temporary root accounts and expiring them after a certain time

temporary root accounts and expiring them after a certain time

[brent harding]

		Is it possible to make an account that can do root functions that has a
temporary life that it eventually expires? I know you can do expiring
passwords, but how can you make the account disable for example after a
week or so? For example, if I had someone install DSL or something and the
provider uses unusual setups, and I need to give someone access to my
computer temporarily, how would I make it so their access terminates close
to after it's done to maintain security don't have permanent telnet access
to the main root login? I would probably want to have backups that aren't
close to the computer just to have something recoverable if one day I'd
come home and not have anything on my system because someone told a friend
a password that the friend shouldn't have access to. More accurately,
likely, I'd not want stale privileged accounts laying on the system that
are no longer needed for the task they were made for. What if I set the max
days for the password to exist lower than the minimum amount to change the
password? Will a user still be able to change the password if it's set to
expire before they are allowed to change it?

Re: temporary root accounts and expiring them after a certain time

[Victor Tsaran]

WHich system are you uusing? I know that under redhat you can specify
these values when you set the account up. Presumably, /etc/password,
/etc/group are files to look into.
Regards,
Vic

Re: temporary root accounts and expiring them after a certain time

[Jim Barbour]

Hi Brent,

I suggest sudo.

You can get it from ftp.cs.colorado.edu

sudo allows you to give logins root privs, without knowing the
root word.  You can give them this access temporarily, you can log
what they're doing as root, you can specify certain commands each user
is allowed to execute, and much more.

Also, if you allow anyone to telnet into your Linux box, you've
already sacrificed much of your security.  May I also suggest ssh2.
You can find it at http://www.ssh.com/

I hope this helps.
-- 
Jim Barbour ---	
-----------------------------------------------------------------------------
Home		pager		Cel phone	e-mail: jbarbour@barcore.com
619-297-2487	800-200-6068	619-977-6491	  page: jbarbour@pager
-----------------------------------------------------------------------------

*** On Wed, 28 Jun 2000 23:28:25 CDT, blinux-list@redhat.com wrote...
>   Is it possible to make an account that can do root functions th at has a
> temporary life that it eventually expires? I know you can do expiring
> passwords, but how can you make the account disable for example after a
> week or so? For example, if I had someone install DSL or something and the
> provider uses unusual setups, and I need to give someone access to my
> computer temporarily, how would I make it so their access terminates close
> to after it's done to maintain security don't have permanent telnet access
> to the main root login? I would probably want to have backups that aren't
> close to the computer just to have something recoverable if one day I'd
> come home and not have anything on my system because someone told a friend
> a password that the friend shouldn't have access to. More accurately,
> likely, I'd not want stale privileged accounts laying on the system that
> are no longer needed for the task they were made for. What if I set the max
> days for the password to exist lower than the minimum amount to change the
> password? Will a user still be able to change the password if it's set to
> expire before they are allowed to change it?
> 
> 
> ---
> Send your message for blinux-list to blinux-list@redhat.com
> Blinux software archive at ftp://leb.net/pub/blinux
> Blinux web page at http://leb.net/blinux
> To unsubscribe send mail to blinux-list-request@redhat.com
> with subject line: unsubscribe
>