Root Passwords

The root or local administrator account, or privilege escalation by the use of "sudo" are reserved for systems administration of a computer and are not necessary for day-to-day use. In ACD, the following policies apply to the use of administrative accounts on all computers attached to the UCAR network.

  • root access on Unix accountsincluding unrestricted "sudo", must use one-time-passwords unless access is at the local console of the machine. In other words, any password sent across a network in order to access an administrative account must be by one-time-passwords. Currently ACD provides CRYPTOcard or YubiKey access tokens and configures "sudo" and "su" to use those tokens for one-time-password authentication.

    Restricted access via sudo and via User Access Control on Windows Vista or Macintosh OS X computers is currently allowed without passwords. Such access must not in turn provide unrestricted administrative access. For example, "sudo vi" would not be allowed, because the vi editor allows one to open a shell which would then have unrestricted administrative access to the machine.

  • Local Administrator on PC's is available to the user of the PC. However, this account should not be used for day-to-day use -- rather it is there for certain administrative functions on the computer itself -- for example to join and unjoin the CIT domain, or to install software that requires administrative access to install.
  • Unrestricted root access on Unix systems is allowed only to Primary or Responsible Sysadmins.
  • Login to the root account via ssh to a Unix system is not allowed.  Once authenticated as a non-root user, the commands 'sudo', or 'su' must be used instead.




ACOM | Atmospheric Chemistry Observations & Modeling