Good afternoon, I had a question from my customer, asking if instead of using the "root" user account to perform administration tasks on a SLES10/OES2SP3 server,(which in this case allows several people to have access to that account's password), they wanted to know if there is a more secure method of allowing a eDirectory administrator access to the SLES10/11 server as a "root" level (or equivalent level) account so that they can perform their duties, yet the "root" password would only be known by one to two people?

I thought that there was a method of doing this, through LUM enabling the user, then going into YAST and adding the appropriate access rights. However; in this case there are over 100 SLES10/OESSP3 servers, and that could be a long process.

Does anyone know,

1.) Is my thinking correct above?

2.) Is there such a method for doing this scenario?

Thank you