09-11-2006
Quote:
Originally Posted by System Shock
I don't know of any application account that needs to be part of the root group. Is it homegrown?
Anyway, I'd move it to it's own group.
Yeah it's a homegrown security application.
My agrument is that it shouldn't be apart of the GID = 1, which is "other" on SUN Unix but could be "bin" on Linux. There are too many flavors of Unix with no standard on GIDs, so you run the risk of having inappropriate privileged access.
So I had them move it to it's own separate group that wasn't a designated system GID.
Duke
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have this unix version 3.0
"UNIX_SV server 4.0 3.0 3425 Pentium II(TM)-ISA/PCI"
can i delete or disable the system generated account as "daemon";"uucp";"sys";"adm";"listen";"bin"
and if yes how can i do it?
Regards (1 Reply)
Discussion started by: sak900354
1 Replies
2. Forum Support Area for Unregistered Users & Account Problems
Hello,
I registered an account several hours ago, and never recieved the email
registration link in my email account. Read the instructions posted here, and
requested to resend registration link, and this one also has not shown up in
my email acccount.
yes, I've checked the bulk folder as... (1 Reply)
Discussion started by: denn
1 Replies
3. UNIX for Dummies Questions & Answers
I'm running an Apache server on Ubuntu. When I try to call fopen() in PHP, I get a bunch of permission errors. I searched for advice on this, and I found that I needed to change the system account that Apache runs on. However, I'm not sure how to do this, and I was unable to find the answer on... (3 Replies)
Discussion started by: gloriac991
3 Replies
4. Linux
Hi,
Can anyone please guide me how can I remove/block a user from a server access.
/usr/sbin/adduser -d /home/john john
echo ****** | passwd --stdin john
I used the above command to add a user "john". How do I delete and block john.
Appreciate your responses. (1 Reply)
Discussion started by: sureshcisco
1 Replies
5. UNIX and Linux Applications
Hi,
Can anyone please guide me how can I remove/block a user from a server access.
/usr/sbin/adduser -d /home/john john
echo ****** | passwd --stdin john
I used the above command to add a user "john". How do I delete and block john.
Appreciate your responses.... (2 Replies)
Discussion started by: sureshcisco
2 Replies
6. UNIX for Advanced & Expert Users
Hi,
Is it possible to do hard link between the mount point of file some structure to the sftp account of some other server ? If possible then what could be the behavior of link properties? Is it could be the same as we found in our environment (unix/linux).
Even if we do such link , then it... (1 Reply)
Discussion started by: posix
1 Replies
7. UNIX for Dummies Questions & Answers
I am going to start an ambitious project for my senior year of college. Just as the title says: I want to write a single application operating system that is dedicated to running only one application and none other. I need to build a bare bones UNIX operating system that will use provided binary... (5 Replies)
Discussion started by: unt_engn
5 Replies
8. UNIX for Beginners Questions & Answers
Hi everyone,
have a good day to you.
I am trying to use NFS to share a folder between 2 linux systems.
Let's say the server which is sharing the folder is server A and the client which need to access this shared folder is server B.
In server B, i am having a Joe user which UID and GID is 500.... (1 Reply)
Discussion started by: michael_hoang
1 Replies
LEARN ABOUT CENTOS
pam_wheel
PAM_WHEEL(8) Linux-PAM Manual PAM_WHEEL(8)
NAME
pam_wheel - Only permit root access to members of group wheel
SYNOPSIS
pam_wheel.so [debug] [deny] [group=name] [root_only] [trust] [use_uid]
DESCRIPTION
The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant
user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0.
OPTIONS
debug
Print debug information.
deny
Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of
the group option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also specified, in
which case we return PAM_SUCCESS).
group=name
Instead of checking the wheel or GID 0 groups, use the name group to perform the authentication.
root_only
The check for wheel membership is done only.
trust
The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play
stacking the modules the wheel members may be able to su to root without being prompted for a passwd).
use_uid
The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one
account to another for example).
MODULE TYPES PROVIDED
The auth and account module types are provided.
RETURN VALUES
PAM_AUTH_ERR
Authentication failure.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
The return value should be ignored by PAM dispatch.
PAM_PERM_DENY
Permission denied.
PAM_SERVICE_ERR
Cannot determine the user name.
PAM_SUCCESS
Success.
PAM_USER_UNKNOWN
User not known.
EXAMPLES
The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non-root applicants.
su auth sufficient pam_rootok.so
su auth required pam_wheel.so
su auth required pam_unix.so
SEE ALSO
pam.conf(5), pam.d(5), pam(8)
AUTHOR
pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
Linux-PAM Manual 09/19/2013 PAM_WHEEL(8)