boomboom999@yahoo.com wrote:
> Thank you Lew
>
> Could you explain why having more than one "UID 0" could be a problem?
>
> Thank you in advance
>
There are a couple of good reasons why you shouldn't. First, users are
identified by their UID. This means that to the logfiles and
permissions on the system, these users all look the same. If anyone
does anything that causes a problem (intentionally or not), you have no
way of confirming who it was.

Second, users should not be logging in with a UID 0 account at all. If
each user has a non-privileged account that is capable of using sudo,
then the worst that happens it that they have to type a password once or
twice when they wouldn't have had to previously (note that this is still
the same password used for login). Since they're logging in over SSH
(note it should be version 2 - SSH1 is insecure), there's no real
disadvantage to this other than the 2 seconds of inconvenience.

You get a number of benefits from this:

Sudo logs everything that the user does - this makes it much simpler to
track down problems, be they accidental or otherwise.

You can give and limit permissions at a very fine level; you could have
a user that needs to be able to restart apache and modify its settings,
for example. This user might have no need to be able to install a
kernel module. In multi host environments, this also lets you give a
user administrative rights on one host while only having a standard
account on another host.

The last reason should be fairly obvious - the user can run programs
without root privileges. If the user needs to launch a web browser to
download a new version of a kernel patch, or to check a howto document,
that web browser doesn't have to have write access to the entire system.
This applies even remotely, since it might be impractical to sftp or
scp the files in from the user's computer, especially if it's coming in
on a slow link.

Brendan Smithyman

Brendan Smithyman writes:

>boomboom999@yahoo.com wrote:
>> Thank you Lew
>>
>> Could you explain why having more than one "UID 0" could be a problem?
>>
>> Thank you in advance
>>
>There are a couple of good reasons why you shouldn't. First, users are
>identified by their UID. This means that to the logfiles and
>permissions on the system, these users all look the same. If anyone
>does anything that causes a problem (intentionally or not), you have no
>way of confirming who it was.

One reason for separate accounts awith uid 0-- You have 10 machines on
which you are root and have a common password. Youwant to allow blogs to
have access as root on machine A. You place a user altroot with uid 0 and
with a separate password onto machine A that he can use.



>Second, users should not be logging in with a UID 0 account at all. If
>each user has a non-privileged account that is capable of using sudo,
>then the worst that happens it that they have to type a password once or
>twice when they wouldn't have had to previously (note that this is still
>the same password used for login). Since they're logging in over SSH
>(note it should be version 2 - SSH1 is insecure), there's no real
>disadvantage to this other than the 2 seconds of inconvenience.

>You get a number of benefits from this:

>Sudo logs everything that the user does - this makes it much simpler to
>track down problems, be they accidental or otherwise.

>You can give and limit permissions at a very fine level; you could have
>a user that needs to be able to restart apache and modify its settings,
>for example. This user might have no need to be able to install a
>kernel module. In multi host environments, this also lets you give a
>user administrative rights on one host while only having a standard
>account on another host.

>The last reason should be fairly obvious - the user can run programs
>without root privileges. If the user needs to launch a web browser to
>download a new version of a kernel patch, or to check a howto document,
>that web browser doesn't have to have write access to the entire system.
> This applies even remotely, since it might be impractical to sftp or
>scp the files in from the user's computer, especially if it's coming in
>on a slow link.

>Brendan Smithyman

Unruh wrote:

> One reason for separate accounts awith uid 0-- You have 10 machines on
> which you are root and have a common password. Youwant to allow blogs to
> have access as root on machine A. You place a user altroot with uid 0 and
> with a separate password onto machine A that he can use.

Why would you need to give him a uid 0 account for this? If you give
him an unprivileged account and add the line

username ALL=(ALL) ALL

to your /etc/sudoers file, and then the user can become root using his
own login password. It's the same privilege level, but with a measure
of accountability. He can type "sudo command" to run a single command,
or "sudo -s" for su like functionality. If you need to adjust it later,
you don't have to restructure the entire account, you just remove the
line from the sudoers file. You can even set it so that he doesn't have
to type a password if you really want to, with

username ALL=(ALL) NOPASSWD:ALL

What can you do as UID 0 that you can't do as a user operating under sudo?

Brendan Smithyman


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEQbmSeEdgP5u41wQRAqJ4AJ92ND5QolEcHMPM9oTgfe K8EO/eCwCeLreV
eiSYLXpjRNjl9gEib78Oz8g=
=rlHu
-----END PGP SIGNATURE-----