Root Access

If requested we also provide administrative (root) access to a Linux installation if the ITC agrees.

Methods

Three methods are possible for granting root access.

sudo

You can run sudo /bin/bash in a terminal and will get a root shell. This is the recommended way for workstations.

If you need only very restricted administrative rights we recommend to use sudo and specify exactly what you need to do, such as:

  • restarting services
  • rebooting or powering off the system
  • killing processes
  • manage user data ownership

Public Key Login via ssh

You provide us with your ssh public key which we add to the .ssh/authorized_keys file or the root account. You then run ssh -l root {host name of the computer} to log in as root.

This is the recommended way for servers that are maintained by a group.

Password for root Account

You have the password for the root account and share it with as few people as needed.

This method is only meaningful for servers that are permanently handed over from isginf to you.

Don'ts

There are a few things you should not do in order to keep you system running:

  • Do not replace installed packages or system libraries with stuff that you compiled yourself or for which you downloaded and RPM file over the internet. Doing so will almost certainly break the update functionality.
  • Do not tweak system configuration files. Your system is managed and some configuration files are automatically reset every hour.
  • Do not intentionally weaken the system security by creating password-less accounts, making files world-writable, disabling SELinux, turning off logging, etc.

Limited Warranty

If the system breaks because of modifications you did as root, isginf will only spend a moderate effort to fix it. After that we will simply re-install the system.

Security Implications

root you can access all files on that server. All other users of the server should be made aware of that you can now see all files. It is up to the ITC to ensure that this is done.

NFS3 Shares

Once you have root access on a system, home directories should not be automatically exported to that system any more. The root account has access to all data that is shared over NFS3 to that system. It is up to the ITC to enforce this policy.

You can enable the export of your home directory to an individual system here.

Page URL: https://www.isg.inf.ethz.ch/bin/view/Main/ServicesServersOperatingSystemsRHELRoot
2019-09-18
© 2019 Eidgenössische Technische Hochschule Zürich