Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to prevent local root from su to an NIS user?
Top Forums UNIX for Advanced & Expert Users How to prevent local root from su to an NIS user? Post 302155543 by nfw on Friday 4th of January 2008 12:11:38 PM
Old 01-04-2008
How to prevent local root from su to an NIS user?
We have a shared development box, running Solaris 10 that is an NIS client, all the developers have local root password. If they know the NIS uid of another user, they can just do

% useradd -u <uid> login

And then log in as that user and have full access to his files in his home directory. Is there any way to prevent this or is this a feature?
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Prevent root login directly

Hi How can I prevent anyone from logging in as root directly? I have added the line console=/dev/null to the file /etc/default/login I was still able to login as root from the console. Please advice. Thanks Srini (4 Replies)
Discussion started by: skotapal
4 Replies

2. UNIX for Dummies Questions & Answers

How to prevent root users from editing files (logs)

How to prevent root users from editing files (logs)? Is there any way? (4 Replies)
Discussion started by: vehchi
4 Replies

3. Solaris

Prevent users logging in as root

I would like to know how to prevent users connecting to a server using SSH as root. I would still like them to be able to login with their username and then change to su. But I would like to prevent them logging in directly as root. I have searched the forum and read that I should set... (3 Replies)
Discussion started by: Sepia
3 Replies

4. Red Hat

NIS disabling the MAP for a local user

Hello everybody, we have a NIS User lsfadmin which gets his environment variables from the autmount /home/lsfadmin. A newer version of the application needs a different environment to launch the application. I can't change the environment of the NIS User because we use NIS company wide for... (0 Replies)
Discussion started by: sdohn
0 Replies

5. Shell Programming and Scripting

switch user from local user to root in perl

Hi Gurus, I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password. It seems that i need to use expect module here, but i don't know how to create the object for this. ... (1 Reply)
Discussion started by: linuxgeek
1 Replies

6. UNIX for Advanced & Expert Users

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies

7. UNIX for Dummies Questions & Answers

NIS user in local group

I have root access on a linux (RH5.4) server within an NIS setup that I don't control. I have an NIS account that creates directories on my local node that I want to be writable by my local apache account. The NIS account is only a member of the "users" group and the local apache account is... (1 Reply)
Discussion started by: clindseysmith
1 Replies

8. UNIX for Dummies Questions & Answers

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies

9. Red Hat

How to check local accounts have root and user access rights ?

Hi, I have three servers,For 3 servers how i can take output,all the local accounts and details of whether the access is Root or User access. cheers (1 Reply)
Discussion started by: ranjithm
1 Replies

10. Shell Programming and Scripting

How to Switch from Local user to root user from a shell script?

Hi, I need to switch from local user to root user in a shell script. I need to make it automated so that it doesn't prompt for the root password. I heard the su command will do that work but it prompt for the password. and also can someone tell me whether su command spawns a new shell or... (1 Reply)
Discussion started by: Little
1 Replies

LEARN ABOUT OPENSOLARIS

nisserver

nisserver(1M)						  System Administration Commands					     nisserver(1M)

NAME

       nisserver - set up NIS+ servers

SYNOPSIS

       /usr/lib/nis/nisserver -r [-x] [-f] [-v] [-Y]
	    [-d NIS+_domain] [-g NIS+_groupname]
	    [-l network_passwd]

       /usr/lib/nis/nisserver -M [-x] [-f] [-v] [-Y] -d NIS+_domain
	    [-g NIS+_groupname]
	    [-h NIS+_server_host]

       /usr/lib/nis/nisserver -R [-x] [-f] [-v] [-Y]
	    [-d NIS+_domain] [-h NIS+_server_host]

DESCRIPTION

       The  nisserver  shell  script can be used to set up a root master, non-root master, and replica NIS+ server with level 2 security (DES). If
       other authentication mechanisms are configured with nisauthconf(1M), nisserver will set up a NIS+ server using those  mechanisms.  nisauth-
       conf(1M) should be used before nisserver.

       When  setting up a new domain, this script creates the NIS+ directories (including groups_dir and org_dir) and system table objects for the
       domain specified. It does not populate the tables. nispopulate(1M) must be used to populate the tables.

OPTIONS

       -d NIS+_domain	      Specifies the name for the NIS+ domain. The default is your local domain.

       -f		      Forces the NIS+ server setup without prompting for confirmation.

       -g NIS+_groupname      Specifies the NIS+ group name for the new domain. This option is not valid with -R  option.  The	default  group	is
			      admin.<domain>.

       -h NIS+_server_host    Specifies the hostname for the NIS+ server. It must be a valid host in the local domain. Use a fully qualified host-
			      name (for example, hostx.xyz.sun.com.) to specify a host outside of your local domain. This option is only used  for
			      setting  up non-root master or replica servers. The default for non-root master server setup is to use the same list
			      of servers as the parent domain. The default for replica server setup is the local hostname.

       -l network_password    Specifies the network password with which to create the credentials for the root master server. This option is  only
			      used for master root server setup (-r option). If this option is not specified, the script prompts you for the login
			      password.

       -M		      Sets up the specified host as a master server. Make sure that rpc.nisd(1M) is  running  on  the  new  master  server
			      before this command is executed.

       -R		      Sets up the specified host as a replica server. Make sure that rpc.nisd is running on the new replica server.

       -r		      Sets up the server as a root master server. Use the -R option to set up a root replica server.

       -v		      Runs the script in verbose mode.

       -x		      Turns  the echo mode on. The script just prints the commands that it would have executed. Note that the commands are
			      not actually executed. The default is off.

       -Y		      Sets up a NIS+ server with NIS-compatibility mode. The default is to set up  the	server	without  NIS-compatibility
			      mode.

USAGE

       Use  the  first synopsis of the command (-r) to set up a root master server. To run the command, you must be logged in as super-user on the
       server machine.

       Use the second synopsis of the command (-M) to set up a non-root master server for the specified domain. To run the command,  you  must	be
       logged  in  as  a NIS+ principal on a NIS+ machine and have write permission to the parent directory of the domain that you are setting up.
       The new non-root master server machine must already be an NIS+ client (see nisclient(1M)) and have the rpc.nisd(1M) daemon running.

       Use the third synopsis of the command (-R) to set up a replica server for both root and non-root domains. To run the command, you  must	be
       logged  in  as a NIS+ principal on a NIS+ machine and have write permission to the parent directory of the domain that you are replicating.
       The new non-root replica server machine must already be an NIS+ client and have the rpc.nisd daemon running.

EXAMPLES

       Example 1 Setting up Servers

       To set up a root master server for domain sun.com.:

	 root_server# /usr/lib/nis/nisserver -r -d sun.com.

       For the following examples make sure that the new servers are NIS+ clients and that rpc.nisd is running on  these  hosts  before  executing
       nisserver. To set up a replica server for the sun.com. domain on host sunreplica:

	 root_server# /usr/lib/nis/nisserver -R -d sun.com. -h sunrep

       To set up a non-root master server for domain xyz.sun.com. on host sunxyz with the NIS+ groupname as admin-mgr.xyz.sun.com.:

	 root_server# /usr/lib/nis/nisserver -M -d xyz.sun.com. -h sunxyz 
	 -g admin-mgr.xyz.sun.com.

       To set up a non-root replica server for domain xyz.sun.com. on host sunabc:

	 sunxyz# /usr/lib/nis/nisserver -R -d xyz.sun.com. -h sunabc

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       NIS+(1),  nisgrpadm(1),	nismkdir(1),  nisaddcred(1M),  nisauthconf(1M),  nisclient(1M), nisinit(1M), nispopulate(1M), nisprefadm(1M), nis-
       setup(1M), rpc.nisd(1M),  attributes(5)

NOTES

       NIS+ might not be supported in future releases of the Solaris Operating system. Tools to aid the migration from NIS+ to LDAP are  available
       in the current Solaris release. For more information, visit http://www.sun.com/directory/nisplus/transition.html.

SunOS 5.11							    13 Dec 2001 						     nisserver(1M)
All times are GMT -4. The time now is 10:10 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy