Hi. I currently administrate a computer lab. Recently i've been asked for the root password of the machines in that laboratory, since the number of machines in the lab is pretty high i can't give that password away.
However, investigating i found this software called PowerBroker that is everything i need, but is shareware and we can't install anything non-free unless we have a licence. Since i don't think my boss is gona give me that kind of resources, i ask you if anyone knows some free alternative to this software or some way to allow root-access to the machines without giving away the password nor creating a security threat.
I was thinking about a combination of sudo+sandbox_partition, but i dont know how to create the sandbox partition.
You could start off by creating a user and adding them to the admin/wheel group, or by adding that user to /etc/sudoers with (ALL).
If that suits you could just script creation of the user and adding the line to /etc/sudoers so that you can run it on each machine. A script of that nature would only be a couple of lines long. Maybe you could use an expect script to automate it in conjunction with ssh to set it up on every machine
Would a chroot cell be any use to you in this situation?
chroot - Wikipedia, the free encyclopedia
Still a security threat
Problem is that, if i use sudo+chroot, all absolute pathnames for system programs (i'm sure that's why they want the root password in the first place) would be broken, and if i just give sudo to every one (no chroot), what's stoping them from doing sudo rm -rf /??. See my dilema?? I need them to be able to have access to administrative features of the system without risking the security of the machines.
Of course this depends on the nature of the things they want to do with root priviliges, but i'm assuming the want to mount partitions, install programs and modify system files to see how the system works.
This is the real problem. The first step is to find out what root privileges are needed for, and then implement a solution around those needs.
Originally Posted by plaga701
Supose that he wants to demostrate basic things about administrative operations on linux boxes, he would need a pretty big field of action. So i need a solution very close to what PowerBroker offers, only free and legal
Maybe we're approaching this the wrong way. Could you use something like OpenBox or VMWare server to set up virtual machines for the students to use. That way they can't break the real box but you can still give them free reign.
Yea, iīve considered that option, and i was hoping to come up with an alternative since the performance of OSīs on virtual machines is greatly reduced and the machines in the lab donīt have that much processing power (Pentium IV DDR)