Re: Solaris, Sudo, and locking the root accountFrom: Darren Moffat (Darren.Moffat@eng.sun.com)
- Previous message: Valerie Anne Bubb: "RE: SunScreen v3.1 to v3.0b communications"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110011743.f91Hh1BH137983@jurassic.eng.sun.com> Date: Mon, 1 Oct 2001 10:41:53 -0700 (PDT) From: Darren Moffat <Darren.Moffat@eng.sun.com> Subject: Re: Solaris, Sudo, and locking the root account To: email@example.com
>> With RBAC the root account isn't locked so in single user when sulogin runs
>> it can still verifiy the password.
>If it wouldn't be too onerous, I'd be interested in seeing an
>explanation of the how to implement this. A one-page practical
In /etc/user_attr change type=normal to type=role for the line beginning root.
This turns root into a role.
You now need to assign that role to all the users allowed root access.
# usermod -R root <username>
-- Darren J Moffat