that have root access, the more fingers get pointed.
I know from experience that there are people who are going to deny having done
something wrong. Often this results in a corrupt system, as there are everyone
has the power to do everything, someone did something that messed up the system
somehow and no one will admit. Sound familiar?
fewer people that have root, the fewer fingers need to be pointed and the fewer
people can pass the buck. Not that what they did was malicious, mistakes do
happen. If there are fewer people with root access and something goes wrong,
tracking down the cause is much easier.
Rather than several
users all having the root password, some people think that it is safer to create
several users all with the UID
of root. Their belief is that since there are several lognames, it's easier to keep
track of things. Well, the problem in that thinking is that the system keeps track of
track of users by the UID. There is no way to keep these users separate, once they log in.
suggestion is that if several users need root powers, that you make it company
policy that no one logs in as root. Instead, you grant each required user the
su system privilege. They then login with
their own account
and do an su to root. Although everything is still done as root, a record of who
did the su can be written to /var/adm/syslog.
Once an intruder gains root access, then your
entire system is compromised. It is therefore important to not only limit who
has access as root, but to record who uses the root
account. One way is to implement a policy that no one logs
in as root, but must first login
with their own account
and then do an su to gain access to root.
precaution is to define secure terminals. These are the only terminals that
the root user can login
from. In my opinion, it is best to only consider directly connected
terminals as "secure". That is, the root user can log into the system console, but not
across the network.
To get access as root across the network, a user must first login
and then use su. This also provides a record of who used the root account and when.