All UNIX administrators and almost all users understand the importance of the root account. Since ROOT provides the means to completely alter all the functions of UNIX it is important to limit access to this most critical account. The root password should be changed on a frequent basis. In situations where more than one user has access to a root account each root user should get his/her own personal account. For some UNIX implementations it is possible to use root alias accounts that use the same UID and same group as root (both 0), and are identical to the root account except that the account has a different name.
When a root user accesses a root account it is more secure to do so under a SU (switch user) command in a session. Any non-administrative user should access a root account using the SUDO function, as doing so will make it easier to control and monitor their session. The SUDO command allows limited usage of root privileges and is configurable in the SUDOERS file. SUDO requires password authentication, and its permissions are assigned by users and group.
It is particularly important to log any and all access to your systems under the root account. The SU command automatically logs the usage account access. So too does the SUDO command which uses the SYSLOGD function.
Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
This was first published in August 2003