Re: Solaris, Sudo, and locking the root account

From: Darren Moffat (Darren.Moffat@eng.sun.com)
Date: 10/01/01


Message-Id: <200110011743.f91Hh1BH137983@jurassic.eng.sun.com>
Date: Mon, 1 Oct 2001 10:41:53 -0700 (PDT)
From: Darren Moffat <Darren.Moffat@eng.sun.com>
Subject: Re: Solaris, Sudo, and locking the root account
To: trevor@seven.com


>> With RBAC the root account isn't locked so in single user when sulogin runs
>> it can still verifiy the password.
>
>If it wouldn't be too onerous, I'd be interested in seeing an
>explanation of the how to implement this. A one-page practical

In /etc/user_attr change type=normal to type=role for the line beginning root.

This turns root into a role.

You now need to assign that role to all the users allowed root access.

        # usermod -R root <username>
        

--
Darren J Moffat



Relevant Pages