# multiple  root passwords



## kr651129 (Nov 26, 2012)

Can I make FreeBSD 9.0 have more than 1 root password?


----------



## DutchDaemon (Nov 26, 2012)

You can have one for root, and one for toor. That's it.


----------



## kpa (Nov 27, 2012)

You have multiple ways to login as the superuser,  login(1) from the console, su(1), ssh(1) etc. Each of them can have different credentials for login if you configure them to use pam(3) (by default they are) and configure them suitably using the configuration files in /etc/pam.d and PAM modules. My mini howto shows one way of adding ssh(1) public key authentication to su(1).

http://forums.freebsd.org/showthread.php?t=35645


----------



## Lorem-Ipsum (Nov 27, 2012)

Just to clarify, do you mean multiple passwords, each of which allow a user to log in as root, or the need for the user to enter multiple passwords to log in as root?

For the first case, it would be better to create individual user accounts in group wheel with sudo access. As to the second, just make your password longer.


----------



## TheDreamer (Nov 27, 2012)

You could also create a bunch of additionally root accounts.  Long before I started here, it was practice for each system administrator to have his or her own root account (initials + root) on all the machines in our datacenter.  When I started, it was being done on SunOS 4.x, Solaris 2.x and RHEL servers.  We now have FreeBSD servers that we support with this.  Though the RHEL servers do get confused by there being more than one root account.

In some cases it has helped us determine which system administrator did what.

The Dreamer.


----------



## Speedy (Nov 27, 2012)

DutchDaemon said:
			
		

> You can have one for root, and one for toor. That's it.



What exactly keeps me from creating 0:0 accounts with different login names?


----------



## walko (Nov 27, 2012)

It's possible to create a user with useradd and then change it's id to 0 by doing vipw. You'll be able to login as toto and your server will treat you as root.

I think it's a very dangerous idea...


----------



## gqgunhed (Nov 27, 2012)

If not every admin of your system should be allowed _full_ access to the system, I think you should consider using something like security/sudo as mentioned above?

It allows to delegate specific tasks to groups or users, e.g. allowing only to restart the webserver. Maybe have at a look at it?


----------



## fluca1978 (Nov 28, 2012)

walko said:
			
		

> It's possible to create a user with useradd and then change it's id to 0 by doing vipw. You'll be able to login as toto and your server will treat you as root.
> 
> I think it's a very dangerous idea...



I believe it is very bad too! Also because the filesystem and other accounting tools will report the login name from the UID, so having two,three, four accounts with the UID 0 will make such tools reporting wrong information (file created by root1 is listed as root...). Use _sudo_ to accomplish the task.


----------



## vermaden (Nov 28, 2012)

Speedy said:
			
		

> What exactly keeps me from creating 0:0 accounts with different login names?



Nothing, You can have as many as You like.


----------



## andyzammy (Nov 28, 2012)

fluca1978 said:
			
		

> Use _sudo_ to accomplish the task.



I've seen people advising the use of sudo, and I've seen people advising to avoid sudo. Which should I do? I can only see it's advantages.

Sorry for the off topic. If this has already been discussed, please could someone link to it? Otherwise, I'll probably make a thread as I'd really like to get to the bottom of this.


----------



## fluca1978 (Nov 28, 2012)

andyzammy said:
			
		

> I've seen people advising the use of sudo, and I've seen people advising to avoid sudo. Which should I do? I can only see it's advantages.



You have to discover it by yourself, and this is the beauty of having a free os!
In the scenario you described, I believe _sudo_ will help you, even if I tend to not use it so much by myself.


----------



## SirDice (Nov 29, 2012)

andyzammy said:
			
		

> I've seen people advising the use of sudo, and I've seen people advising to avoid sudo. Which should I do? I can only see it's advantages.


You just need to be careful about what you allow with sudo(8). Suppose you're allowed to `$ sudo less /var/log/auth.log` for example.

less(1) has an option to launch a shell command (!), so somebody could *sudo less* and get a root shell. This might not be what you expected. Several commands have similar options. 

Also note that if the account is bruteforced, the attackers also gain root because sudo(8) uses the same password.

The use of sudo(1) has it's pros and cons. You just need to figure out which one outweighs the other.


----------



## chatwizrd (Nov 29, 2012)

Yeah because people use sudo as an excuse to be lazy and only have one password to do everything, then they wonder why they were rooted.


----------



## throAU (Nov 30, 2012)

sudo is not inherently bad.

If the alternative is giving out multiple accounts with root level access (such as you are considering), then sudo is *preferable*.

You just need to be careful about what commands you let people run with sudo.

As above, anything started with root level access that can spawn a shell can give the user a root shell.  It means you need to audit programs you want users to be able to run, before allowing use via sudo.

If you were to give them a login with UID 0 they would already have a root shell.


----------

