Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Prevent users logging in as root | Sepia | SUN Solaris | 3 | 06-05-2008 01:45 PM |
| How get root without local & with open port in server | iis | UNIX and Linux Applications | 2 | 04-18-2008 09:19 AM |
| Can I prevent a user from changing the permissions on their home directory. | DanL | UNIX for Dummies Questions & Answers | 2 | 08-29-2006 12:56 PM |
| How to prevent root users from editing files (logs) | vehchi | UNIX for Dummies Questions & Answers | 4 | 12-06-2005 06:29 PM |
| Prevent root login directly | skotapal | UNIX for Dummies Questions & Answers | 4 | 09-27-2002 06:53 AM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
01-04-2008
|
||||
|
||||
|
How to prevent local root from su to an NIS user?
We have a shared development box, running Solaris 10 that is an NIS client, all the developers have local root password. If they know the NIS uid of another user, they can just do
% useradd -u <uid> login And then log in as that user and have full access to his files in his home directory. Is there any way to prevent this or is this a feature? |
|
01-04-2008
|
||||
|
||||
|
No, it's an artifact of your deployment. I'm assuming NIS & NFS. The developers don't need to add local uids for them to su if the pertinent filesystems and credentials are available. I can think (quickly) of only one way to deal with the issue and that is by implementing netgroups (man -k netgroup).
Developers having local root access is an insupportable security practice imho. Perhaps a well designed sudo implementation is in order. |
|
01-08-2008
|
||||
|
||||
|
ps -U root and find the pids of all shells (left as an exercise), then I would warn all users that their sessions are going to be terminated and kill -9 each shell process.
|
| Sponsored Links | ||
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
