Hi,
Thank you for all the replies. I have concluded as
Stick to sudo or RBAC. The root group is nothing special. Making UID O
for multiple user accounts is not recommended. Using Least privileges
on Solaris 10 will make things even better.
Thank you for your time.
On 9/19/06, John Dewey <jdewey2@corp.earthlink.net> wrote:
On Mon, Sep 18, 2006 at 08:07:03PM +0200, Casper.Dik@Sun.COM wrote:
>
> >I would like to give root user privileges to a set of OS
> >administrators. Everyone has individual user-ids on the system.
> >Currently they login with their personal ID and then SU to root. I
> >donot want to share root password with these many people.
> >
> >I am thinking of adding all these users to the "root" group[GID 0].
> >Will it provide root-equivalent UID O access to these users. If not
> >why ? Does the "root" group not have root user-id equivalent
> >privileges?
>
>
> >Is it possible manually to make the GID 0 privileges equivalant of UID O?
>
> No; you could have easily tested this but it has no effect at all.
>
> >How else can I give these individual users root privileges - make all
> >of them UID 0 or something.? Is that a smart idea?
> >
> >I am looking at something simpler than SUDO or RBAC
>
> Even simpler?
>
> I would still strongly suggest RBAC or sudo as both all your system
> administrators to execute programs with appropriate privileges when
> needed. Giving them "root privileges all the time" is a bad idea;
> it means that they can no longer safely use their user accounts
> for email, web browsing or anything else.
>
There is also process rights management (least privilege) in Solaris 10.
http://blogs.sun.com/DirectoryManager/entry/forget_your_roots
John
