Security is weakened when the root password is known, as administrators leave they may still have the root password and access to the system. Rather than give administrators the root password; why not consider assigning them the ability to run /bin/su via the sudo command? This way you do not need to divulge the root password. Yes, administrators would have the ability to change the root password, however, in most cases they can be trusted and would not breach that trust and would be no different if they had been given the root password in the first place.
The concept now is when an administrator leaves or needs to return administrative rights, a simple edit to the /etc/sudoers file will disable the ability of the user to run the su command. There is no mechanism for the user to discover the root password, so your system remain secure. In the same way an administrator can be added to the sudoers file to gain access
- Edit the /etc/sudoers file. This is managed root running the visudocommand.
- Ensure the SUSE defaults are commented out
# In the default (unconfigured) configuration, sudo asks for the root password. # This allows use of an ordinary user account for administration of a freshly # installed system. When configuring sudo, delete the two # following lines: #Defaults targetpw # ask for the password of the target user i.e. root #ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
- Create a User Alias.
User_Alias ADMINS = will, wendy, sam
- Create a Command Alias ( Typically they will only need to run SU )
Cmnd_Alias SU = /bin/su
- Allow Admins to run SU
ADMINS ALL = SU
The “group” ADMINS now can run the command /bin/su from sudo now. They will be prompted for their own password not that of root!
sudo su -
You can also consider removing the SUID bit from the su program
chmod u-s /bin/su