Sridhar R wrote on Sun, Mar 14, 2004 at 10:31:42PM -0800:
,----
| Is it wise to let more than one person to have the root password of a
| linux system? If not, is it enough to delegate responsibilities of
| different adminstration activities by creating different
| filesystem-groups? Please note that the root password should (a must)
| be known to our two department staffs at any time.
`----
My suggestion would be to let only two (or even one) know the root
password and give sudo access to the rest of the people for their
respective administrative areas. DONT give a sudo access to bash OR to
run everything just like that. Giving them sudo access to visudo might
be a good contingency step, provided they know what they are doing.
Whn there are multiple admins, a changelog would be a good idea. If I
were you I would force the other admins to write out a changelog when
they make considerable changes and have this changelog mailed to all
the admins whenever it changes.
In my organisation, none of us know the root passwords to our boxes
(FreeBSD) (no, I'm talking about our individual workstations :) ). We
have sudo access to visudo and the package manager and we live our
lives happily (we use a super cool proprietary package manager that
would beat apt hands down :) I dont know if I'm allowed to even
mention this here ;) ).
-Suraj
--
,-----------------[http://www.symonds.net/~suraj/]---o
| Mariner 4 was the first spacecraft to photograph Mars.
`------------------------------[suraj@xxxxxxxxxxx]---o