05-25-2007
Quote:
Originally Posted by BG_JrAdmin
What is the file you have to edit to allow or deny someone to be able to su - to root?
If i could, i would play with the /bin/su's file permission and make a group that can su
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello,
Another newbie here and here is my dilemma. I created an account for me on Solaris 8 and I added myself to the root group. But when I login using that account I am unable to do superuser tasks.. (add users, admintool, etc). What am I missing? Thanks in advance..
Andre (5 Replies)
Discussion started by: jacobsa
5 Replies
2. UNIX for Dummies Questions & Answers
Currently have root access to our own boxes on site. HQ wants to take root access away from us.
What does root access provide that is unavailable for users as it is essential for us to keep local control.
We log in as users but have su for special needs.
On all other os boxes we have admin... (2 Replies)
Discussion started by: allinone
2 Replies
3. UNIX for Advanced & Expert Users
Hi all,
I need your help with this problem.
I have my own ftp server implemented in java. If I start it as root it is successfully binded to port 21 and everything works. Now I want to run it as non-root user, but for binding to port 21 it needs root rights. How to solve it?
I alrady try... (3 Replies)
Discussion started by: giorgione
3 Replies
4. HP-UX
How can I get the CPUs speed without root permissions?
Thanks. (2 Replies)
Discussion started by: psimoes79
2 Replies
5. HP-UX
Hi all,
I cannot change root owned files/directories even though I am logged in as
root.
>drwxr-xr-x 11 root root 4096 Oct 25 14:00 prodbkp
>root / # chown oracle prodbkp
prodbkp: Not owner
>id
uid=0(root) gid=3(sys) groups=0(root)
please assist.
thanks (0 Replies)
Discussion started by: macgre_r
0 Replies
6. Solaris
Hi I have a doubt, here if a file does not have the write permissions to the root user my script is going to write the data into that file. when i executed the script as root user. Is it correct ... ? (4 Replies)
Discussion started by: Shreedhar Naik
4 Replies
7. UNIX for Dummies Questions & Answers
I want to check if in a host a set of persons have sudo access or not and I dont have root access to the host. (1 Reply)
Discussion started by: pristine
1 Replies
8. UNIX for Advanced & Expert Users
To create RAW socket in Unix/Linux why should one have root permissions?
Any other work around to create raw sockets in Unix/Linux using a normal login id? Since I don't have super user credentials and I want to create RAW sockets.
Let me know if you are aware of any work around. (3 Replies)
Discussion started by: anilgurwara
3 Replies
9. UNIX for Dummies Questions & Answers
Hi everybody, which are the root group permissions and how can I give to a user these rights?
Thanks in advance. (2 Replies)
Discussion started by: bmayao
2 Replies
10. Solaris
Hi,
I have a Solaris 10 server and I want to export a filesystem to a linux client and give the client's root user root priviliges on the filesystem.
The client is an ubuntu 14.04 LTS server.
the dfstab on the server looks lik this:
/usr/sbin/share -F nfs -o ... (1 Reply)
Discussion started by: nvanvliet
1 Replies
LEARN ABOUT CENTOS
tpm_quote_tools
TPM QUOTE
TOOLS(8) TPM QUOTE TOOLS(8)
NAME
TPM Quote Tools
PROGRAMS
tpm_mkuuid, tpm_mkaik, tpm_loadkey, tpm_unloadkey, tpm_getpcrhash, tpm_updatepcrhash, tpm_getquote, tpm_verifyquote
DESCRIPTION
TPM Quote Tools is a collection of programs that provide support for TPM based attestation using the TPM quote operation.
A TPM contains a set of Platform Configuration Registers (PCRs). In a well configured machine, some of these registers are set to known
values during the boot up process or at other times. For example, a PCR might contain the hash of a boot loader in memory before it is
run.
The TPM quote operation is used to authoritatively verify the contents of a TPM's Platform Configuration Registers (PCRs). During provi-
sioning, a composite hash of a selected set of PCRs is computed. The TPM quote operation produces a composite hash that can be compared
with the one computed while provisioning.
To use the TPM quote operation, keys must be generated. During provisioning, an Attestation Identity Key (AIK) is generated for each TPM,
and the public part of the key is made available to entities that validate quotes.
The TPM quote operation returns signed data and a signature. The data that is signed contains the PCRs selected for the operation, the
composite hash for the selected PCRs, and a nonce provided as input, and used to prevent replay attacks. At provisioning time, the data
that is signed is stored, not just the composite hash. The signature is discarded.
An entity that wishes to evaluate a machine generates a nonce, and sends it along with the set of PCR used to generate the composite PCR
hash at provisioning time. For this use of the TPM quote operation, the signed data is ignored, and the signature returned is used to val-
idate the state of the TPM's PCRs. Given the signature, the evaluating entity replaces the nonce in the signed data generated at provi-
sioning time, and checks to see if the signature is valid for the data. If so, this check ensures the selected PCRs contain values that
match the ones measured during provisioning.
A typical scenario for an enterprise using these tools follows. The tools expect AIKs to be referenced via one enterprise-wide Universally
Unique Identifier (UUID). The program tpm_mkuuid creates one.
For each machine being checked, an AIK is created using tpm_mkaik. The key blob produced is bound to the UUID on its machine using
tpm_loadkey. The public key associated with the AIK is sent to the entities that verify quotes. Finally, the expected PCR composite hash
is obtained using tpm_getpcrhash. When the expected PCR values change, a new hash can be generated with tpm_updatepcrhash.
The program to obtain a quote, and thus measure the current state of the PCRs is tpm_getquote. The program that verifies the quote
describes the same PCR composite hash as was measured initially is tpm_verifyquote.
SEE ALSO
tpm_mkuuid(8), tpm_mkaik(8), tpm_loadkey(8), tpm_unloadkey(8), tpm_getpcrhash(8), tpm_updatepcrhash(8), tpm_getquote(8), tpm_verifyquote(8)
Oct 2010 TPM QUOTE TOOLS(8)