Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to prevent local root from su to an NIS user?
Top Forums UNIX for Advanced & Expert Users How to prevent local root from su to an NIS user? Post 302155543 by nfw on Friday 4th of January 2008 12:11:38 PM
Old 01-04-2008
How to prevent local root from su to an NIS user?
We have a shared development box, running Solaris 10 that is an NIS client, all the developers have local root password. If they know the NIS uid of another user, they can just do

% useradd -u <uid> login

And then log in as that user and have full access to his files in his home directory. Is there any way to prevent this or is this a feature?
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Prevent root login directly

Hi How can I prevent anyone from logging in as root directly? I have added the line console=/dev/null to the file /etc/default/login I was still able to login as root from the console. Please advice. Thanks Srini (4 Replies)
Discussion started by: skotapal
4 Replies

2. UNIX for Dummies Questions & Answers

How to prevent root users from editing files (logs)

How to prevent root users from editing files (logs)? Is there any way? (4 Replies)
Discussion started by: vehchi
4 Replies

3. Solaris

Prevent users logging in as root

I would like to know how to prevent users connecting to a server using SSH as root. I would still like them to be able to login with their username and then change to su. But I would like to prevent them logging in directly as root. I have searched the forum and read that I should set... (3 Replies)
Discussion started by: Sepia
3 Replies

4. Red Hat

NIS disabling the MAP for a local user

Hello everybody, we have a NIS User lsfadmin which gets his environment variables from the autmount /home/lsfadmin. A newer version of the application needs a different environment to launch the application. I can't change the environment of the NIS User because we use NIS company wide for... (0 Replies)
Discussion started by: sdohn
0 Replies

5. Shell Programming and Scripting

switch user from local user to root in perl

Hi Gurus, I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password. It seems that i need to use expect module here, but i don't know how to create the object for this. ... (1 Reply)
Discussion started by: linuxgeek
1 Replies

6. UNIX for Advanced & Expert Users

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies

7. UNIX for Dummies Questions & Answers

NIS user in local group

I have root access on a linux (RH5.4) server within an NIS setup that I don't control. I have an NIS account that creates directories on my local node that I want to be writable by my local apache account. The NIS account is only a member of the "users" group and the local apache account is... (1 Reply)
Discussion started by: clindseysmith
1 Replies

8. UNIX for Dummies Questions & Answers

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies

9. Red Hat

How to check local accounts have root and user access rights ?

Hi, I have three servers,For 3 servers how i can take output,all the local accounts and details of whether the access is Root or User access. cheers (1 Reply)
Discussion started by: ranjithm
1 Replies

10. Shell Programming and Scripting

How to Switch from Local user to root user from a shell script?

Hi, I need to switch from local user to root user in a shell script. I need to make it automated so that it doesn't prompt for the root password. I heard the su command will do that work but it prompt for the password. and also can someone tell me whether su command spawns a new shell or... (1 Reply)
Discussion started by: Little
1 Replies

LEARN ABOUT SUSE

adduser

useradd(8)						      System Manager's Manual							useradd(8)

NAME

       useradd - create a new user account

SYNOPSIS

       useradd [-D binddn] [-P path] [-c comment] [-d homedir]
	       [-e expire] [-f inactive] [-G group,...] [-g gid]
	       [-m [-k skeldir]] [-o] [-p password] [-u uid]
	       [-U umask] [-r] [-s shell] [--service service] [--help]
	       [--usage] [-v] [--preferred-uid uid] account

       useradd --show-defaults

       useradd --save-defaults [-d homedir] [-e expire] [-f inactive]
	       [-g gid] [-G group,...] [-k skeldir] [-U umask] [-s shell]

DESCRIPTION

       useradd	creates a new user account using the default values from /etc/default/useradd and the specified on the command line.  Depending on
       the command line options the new account will be added to the system files or LDAP database, the home directory will  be  created  and  the
       initial default files and directories will be copied.

       The  account name must begin with an alphabetic character and the rest of the string should be from the POSIX portable character class ([A-
       Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]).

OPTIONS

       -c, --comment comment
	      This option specifies the users finger information.

       -d, --home homedir
	      This option specifies the users home directory.  If not specified, the default from /etc/default/useradd is used.

       -e, --expire expire
	      With this option the date when the account will be expired can be changed. expiredate has to be specified as number  of  days  since
	      January 1st, 1970. The date may also be expressed in the format YYYY-MM-DD.  If not specified, the default from /etc/default/useradd
	      is used.

       -f, --inactive inactive
	      This option is used to set the number of days of inactivity after a password has expired before the account is locked. A user  whose
	      account  is  locked  must contact the system  administrator before being able to use the account again.  A value of -1 disables this
	      feature.	If not specified, the default from /etc/default/useradd is used.

       -G, --groups group,...
	      With this option a list of supplementary groups can be specified, which the user should become a member of. Each group is  separated
	      from the next one only by a comma, without whitespace.  If not specified, the default from /etc/default/useradd is used.

       -g, --gid gid
	      The  group name or number of the user's main group. The group name or number must refer to an already existing group.  If not speci-
	      fied, the default from /etc/default/useradd is used.

       -k, --skel skeldir
	      Specify an alternative skel directory. This option is only valid, if the home directory for the new user should be created, too.	If
	      not specified, the default from /etc/default/useradd or /etc/skel is used.

       -m, --create-home
	      Create home directory for new user account.

       -o, --non-unique
	      Allow duplicate (non-unique) User IDs.

       -p, --password password
	      Encrypted password as returned by crypt(3) for the new account. The default is to disable the account.

       -U, --umask umask
	      The permission mask is initialized to this value. It is used by useradd for creating new home directories. The default is taken from
	      /etc/default/useradd.

       -u, --uid uid
	      Force the new userid to be the given number. This value must be positive and unique. The default is to use the first free  ID  after
	      the greatest used one. The range from which the user ID is chosen can be specified in /etc/login.defs.

       --preferred-uid uid
	      Set the new userid to the specified value if possible. If that value is already in use the first free ID will be chosen as described
	      above.

       -r, --system
	      Create a system account. A system account is  an	user  with  an	UID  between  SYSTEM_UID_MIN  and  SYSTEM_UID_MAX  as  defined	in
	      /etc/login.defs, if no UID is specified. The GROUPS entry in /etc/default/useradd is ignored, too.

       -s, --shell  shell
	      Specify user's login shell. The default for normal user accounts is taken from /etc/default/useradd, the default for system accounts
	      is /bin/false.

       --service service
	      Add the account to a special directory. The default is files, but ldap is also valid.

       -D, --binddn binddn
	      Use the Distinguished Name binddn to bind to the LDAP directory.	The user will be prompted for a password  for  simple  authentica-
	      tion.

       -P, --path path
	      The  passwd  and	shadow	files  are  located  below  the specified directory path. useradd will use this files, not /etc/passwd and
	      /etc/shadow.

       --help Print a list of valid options with a short description.

       --usage
	      Print a short list of valid options.

       -v, --version
	      Print the version number and exit.

FILES

       /etc/passwd - user account information
       /etc/shadow - shadow user account information
       /etc/group - group information
       /etc/default/useradd - default values for account creation
       /etc/skel - directory containing default files

SEE ALSO

       passwd(1), login.defs(5), passwd(5), shadow(5), userdel(8), usermod(8)

AUTHOR

       Thorsten Kukuk <kukuk@suse.de>

pwdutils							     May 2010								useradd(8)
All times are GMT -4. The time now is 08:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy