Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: root group in solaris

from [John Dewey] Network Security [Permanent Link]
Subject: Re: root group in solaris
Date: Mon, 18 Sep 2006 20:54:04 -0700 
On Mon, Sep 18, 2006 at 08:07:03PM +0200, Casper.Dik@Sun.COM wrote:



I would like to give root user privileges to a set of OS
administrators. Everyone has individual user-ids on the system.
Currently they login with their personal ID and then SU to root. I
donot want to share root password with these many people.

I am thinking of adding all these users to the "root" group[GID 0].
Will it provide root-equivalent UID O access to these users. If not
why ? Does the "root" group not have root user-id equivalent
privileges?




Is it possible manually to make the GID 0 privileges equivalant of UID O?


No; you could have easily tested this but it has no effect at all.


How else can I give these individual users root privileges - make all
of them UID 0 or something.? Is that a smart idea?

I am looking at something simpler than SUDO or RBAC


Even simpler?

I would still strongly suggest RBAC or sudo as both all your system
administrators to execute programs with appropriate privileges when
needed.  Giving them "root privileges all the time" is a bad idea;
it means that they can no longer safely use their user accounts
for email, web browsing or anything else.



There is also process rights management (least privilege) in Solaris 10.
  http://blogs.sun.com/DirectoryManager/entry/forget_your_roots

John
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: root group in solaris, pentest10
Next by Date:  Re: root group in solaris :Thankyou, dubaisans dubai
Previous by Thread:  Re: root group in solaris, Casper . Dik
Next by Thread:  Update in solaris, MandommGmail
Indexes:  [Date] [Thread] [Top] [All Lists]