RE: root group in solaris



I agree. You can also leverage the 'wheel' group in sudo by first adding
everyone to the 'wheel' group then making a simple rule in your
sudoers.conf file like:

%wheel ALL = (ALL) ALL

This will let anyone in the 'wheel' group to have 'root' sudo
privileges.

-----Original Message-----
From: Fontanez Martin [mailto:Fontanez.Martin@xxxxxxxx]
Sent: Monday, September 18, 2006 12:51 PM
To: Freeman, Michael; dubaisans dubai; focus-sun@xxxxxxxxxxxxxxxxx
Subject: RE: root group in solaris

Sudo is really the simplest and more robust solution. Also you can
track log info.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Freeman, Michael
Sent: Monday, September 18, 2006 1:23 PM
To: dubaisans dubai; focus-sun@xxxxxxxxxxxxxxxxx
Subject: RE: root group in solaris

Typically you would add someone to the 'wheel' user group on a UNIX
system if you want them to have those privileges. You must make sure
that the tools you want users to have access to are also members of the
'wheel' group (chgrp), if it is not already setup that way by default.

http://en.wikipedia.org/wiki/Unix_security
http://www.onlamp.com/pub/a/bsd/2000/09/13/FreeBSD_Basics.html

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of dubaisans dubai
Sent: Monday, September 18, 2006 7:50 AM
To: focus-sun@xxxxxxxxxxxxxxxxx
Subject: root group in solaris

Hi,

I would like to give root user privileges to a set of OS administrators.
Everyone has individual user-ids on the system.
Currently they login with their personal ID and then SU to root. I donot
want to share root password with these many people.

I am thinking of adding all these users to the "root" group[GID 0].
Will it provide root-equivalent UID O access to these users. If not why
? Does the "root" group not have root user-id equivalent privileges?

Is it possible manually to make the GID 0 privileges equivalant of UID
O?

How else can I give these individual users root privileges - make all of
them UID 0 or something.? Is that a smart idea?

I am looking at something simpler than SUDO or RBAC



Relevant Pages

  • Re: user(s) question
    ... has su privileges. ... only sudo works. ... member of the admin group and can use sudo to gain root privilege. ... check if you can use sudo from that new account. ...
    (Ubuntu)
  • Re: Best solution for silly error?
    ... Initially I ran with one user, with admin privileges etc. ... ROOT. ... With Ubuntu, 'root' does not have a password ... Instead one *has* to use sudo. ...
    (Ubuntu)
  • Re: Regretable Forking of linux
    ... What if everyone in the wheel ... Root /can/ still log in if the system goes down to runlevel 1 - on my ... sudo su won't log much either, so if security is a primary concern, one ...
    (comp.os.linux.misc)
  • RE: Root access loggin
    ... commands with sudo assume that the user actually knows what commands ... Sudo wouldn't be any help here cause I would need to pre approve commands ... You can grant them access to everything that root has simply by adding their account to the wheel group and using visudo to grant wheel access to everything that root has access to. ...
    (freebsd-questions)
  • Re: Best solution for silly error?
    ... Initially I ran with one user, with admin privileges etc. ... ROOT. ... Instead one *has* to use sudo. ... I believe MacOSX works much like Ubuntu, with the first user created given ...
    (Ubuntu)