Find the answer to your Linux question:
Results 1 to 7 of 7
Hi. I currently administrate a computer lab. Recently i've been asked for the root password of the machines in that laboratory, since the number of machines in the lab is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2008
    Posts
    7

    PowerBroker alternative


    Hi. I currently administrate a computer lab. Recently i've been asked for the root password of the machines in that laboratory, since the number of machines in the lab is pretty high i can't give that password away.
    However, investigating i found this software called PowerBroker that is everything i need, but is shareware and we can't install anything non-free unless we have a licence. Since i don't think my boss is gona give me that kind of resources, i ask you if anyone knows some free alternative to this software or some way to allow root-access to the machines without giving away the password nor creating a security threat.
    I was thinking about a combination of sudo+sandbox_partition, but i dont know how to create the sandbox partition.

  2. #2
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    You could start off by creating a user and adding them to the admin/wheel group, or by adding that user to /etc/sudoers with (ALL).

    If that suits you could just script creation of the user and adding the line to /etc/sudoers so that you can run it on each machine. A script of that nature would only be a couple of lines long. Maybe you could use an expect script to automate it in conjunction with ssh to set it up on every machine

    Would a chroot cell be any use to you in this situation?

    chroot - Wikipedia, the free encyclopedia

  3. #3
    Just Joined!
    Join Date
    Oct 2008
    Posts
    7

    Still a security threat

    Problem is that, if i use sudo+chroot, all absolute pathnames for system programs (i'm sure that's why they want the root password in the first place) would be broken, and if i just give sudo to every one (no chroot), what's stoping them from doing sudo rm -rf /??. See my dilema?? I need them to be able to have access to administrative features of the system without risking the security of the machines.
    Of course this depends on the nature of the things they want to do with root priviliges, but i'm assuming the want to mount partitions, install programs and modify system files to see how the system works.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2007
    Location
    Lafayette, IN
    Posts
    83
    Quote Originally Posted by plaga701 View Post
    Of course this depends on the nature of the things they want to do with root priviliges
    This is the real problem. The first step is to find out what root privileges are needed for, and then implement a solution around those needs.

  6. #5
    Just Joined!
    Join Date
    Oct 2008
    Posts
    7
    Supose that he wants to demostrate basic things about administrative operations on linux boxes, he would need a pretty big field of action. So i need a solution very close to what PowerBroker offers, only free and legal

  7. #6
    Just Joined!
    Join Date
    Sep 2007
    Location
    Lafayette, IN
    Posts
    83
    Maybe we're approaching this the wrong way. Could you use something like OpenBox or VMWare server to set up virtual machines for the students to use. That way they can't break the real box but you can still give them free reign.

  8. #7
    Just Joined!
    Join Date
    Oct 2008
    Posts
    7
    Yea, iīve considered that option, and i was hoping to come up with an alternative since the performance of OSīs on virtual machines is greatly reduced and the machines in the lab donīt have that much processing power (Pentium IV DDR)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •