Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > How to prevent users from sharing root passwords
Ask The Security Expert: Questions & Answers
EMAIL THIS

How to prevent users from sharing root passwords

Joel Dubin, past SearchSecurity.com expert EXPERT RESPONSE FROM: Joel Dubin, past SearchSecurity.com expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 16 April 2008
For maintenance purposes, the root password is being used for our Linux/Unix systems. I would like support users to have their own IDs with root privilege so they aren't sharing a root password, and I can have accountability and they can't delete system logs of their own activities. Is this possible?

>
There is already a utility built-in to Linux and Unix systems called "sudo" that does exactly this. The sudo utility is a command line tool that allows users to have temporary root access with their own user ID without having to log in as root.

The other nice thing about sudo, besides that it's already available on the *nix family of systems, is its flexibility. Users are only allowed root access temporarily -- usually only the duration of their session -- and only to the functionality the sys-admin grants them. So, in other words, using sudo doesn't give the user free rein of the system where he or she might have unauthorized access or could cause damage to operating system files.

The sudo utility comes with a configuration file, "sudoers," which resides in the "/etc," where configuration files are stored in most Linux distributions. The "sudoers" configuration file specifies who can use sudo and what they're allowed to access. Specific users can be added as line entries to the configuration file.

The sudoers file can be configured manually but should be updated using a tool called "visudo." Otherwise, manual changes will be overwritten by visudo.

As for accountability, sudo logs all of its activity in a file called "sudo.log," which is usually located in the "/var/log" directory with other log files. The sudo log file lists the names of users who access sudo with a timestamp, as well as the host they logged in from and the commands that they used.

The sudo utility is the best option to allow root access by users with their own IDs and, at the same time, log their access and provide accountability for their activities.

More information:


BROWSE BY TAG
Identity Management and Access Control,   Password Management and Policy,   Enterprise Identity and Access Management,   Identity Management Technology and Strategy,   Enterprise User Provisioning Tools,   Expert Archive: Identity Management and Access Control,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Identity Management and Access Control
Is Identity Management as a Service (IDaaS) a good idea?
How to log in to multiple servers with federated single sign-on (SSO)
How to confirm the receipt of an email with security protocols
Learn about enterprise strategy for server virtualization single sign-on
Employee information security awareness training for new IAM systems
Can you combine RFID tag technology with GPS to track stolen goods?
Is there a free enterprise-caliber password-management tool?
Cryptosystem attacks that do not involve obtaining the decryption key
Can any firm or organization get a digital signature certificate?
Should the CTO have domain administrator access?

Password Management and Policy
Two-factor authentication, vigilance foil password theft
Group to shed light on secure identity management threats
Brute force attacks target Yahoo email accounts
Best Identity and Access Management Products
Privileged account management critical to data security
Making the case for enterprise IAM centralized access control
How to prevent brute force webmail attacks
Best practices for a privileged access policy to secure user accounts
Mature SIMs do more than log aggregation and correlation
PCI compliance requirement 2: Defaults

Enterprise User Provisioning Tools
Content-aware IAM: Uniting user access and data rights
Is Identity Management as a Service (IDaaS) a good idea?
Top tactics for endpoint security
How to edit group policy objects to give a user local admin rights
Privileged account management critical to data security
Making the case for enterprise IAM centralized access control
Lesson 3: How to implement secure access
Best practices for a privileged access policy to secure user accounts
Risk management must include physical-logical security convergence
PCI compliance requirement 7: Restrict access

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
graphical password  (SearchSecurity.com)
identity chaos  (SearchSecurity.com)
logon  (SearchSecurity.com)
masquerade  (SearchSecurity.com)
OpenID  (WhatIs.com)
salt  (SearchSecurity.com)
session replay  (SearchSecurity.com)
single-factor authentication (SFA)  (SearchSecurity.com)
TACACS  (SearchSecurity.com)
war dialer  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Find Security Solutions for Your Business
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts