root equivalent user

Hi! VERY new to Linux, so please be patient with me!

I work for an ISP, and I have setup a dedicated Redhat Linux 9 server for a
client. We would like to reserve the root user for our support staff to
help the client later. However, the client needs a "root equivalent"
account to manage their server.

Is there a way to provide a given user account with the equivalent
privileges that root has?

Thanks!
Ed

Ed <efrasher@hostdepot.com> shaped electrons to say:
> Hi! VERY new to Linux, so please be patient with me!
>
> I work for an ISP, and I have setup a dedicated Redhat Linux 9 server for a
> client. We would like to reserve the root user for our support staff to
> help the client later. However, the client needs a "root equivalent"
> account to manage their server.
>
> Is there a way to provide a given user account with the equivalent
> privileges that root has?

Investigate the "sudo" command, and use it to limit the things they can
do as root to the minimum necessary set of stuff.

The sort of things they want to do matter!

--
Gregory G. "Wolfe" Woodbury `-_-' Owner/Admin: wolves.durham.nc.us
ggw at wolves.durham.nc.us U
"The Line Eater is a boojum snark." Hug your wolf.

"Ed" <efrasher@hostdepot.com> wrote in message news:<K0RXa.9729$Ee7.7320@fe02.atl2.webusenet.com> ...
> Hi! VERY new to Linux, so please be patient with me!
>
> I work for an ISP, and I have setup a dedicated Redhat Linux 9 server for a
> client. We would like to reserve the root user for our support staff to
> help the client later. However, the client needs a "root equivalent"
> account to manage their server.
>
> Is there a way to provide a given user account with the equivalent
> privileges that root has?
>
> Thanks!
> Ed

If the client knows what they are doing, you really ought to share the
root login with them. If you are frightened they will lock you out,
then create a second login name with the same UID and GID numbers as
root. It will have a separate password, but in most other respects be
indistinguishable.

If you are more paranoid than that, then look at something like sudo.
There is a file, usually called /etc/sudoers . See man sudo and man
sudoers for the gorey details. It's not without holes, and there is
a conflict between giving your user enough access and giving them free
reign throughout your infrastructure. You need to make sure that you
have some sort of firewall between a remotely managed machine and
others that you value separately.

Your switch/router supplier should be able to advise on a suitable
internal architecture if you don't have the expertise in house. It
can mainly be done by tcpip subnetting, I'd have thought. But nothing
is secure against someone cleverer than you, by definition. Knowledge
of your customer is best.