is it possible to have mutliple root users? i would like to have another user besides root who has full system privileges...is this possible? any and all help highly appreciated :)

Sure, just create a new user with the UID '0'. You can change the UIDs for each user by editing the /etc/passwd file.

thanks for that but could you offer a more detailed explanation? sorry but im not learned enough to fully understand what you just said :(

How about I give you a good reference to how it's done ;)

http://www.linuxgazette.com/issue48/tag/16.html

Hope that explains things a little better.

Don't bother. There's only one root user on a Unix system. Creating a second account with root permission isn't going to serve any purpose at all. Just give whomever you trust to have such access the password for the root account. It's the same thing. If you want to have a user only be able to do certain things that root can do, but not everyone, check out 'sudo'.

I have a better suggestion. Use a program called sudo. It stands for "Super User DO" and has a config file where you can specify what users can do what. Very handy and logs everything. One thing to note though is that if you give a user access to everything with a statement like:

bob ALL=(ALL) ALL

then the user bob can run

sudo -s
which will give him a shell and the logging then stops. There are ways around this, such as not giving access to shells. There are great docs on it as well. This is probably the best bet for giving another user access with privilages.
http://www.sudo.ws/sudo/


Sadistikal

Originally posted by Eric_Echter
Sure, just create a new user with the UID '0'. You can change the UIDs for each user by editing the /etc/passwd file.

False.

Yes, while true, being UID 0 does make one "root" it does not work as expected. Many applications will fail and it is bad practice. It leaves no accounting and it creates a false sense of security which is worse than no security at all. (as we all know).

The correct answer, using sudo or similar program is the best approach. There are others with varying pros and cons.

-davidu

I guess my previous post wasn't clear, which I mentioned 'sudo' in. I didn't word it right when I said to allow a user access "but not everyone". I meant to say "to allow a user more privileged access to some things, but not everything", as that is much safer.

Having two root accounts is dangerious as it opens up new security holes. By having two root accounts, it is easier to password crack one. So if an attacker can't password crack the root password but can crack the other root privelege account then he has root.

Originally posted by CitadelHost
Having two root accounts is dangerious as it opens up new security holes. By having two root accounts, it is easier to password crack one. So if an attacker can't password crack the root password but can crack the other root privelege account then he has root.

That's pretty funny. Who told you that kind of BS?

-davidu

Having two root accounts is dangerious as it opens up new security holes. By having two root accounts, it is easier to password crack one. So if an attacker can't password crack the root password but can crack the other root privelege account then he has root.

If someone is reading your shadow file and running crack on it, having two accounts with UID/GID of 0 is the least of your worries.
Sadistikal

Originally posted by DavidU

..
Many applications will fail and it is bad practice.
..


On a side note, it is a bad practice for programmers to test for the root user in any way other than their UID being 0. All good programs should work ok. Actually, even if there is a single user on the system with root access, that user's username doens't have to be "root" it could be anything else.

However, creating a new user account with a UID of 0 isn't really creating a new account. The two USERS you created own different files, for example. If you create a file with "toor", for example, then you list the files you will probably see that it is owned by "root".

They will not be two users, they will be two login's and environments but for the same user.