RE: root group in solaris : Tools

I use PowerBroker a lot and I'm very fond of it. (I also use
PowerPassword -- another Symark product -- and I don't like it nearly as

PowerBroker is very capable. I can set it up so that certain users have
access to certain accounts on certain machines, but only on certain days
or only for certain commands. I can make it so that you operate as a
particular user, particular group, with a particular home directory,
certain startup files, etc., etc.

In addition, it does keystroke-by-keystroke logging so I can go back
after the fact and review a session and see what the user typed and what
they saw. Of course, that doesn't help much if all they do is launch a
gui session, but then neither will any of the other solutions.

The logging and management are done on (one or more) central server(s),
so you can make it so that the users can't modify the logs after the
fact to hide their activities.

I rate the product very highly, but I would say that for a small
environment I wouldn't bother with it -- I'd just use sudo -- unless I
required that degree of logging and protection of logs.

Oh, and sudo is free while PowerBroker is not.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of dubaisans dubai
Sent: Tuesday, September 19, 2006 2:01 AM
To: focus-sun@xxxxxxxxxxxxxxxxx
Subject: Re: root group in solaris : Tools

What is the suggestion on using a tool like Powerbroker from Symark.
The tool claims to centralise the "sudo" function and also provide
logging? Does anyone have feedback on this tool or any other third party
tool in the same space?

On 9/19/06, Suzanne Widup <Suzanne.Widup@xxxxxxxxxxx> wrote:
Have you looked at implementing sudo? It's a root delegation tool and

would give you some better accountability as to what people are doing.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
On Behalf Of dubaisans dubai
Sent: Monday, September 18, 2006 5:50 AM
To: focus-sun@xxxxxxxxxxxxxxxxx
Subject: root group in solaris


I would like to give root user privileges to a set of OS
Everyone has individual user-ids on the system.
Currently they login with their personal ID and then SU to root. I
donot want to share root password with these many people.

I am thinking of adding all these users to the "root" group[GID 0].
Will it provide root-equivalent UID O access to these users. If not
why ? Does the "root" group not have root user-id equivalent

Is it possible manually to make the GID 0 privileges equivalant of UID


How else can I give these individual users root privileges - make all
of them UID 0 or something.? Is that a smart idea?

I am looking at something simpler than SUDO or RBAC

"MMS <>" made the following annotations.
All e-mail sent to this address will be received by the Safeway
corporate e-mail system, and is subject to archival and review by
someone other than the recipient. This e-mail may contain information
proprietary to Safeway and is intended only for the use of the intended
recipient(s). If the reader of this message is not the intended
recipient(s), you are notified that you have received this message in
error and that any review, dissemination, distribution or copying of
this message is strictly prohibited. If you have received this message
in error, please notify the sender immediately.


Relevant Pages

  • Re: Apples Snow Leopard Is Less Secure Than Windows, But Safer
    ... mischief that you can do with user privileges. ... pretty much all of the routine work on the machine is ... Strictly speaking you don't have to _log_on_ to root. ... is a lot of logging and reviews. ...
  • Re: What questions should one ask about PowerBroker & PowerPassword??
    ... > UNIX environment - learning a lot from our Senior Admin, ... Powerbroker allows centralized, _auditted_ access to root on systems. ...
  • Re: PowerBroker
    ... >> I am considering Powerbroker from Symark to manage Root access and Sys ... >> Admin privileges on my Solaris environment. ...
  • Re: Great SWT Program
    ... from a terminal emulator and log in as root there. ... terminal-emulator windows open, ... The script, suid-root utility, or whatever would ... the command interpreter with root privileges ...
  • Some more thoughts about linux computer security
    ... privileges to do so. ... The programs that run with root privileges are ... be changed by the admin (or is set by the package manager on the admin's ... The package manager will install it that way. ...