Re: Solaris, Sudo, and locking the root account
From: Trevor Fiatal (trevor@seven.com)Date: 09/29/01
- Previous message: Neil Dickey: "Re: Solaris, Sudo, and locking the root account"
- In reply to: Darren Moffat: "Re: Solaris, Sudo, and locking the root account"
- Next in thread: adam morley: "Re: Solaris, Sudo, and locking the root account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3BB5130E.D1294BE9@seven.com> Date: Fri, 28 Sep 2001 17:17:18 -0700 From: Trevor Fiatal <trevor@seven.com> To: Darren Moffat <Darren.Moffat@eng.sun.com> Subject: Re: Solaris, Sudo, and locking the root account
Darren Moffat wrote:
>
> You might want to consider using RBAC in Solaris 8 and making the root
> account a role. This means root can't be directly logged into and only
> those people who have been given the password and the role can assume the
> role. For all others they run the commands they need as the relevant uid,
> via RBAC just as happens with sudo.
>
> With RBAC the root account isn't locked so in single user when sulogin runs
> it can still verifiy the password.
If it wouldn't be too onerous, I'd be interested in seeing an
explanation of the how to implement this. A one-page practical
example is worth 50 pages of generic explanations, and RBAC is
one of those areas I've been interested in but haven't seen a
wealth of clear examples on.
-Trevor
-- Trevor Fiatal -- trevor@seven.com -- http://www.seven.com/ Co-Founder Seven 510.967.4556 (work/mobile) 510.401.8054 (vmail/fax)
- Previous message: Neil Dickey: "Re: Solaris, Sudo, and locking the root account"
- In reply to: Darren Moffat: "Re: Solaris, Sudo, and locking the root account"
- Next in thread: adam morley: "Re: Solaris, Sudo, and locking the root account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
