[SLL] sharing superuser account is always bad policy, right?

Derek Simkowiak dereks at realloc.net
Thu Feb 5 13:27:34 PST 2009 

    Re: going to root directly, that does not allow for auditing (or 
revoking a single user's access easily).

    But I've started doing it here on my network recently, when using 
Virtual Machine "appliances".  These are small KVM machines running just 
LAMP (or just SSH, or just Samba, etc.) and some of them have less than 
100MB of RAM and less than 1Gig of disk space.  I've been using the 
stripped-down Ubuntu JeOS, and it works well.

    For these systems, I don't consider them to be "multi-user" -- I 
look at them more like a single-purpose appliance or application server, 
like my WRT54GL.  I don't really want to manage multiple user shell 
accounts on a temporary VM that might be gone in a week.

    To maintain accountability, all these VMs are behind a firewall and 
not directly accessible.  You must log in to a multi-user SSH server 
first (where each user gets an account and SSH key, and a syslog entry 
at each login), and then from there, you can access the swarm of VM 
appliances (assuming your SSH key is in .ssh/authorized_keys).

--Derek

On 02/05/2009 12:30 PM, Jeremy C. Reed wrote:
> On Thu, 5 Feb 2009, Phil Mocek wrote:
>
>   
>> Is this practice typical among "Web hosting" companies who provide
>> dedicated Linux servers?
>>     
>
> It is normal practice for companies to also have superuser access for 
> dedicated servers.
>
> If not, you will have to make extra effort to provide details to them 
> (which may be slower) or troubleshoot problems yourself.
>
> In a past job for a company supporting 100+ dedicated servers with 
> over 30 customers we had a superuser (UID 0) account of our own in 
> addition to the customers own root. On most we used SSH keys to login as 
> UID 0 directly. Not very good for auditing nor control to share UID 0, but 
> it is very normal (as I have seen many other places also).
>
> On a related note, some systems I use (but not setup or owned by me) have 
> no root password on purpose. You login with SSH key only and if you are in 
> the correct group, you can su to root without any extra authentication.
>

More information about the linux-list mailing list