RedHat Enterprise Linux ES 4

[JRock]

I just setup a box for our developers and each one of them is going to need super user (root) access to the machine. I setup the machine with our root password we use on all our linux machines so i want to aviod giving it out to them. This will also make sure I will always have access to the box.

I have read a few suggestions on other forums and wanted to see what you guys thought.

Thanks in advance...

 

[Cooky]

If the developers just need read/write/exec access for system files, you can simply put them in the root group.
I don't know how you can grant them access to change things like system setting, etc.

Could you please share what you found on other forums and websites? I'm curious.

 

[JRock]

I really only came across two other possible solutions.

Solution 1:

Use "sudo" so the developers can run scripts, etc. as root

Solution 2:

I forgot... I will dig back through my notes... It was along the lines of changing the profile paths and the group number to ":0"

edit: I also read somthing about using "wheel"

 

[nweaver]

use SUDO, it's superior (in many ways) to su

 

[n0cmonkey]

Use sudo, or preferably unix permissions.

 

[JRock]

Since this is a development box and will basically be reimaged everytime they trash it is there a way using SUDO that I can just allow a group to execute any command?

 

[n0cmonkey]

Originally posted by: JRock
Since this is a development box and will basically be reimaged everytime they trash it is there a way using SUDO that I can just allow a group to execute any command?

Yes. Read the man page.

 

[JRock]

Originally posted by: n0cmonkey

Originally posted by: JRock
Since this is a development box and will basically be reimaged everytime they trash it is there a way using SUDO that I can just allow a group to execute any command?

Yes. Read the man page.

You're a crazy dude

 

[Nothinman]

If the developers just need read/write/exec access for system files, you can simply put them in the root group.

On a properly setup box that will do nothing.

 

[JRock]

Originally posted by: Nothinman

If the developers just need read/write/exec access for system files, you can simply put them in the root group.

On a properly setup box that will do nothing.

So what would you suggest?

I have SUDO working on one....

and

The users in the root group on the other.

Both working thus far (minimal testing)

Please keep in mind I am primarily a Windows admin but will be needing to learn all this in the VERY near future.

 

[Nothinman]

Users and developers shouldn't get root access, there is virtually no need for it.

What do they think they need root access for?

 

[JRock]

Originally posted by: Nothinman
Users and developers shouldn't get root access, there is virtually no need for it.

What do they think they need root access for?

God only knows... There are only so many hours in the day and I can spend all of them correcting permissions... and on top of that I don't need any ****** from them as I may crack them in the side of the head...

:roll:

 

[Nothinman]

If you can't work out what they need to do, which most likely doesn't actually need root privs and if it does, they're probably not supposed to be doing it anyway, and you plan on reimaging the things whenever they break them why not just give them the root password? Just set it to something stupid like 123456 and let them break things.

The real problem will be when their product goes live, most likely it will be a security nightmare and you'll have a helluva time selling it to people with a clue.

 

[Sunner]

Originally posted by: Nothinman
If you can't work out what they need to do, which most likely doesn't actually need root privs and if it does, they're probably not supposed to be doing it anyway, and you plan on reimaging the things whenever they break them why not just give them the root password? Just set it to something stupid like 123456 and let them break things.

The real problem will be when their product goes live, most likely it will be a security nightmare and you'll have a helluva time selling it to people with a clue.

Yep I agree.
Our devs don't have root access to anything besides their own test boxes(a few have "leftover" PC's that they manage themselves) and they don't have any problems testing programs.

Unless they have a damn good reason for wanting root access, now would be a good time to teach them to do things the Right Way(c).