Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: root group in solaris

from [Maarten Hartsuijker] Network Security [Permanent Link]
Subject: Re: root group in solaris
Date: Mon, 18 Sep 2006 19:59:03 +0200 
Dubaisans,

Nog, fortunately, there is a sharp distinction between user and group
privileges on *nix systems. There are two common approaches for you to grant
your users specific root privileges:
1. Configure sudo and grant users specific privileges they can access using
<sudo COMMAND> (yes, I read that you do not consider this simple, but I still suggest you to look for a config example -> you're probably ready to go in no time!)
2. Grant binaries SUID privileges. These privileges will allow non-owners to
execute the binary using the owners credentials. Be aware though, that if
you grant SUID rights to for instance a shell that is owned by root, users
will instantly drop into a root-privileged shell. So be very aware of the
binaries functionality. You might also want to revoke world-execution rights
and configure just group execution rights, in order to make sure only the
authorized people can run the binaries with SU privileges.

Googling on both these solutions (SUDO and SUID), will help you with the
specifics.

good luck!
maarten

How else can I give these individual users root privileges - make all
of them UID 0 or something.? Is that a smart idea?

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: root group in solaris, Jonathan Katz
Next by Date:  Re: root group in solaris, Dave Ockwell-Jenner
Previous by Thread:  Re: root group in solaris, Jonathan Katz
Next by Thread:  Re: root group in solaris, Dave Ockwell-Jenner
Indexes:  [Date] [Thread] [Top] [All Lists]