Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: root group in solaris

from [Jonathan Katz] Network Security [Permanent Link]
Subject: Re: root group in solaris
Date: Mon, 18 Sep 2006 12:52:58 -0400 
That's probably not the best way to do it. First, just by adding
people to the root group it doesn't give them root privileges. The
only way to do that would be to make specific binaries sgid/suid.

You should really look at using RBAC or sudo for what you're doing.

With RBAC a user will su to a "role" (a special account) that can (or
may not) have a shared password. That role will have a profile that
will link what binaries can be run suid by that role. Those users will
not have root, they'll just have access to an alternate account that
they have to su to (good for auditing/paper trails.)

On 9/18/06, dubaisans dubai <dubaisans@gmail.com> wrote: 
 Hi,

I would like to give root user privileges to a set of OS
administrators. Everyone has individual user-ids on the system.
Currently they login with their personal ID and then SU to root. I
donot want to share root password with these many people.

I am thinking of adding all these users to the "root" group[GID 0].
Will it provide root-equivalent UID O access to these users. If not
why ? Does the "root" group not have root user-id equivalent
privileges?

Is it possible manually to make the GID 0 privileges equivalant of UID O?

How else can I give these individual users root privileges - make all
of them UID 0 or something.? Is that a smart idea?

I am looking at something simpler than SUDO or RBAC

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: root group in solaris, Noel del Rosario
Next by Date:  Re: root group in solaris, Maarten Hartsuijker
Previous by Thread:  Re: root group in solaris, Noel del Rosario
Next by Thread:  Re: root group in solaris, Maarten Hartsuijker
Indexes:  [Date] [Thread] [Top] [All Lists]