I need to create a secure "back door" root access to a unix
environment due to the current team managing and changing root passwords
very frequently and loosing one about once a month. This causes problems
- both political and locational
(many of the machines are spread throughout the world in different sites)
Possible solutions are:
1) Leave a machine logged in on a root window for every machine.
This is an option but not very practical and a bit of a security risk.
2: Set up a new user account, say ops with a UID of 0.
This would effectively create another root account and only use the account
log in and change the root password when it is lost.
Is it realy a security risk to create another account with UID=0 ?
3:
a. Set up a new user account ops (not with UID = 0)
b. Instead of a shell have the account run a script on login.
- something like /usr/local/pwchange.ksh
c. Install sudo and add user ops to command passwd
d. Script to look some
environment due to the current team managing and changing root passwords
very frequently and loosing one about once a month. This causes problems
- both political and locational
(many of the machines are spread throughout the world in different sites)
Possible solutions are:
1) Leave a machine logged in on a root window for every machine.
This is an option but not very practical and a bit of a security risk.
2: Set up a new user account, say ops with a UID of 0.
This would effectively create another root account and only use the account
log in and change the root password when it is lost.
Is it realy a security risk to create another account with UID=0 ?
3:
a. Set up a new user account ops (not with UID = 0)
b. Instead of a shell have the account run a script on login.
- something like /usr/local/pwchange.ksh
c. Install sudo and add user ops to command passwd
d. Script to look some