RE: root group in solaris
- From: "Levenglick, Jeff" <JLevenglick@xxxxxxxxxxx>
- Date: Mon, 18 Sep 2006 14:09:10 -0400
What???????????????????
1) 'Wheel' is a bsd term/group. He is talking about Solaris. No wheels
here.
You pretty much repeated what he asked, which was to add them to the
root group.
2) From a security point of view: (better to worse)
RBAC type of setup
Sudu type of program
Acl's (used with suid and sgid's)
Sticky bit on the group
Sticky bit on the owner
Adding someone to the root group
Reasons -
RBAC and Sudu's can get you better control and logging. Also limit what
someone can or can not do. You must configure.
Acl's - again, you configure and know what you gave access to.
Sticky bits can be a nightmare for tracking down problems. Log
files...ect would have root as the group/owner. You also need to get
every file. (would be really bad if you sticky bit a directory :) ) I
don't mean every file on the system, but all files need to correctly
admin the system.
You also should use with ACL's to make sure you not opening your system
security to all users)
Adding them to the group - will not give them all the files. If I
remember correctly, a lot of the files do not have root as the group
owner. (some have sys, bin, lp ...ect)
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Freeman, Michael
Sent: Monday, September 18, 2006 1:23 PM
To: dubaisans dubai; focus-sun@xxxxxxxxxxxxxxxxx
Subject: RE: root group in solaris
Typically you would add someone to the 'wheel' user group on a UNIX
system if you want them to have those privileges. You must make sure
that the tools you want users to have access to are also members of the
'wheel' group (chgrp), if it is not already setup that way by default.
http://en.wikipedia.org/wiki/Unix_security
http://www.onlamp.com/pub/a/bsd/2000/09/13/FreeBSD_Basics.html
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of dubaisans dubai
Sent: Monday, September 18, 2006 7:50 AM
To: focus-sun@xxxxxxxxxxxxxxxxx
Subject: root group in solaris
Hi,
I would like to give root user privileges to a set of OS administrators.
Everyone has individual user-ids on the system.
Currently they login with their personal ID and then SU to root. I donot
want to share root password with these many people.
I am thinking of adding all these users to the "root" group[GID 0].
Will it provide root-equivalent UID O access to these users. If not why
? Does the "root" group not have root user-id equivalent privileges?
Is it possible manually to make the GID 0 privileges equivalant of UID
O?
How else can I give these individual users root privileges - make all of
them UID 0 or something.? Is that a smart idea?
I am looking at something simpler than SUDO or RBAC
-----------------------------------------
This e-mail message is private and may contain confidential or
privileged information.
- Prev by Date: RE: root group in solaris
- Next by Date: RE: root group in solaris
- Previous by thread: Re: root group in solaris
- Next by thread: RE: root group in solaris
- Index(es):
Relevant Pages
|
|
