Linux - How to manage the password of root?
If they are using sudo, then it will ask for their password and not root password, therefore no root password change needed. Just be sure to give them proper privileges in /etc/sudoers file.
You don't need to worry about root password when using sudo. Perhaps, I would recommend to disable root password by issuing
sudo passwd -l root
Although, before you do that, make sure that you've a relevant system user with all the privileges.
You can always get root console by issuing
sudo -i
Following is a small script I use to provision my servers.
#!/bin/bash
set -e
addgroup sysadmin
adduser newuser
usermod -a -G sysadmin newuser
chmod u+w /etc/sudoers
echo "\n# Added by <YOUR-NAME>\n%sysadmin ALL=(ALL) ALL" >> /etc/sudoers
chmod u-w /etc/sudoers
su newuser -c "mkdir /home/newuser/.ssh"
su newuser -c "chmod 0700 /home/newuser/.ssh"
su newuser -c 'echo "<YOUR-SSH-KEY>" >> /home/newuser/.ssh/authorized_keys'
su newuser -c "chmod 0644 /home/newuser/.ssh/authorized_keys"
You may modify if according to your needs. Make it interactive, use a user vairable etc. :)
Enjoy!
There is one condition where you actually need the root password: if a filesystem is fails fsck when booting, you will typically be prompted to enter the root password to obtain a shell prompt where you can repair the damage. At that point, neither regular user accounts nor SSH will be available. If the sysadmin doesn't know the root password, then the only other option would be to boot from alternate media.
According to best practices:
- root account should be set, and changed at least every 3 months.
-
Ssh login with root user should be forbidden
/etc/ssh/sshd_config comment the following line:
PermitRootLogin yes
- Sysadmins should login with their own accounts and use sudo when escalated privileges are required.
-
Create a group and put all sysadmins users in it
groupadd <sysadm_group>
groupmod -A <user1>,<user2> <sysadm_group>
-
edit /etc/sudoers file.
visudo
Add at the bottom:
%<sysadm_group> ALL=(ALL) ALL
Root password should be stored on secure location, and used only in emergency situations.