Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: root group in solaris

from [Stephen Booth] Network Security [Permanent Link]
Subject: Re: root group in solaris
Date: Tue, 19 Sep 2006 17:32:53 +0100 
listbounce@securityfocus.com wrote on 18/09/2006 23:42:24:

[setting UID of non-root users to 0 to let them run root commands]

Is that a smart idea?



People do it sometimes, but it is not a common practice. Personally, I
would go for sudo.


I see it as being equivalent to sticking a screwdriver in an unshielded 
mains socket.  Occasionally there's a sensible reason to do it but it's 
not usually a good idea and you want to be careful when you do.  I'd used 
RBAC or sudo.

The only time I recall setting the UID of a user to 0 was when we'd had a 
run of problems with a particular group of contractors changing the root 
password on a box (due to the nature of the work they were doing on it 
they had to have root access and the project manager insisted they be 
given the root password rather than just use another user and sudo) and 
not telling us the password (when we asked for the new password their 
immediate response was along the lines of "Just tell us what you want done 
and we'll do it." [for an hourly rate of...]).  One time when we had root 
access I created a user with UID 0 so when they changed the password we 
could log in as a user who could change root's password back to what it 
should be.  A political problem, root [sic] cause dumb project manager, 
rather than a technical one.

Stephen


***********************************************************************
The information contained in this e-mail (and any attachment) is confidential 
and may be privileged. It is intended only for the named recipient or entity to 
whom it is addressed. If you are not the intended recipient, please notify the 
sender and delete the e-mail immediately. The contents of this e-mail must not 
be disclosed, printed or copied without the sender's consent.

Any e-mail including its content may be monitored and used by Service 
Birmingham Ltd for reasons of security and for monitoring internal compliance 
with Security Policy.

Although Service Birmingham Ltd have made every reasonable effort to ensure 
that this message or any attachment is virus free or has not been intercepted 
and amended this cannot be guaranteed.
***********************************************************************
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Update in solaris, MandommGmail
Next by Date:  Re: Update in solaris, Grzegorz Kaczor
Previous by Thread:  Re: root group in solaris, pentest10
Next by Thread:  Re: root group in solaris, Arthur A. Lehmann III
Indexes:  [Date] [Thread] [Top] [All Lists]