Re: Solaris, Sudo, and locking the root account

From: Darren Moffat (Darren.Moffat@eng.sun.com)
Date: 10/01/01

• Previous message: Valerie Anne Bubb: "RE: SunScreen v3.1 to v3.0b communications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-Id: <200110011743.f91Hh1BH137983@jurassic.eng.sun.com>
Date: Mon, 1 Oct 2001 10:41:53 -0700 (PDT)
From: Darren Moffat <Darren.Moffat@eng.sun.com>
Subject: Re: Solaris, Sudo, and locking the root account
To: trevor@seven.com

>> With RBAC the root account isn't locked so in single user when sulogin runs
>> it can still verifiy the password.
>
>If it wouldn't be too onerous, I'd be interested in seeing an
>explanation of the how to implement this. A one-page practical

In /etc/user_attr change type=normal to type=role for the line beginning root.

This turns root into a role.

You now need to assign that role to all the users allowed root access.

        # usermod -R root <username>
        

--
Darren J Moffat

---

• Previous message: Valerie Anne Bubb: "RE: SunScreen v3.1 to v3.0b communications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: any way to recover root password on 5.2 ... > I've tryed to recover it by going to single user, ... Dance fandago on keyboard to unlock". ... type a lot of gibberish into the keyboard. ... delete the crypttext of the password for the root account. ... (freebsd-questions) Re: Solaris, Sudo, and locking the root account ... Solaris, Sudo, and locking the root account ... > via RBAC just as happens with sudo. ... (Focus-SUN)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-sun  > 2001-10