Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: root group in solaris

from [Jonathan Leffler] Network Security [Permanent Link]
Subject: Re: root group in solaris
Date: Tue, 19 Sep 2006 14:45:20 -0700 
"dubaisans dubai" <dubaisans@gmail.com> wrote:

I would like to give root user privileges to a set of OS
administrators. Everyone has individual user-ids on the system.
Currently they login with their personal ID and then SU to root. I
donot want to share root password with these many people.

I am thinking of adding all these users to the "root" group[GID 0].
Will it provide root-equivalent UID O access to these users. If not
why ? Does the "root" group not have root user-id equivalent
privileges?

Is it possible manually to make the GID 0 privileges equivalant of UID O?

How else can I give these individual users root privileges - make all
of them UID 0 or something.? Is that a smart idea?

I am looking at something simpler than SUDO or RBAC


Group ID 0 has no significance in any Unix-like system (Solaris, Linux, 
...).  If you look in the manuals, the raised privileges belong to a 
process with (effective) UID of 0 - root.  (If you ever used the Zilog 
Zeus operating system - say 20 years ago - then the super-user there was 
not 'root' but 'zeus' - kind of appropriate, really - but it was zeus who 
had UID of 0.)  The POSIX specification always talks about 'appropriate 
privileges' but it is usually translated as 'root privileges' (and that 
means 'EUID = 0').

If you prefer, you can create multiple user names each allocated the user 
ID of 0 and a separate password.  Just make sure 'root' is listed first in 
the password file.  This is a widely used technique (in the companies 
where I've worked, anyway).  Just remember that the processs accounting 
system won't be able to distinguish these users from each other - their 
processes will all look as if they were run by root.

root:x:0:0:Root:/:/bin/ksh
admin1:x:0:0:First Administator:/root:/bin/ksh
admin2:x:0:0:Second Administrator:/root:/bin/ksh
...

Using 'sudo' has advantages - it can log when people start working as 
root.

-- 
Jonathan Leffler (jleffler@us.ibm.com) 
STSM, Informix Database Engineering, IBM Information Management Division 
4100 Bohannon Drive, Menlo Park, CA 94025-1013 
Tel: +1 650-926-6921     Tie-Line: 630-6921 
          "I don't suffer from insanity; I enjoy every minute of it!"
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: root group in solaris, Robin Landis
Next by Date:  Update in solaris, MandommGmail
Previous by Thread:  Re: root group in solaris, Tonnerre Lombard
Next by Thread:  Re: root group in solaris, Jonathan Leffler
Indexes:  [Date] [Thread] [Top] [All Lists]