Re: root group in solaris



That's probably not the best way to do it. First, just by adding
people to the root group it doesn't give them root privileges. The
only way to do that would be to make specific binaries sgid/suid.

You should really look at using RBAC or sudo for what you're doing.

With RBAC a user will su to a "role" (a special account) that can (or
may not) have a shared password. That role will have a profile that
will link what binaries can be run suid by that role. Those users will
not have root, they'll just have access to an alternate account that
they have to su to (good for auditing/paper trails.)

On 9/18/06, dubaisans dubai <dubaisans@xxxxxxxxx> wrote:
Hi,

I would like to give root user privileges to a set of OS
administrators. Everyone has individual user-ids on the system.
Currently they login with their personal ID and then SU to root. I
donot want to share root password with these many people.

I am thinking of adding all these users to the "root" group[GID 0].
Will it provide root-equivalent UID O access to these users. If not
why ? Does the "root" group not have root user-id equivalent
privileges?

Is it possible manually to make the GID 0 privileges equivalant of UID O?

How else can I give these individual users root privileges - make all
of them UID 0 or something.? Is that a smart idea?

I am looking at something simpler than SUDO or RBAC



Relevant Pages

  • Re: Great SWT Program
    ... from a terminal emulator and log in as root there. ... terminal-emulator windows open, ... The script, suid-root utility, or whatever would ... the command interpreter with root privileges ...
    (comp.lang.java.programmer)
  • Re: theoretical question - can roots username be changed?
    ... >> called 'root' on any given Linux box, ... >> unrestrained privileges, why would it be feeble to double the ... >> changing his username. ... > try to change the operation of a process already running at UID ...
    (Fedora)
  • Re: root group in solaris :Thankyou
    ... Stick to sudo or RBAC. ... The root group is nothing special. ... Making UID O ... >>I would like to give root user privileges to a set of OS ...
    (Focus-SUN)
  • Re: creating a user with only read permissions on all files
    ... the OS itself needs a UID for certain privileged ... So, while 'root' is the administrator, UID 0 /is/ the OS. ... access to the OS privileges to one user, ...
    (comp.os.linux.misc)
  • Re: Apache and home directories (file browser).
    ... You don't chroot to a uid, you generally 'drop' privileges to a uid. ... When you start Apache, you need to start it as root, then it drops ... If you have suexec ...
    (freebsd-isp)