Re: root group in solaris :Thankyou



Hi,

Thank you for all the replies. I have concluded as

Stick to sudo or RBAC. The root group is nothing special. Making UID O
for multiple user accounts is not recommended. Using Least privileges
on Solaris 10 will make things even better.

Thank you for your time.

On 9/19/06, John Dewey <jdewey2@xxxxxxxxxxxxxxxxxx> wrote:
On Mon, Sep 18, 2006 at 08:07:03PM +0200, Casper.Dik@xxxxxxx wrote:
>
> >I would like to give root user privileges to a set of OS
> >administrators. Everyone has individual user-ids on the system.
> >Currently they login with their personal ID and then SU to root. I
> >donot want to share root password with these many people.
> >
> >I am thinking of adding all these users to the "root" group[GID 0].
> >Will it provide root-equivalent UID O access to these users. If not
> >why ? Does the "root" group not have root user-id equivalent
> >privileges?
>
>
> >Is it possible manually to make the GID 0 privileges equivalant of UID O?
>
> No; you could have easily tested this but it has no effect at all.
>
> >How else can I give these individual users root privileges - make all
> >of them UID 0 or something.? Is that a smart idea?
> >
> >I am looking at something simpler than SUDO or RBAC
>
> Even simpler?
>
> I would still strongly suggest RBAC or sudo as both all your system
> administrators to execute programs with appropriate privileges when
> needed. Giving them "root privileges all the time" is a bad idea;
> it means that they can no longer safely use their user accounts
> for email, web browsing or anything else.
>

There is also process rights management (least privilege) in Solaris 10.
http://blogs.sun.com/DirectoryManager/entry/forget_your_roots

John




Relevant Pages

  • Re: theoretical question - can roots username be changed?
    ... >> called 'root' on any given Linux box, ... >> unrestrained privileges, why would it be feeble to double the ... >> changing his username. ... > try to change the operation of a process already running at UID ...
    (Fedora)
  • Re: creating a user with only read permissions on all files
    ... the OS itself needs a UID for certain privileged ... So, while 'root' is the administrator, UID 0 /is/ the OS. ... access to the OS privileges to one user, ...
    (comp.os.linux.misc)
  • Re: Apache and home directories (file browser).
    ... You don't chroot to a uid, you generally 'drop' privileges to a uid. ... When you start Apache, you need to start it as root, then it drops ... If you have suexec ...
    (freebsd-isp)
  • RE: root group in solaris
    ... Typically you would add someone to the 'wheel' user group on a UNIX ... I would like to give root user privileges to a set of OS administrators. ... Is it possible manually to make the GID 0 privileges equivalant of UID ...
    (Focus-SUN)
  • Re: root group in solaris
    ... I would like to give root user privileges to a set of OS ... Currently they login with their personal ID and then SU to root. ... Does the "root" group not have root user-id equivalent ... Is it possible manually to make the GID 0 privileges equivalant of UID O? ...
    (Focus-SUN)