The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Advanced & Expert Users
How to prevent local root from su to an NIS user? How to prevent local root from su to an NIS user?
Google UNIX.COM
Forums Portal Register Forum Rules FAQContribute Members List Arcade Search Today's Posts Mark Forums Read


UNIX for Advanced & Expert Users Advanced UNIX and Linux questions go here. Expert-to-Expert.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Prevent users logging in as root Sepia SUN Solaris 3 06-05-2008 10:45 AM
How get root without local & with open port in server iis UNIX and Linux Applications 2 04-18-2008 06:19 AM
Can I prevent a user from changing the permissions on their home directory. DanL UNIX for Dummies Questions & Answers 2 08-29-2006 09:56 AM
How to prevent root users from editing files (logs) vehchi UNIX for Dummies Questions & Answers 4 12-06-2005 02:29 PM
Prevent root login directly skotapal UNIX for Dummies Questions & Answers 4 09-27-2002 03:53 AM

Reply
 
Submit Tools LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-04-2008
nfw nfw is offline
Registered User
  

Join Date: Oct 2007
Posts: 2
Stumble this Post!
How to prevent local root from su to an NIS user?
We have a shared development box, running Solaris 10 that is an NIS client, all the developers have local root password. If they know the NIS uid of another user, they can just do

% useradd -u <uid> login

And then log in as that user and have full access to his files in his home directory. Is there any way to prevent this or is this a feature?
Reply With Quote
Forum Sponsor
  #2 (permalink)  
Old 01-04-2008
Registered User
  

Join Date: Dec 2007
Location: Virginia, USA.
Posts: 239
Stumble this Post!
No, it's an artifact of your deployment. I'm assuming NIS & NFS. The developers don't need to add local uids for them to su if the pertinent filesystems and credentials are available. I can think (quickly) of only one way to deal with the issue and that is by implementing netgroups (man -k netgroup).

Developers having local root access is an insupportable security practice imho. Perhaps a well designed sudo implementation is in order.
Reply With Quote
  #3 (permalink)  
Old 01-08-2008
nfw nfw is offline
Registered User
  

Join Date: Oct 2007
Posts: 2
Stumble this Post!
I agree with you. I would like to change root password, what is the best way to force all users currently logged in as root to exit their root shell?
Reply With Quote
  #4 (permalink)  
Old 01-08-2008
Registered User
  

Join Date: Dec 2007
Location: Virginia, USA.
Posts: 239
Stumble this Post!
ps -U root and find the pids of all shells (left as an exercise), then I would warn all users that their sessions are going to be terminated and kill -9 each shell process.
Reply With Quote
Google The UNIX and Linux Forums
Reply

« Deleting end of line $ character in file | Solaris and Linux system information. »
Thread Tools
Display Modes
Linear Mode Linear Mode




All times are GMT -7. The time now is 01:55 AM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008 The CEP Blog All Rights Reserved -Ad Management by RedTyger Visit The Global Fact Book

Content Relevant URLs by vBSEO 3.2.0