Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to prevent local root from su to an NIS user?
Top Forums UNIX for Advanced & Expert Users How to prevent local root from su to an NIS user? Post 302155547 by ramen_noodle on Friday 4th of January 2008 12:55:20 PM
Old 01-04-2008
No, it's an artifact of your deployment. I'm assuming NIS & NFS. The developers don't need to add local uids for them to su if the pertinent filesystems and credentials are available. I can think (quickly) of only one way to deal with the issue and that is by implementing netgroups (man -k netgroup).

Developers having local root access is an insupportable security practice imho. Perhaps a well designed sudo implementation is in order.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Prevent root login directly

Hi How can I prevent anyone from logging in as root directly? I have added the line console=/dev/null to the file /etc/default/login I was still able to login as root from the console. Please advice. Thanks Srini (4 Replies)
Discussion started by: skotapal
4 Replies

2. UNIX for Dummies Questions & Answers

How to prevent root users from editing files (logs)

How to prevent root users from editing files (logs)? Is there any way? (4 Replies)
Discussion started by: vehchi
4 Replies

3. Solaris

Prevent users logging in as root

I would like to know how to prevent users connecting to a server using SSH as root. I would still like them to be able to login with their username and then change to su. But I would like to prevent them logging in directly as root. I have searched the forum and read that I should set... (3 Replies)
Discussion started by: Sepia
3 Replies

4. Red Hat

NIS disabling the MAP for a local user

Hello everybody, we have a NIS User lsfadmin which gets his environment variables from the autmount /home/lsfadmin. A newer version of the application needs a different environment to launch the application. I can't change the environment of the NIS User because we use NIS company wide for... (0 Replies)
Discussion started by: sdohn
0 Replies

5. Shell Programming and Scripting

switch user from local user to root in perl

Hi Gurus, I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password. It seems that i need to use expect module here, but i don't know how to create the object for this. ... (1 Reply)
Discussion started by: linuxgeek
1 Replies

6. UNIX for Advanced & Expert Users

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies

7. UNIX for Dummies Questions & Answers

NIS user in local group

I have root access on a linux (RH5.4) server within an NIS setup that I don't control. I have an NIS account that creates directories on my local node that I want to be writable by my local apache account. The NIS account is only a member of the "users" group and the local apache account is... (1 Reply)
Discussion started by: clindseysmith
1 Replies

8. UNIX for Dummies Questions & Answers

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies

9. Red Hat

How to check local accounts have root and user access rights ?

Hi, I have three servers,For 3 servers how i can take output,all the local accounts and details of whether the access is Root or User access. cheers (1 Reply)
Discussion started by: ranjithm
1 Replies

10. Shell Programming and Scripting

How to Switch from Local user to root user from a shell script?

Hi, I need to switch from local user to root user in a shell script. I need to make it automated so that it doesn't prompt for the root password. I heard the su command will do that work but it prompt for the password. and also can someone tell me whether su command spawns a new shell or... (1 Reply)
Discussion started by: Little
1 Replies

LEARN ABOUT DEBIAN

netgroup

netgroup(5)						      Linux Reference Manual						       netgroup(5)

NAME

       netgroup - specify network groups

DESCRIPTION

       The  netgroup  file   defines  "netgroups",  which  are sets of (host, user, domain) tuples, used for permission checking when doing remote
       mounts, remote logins and remote shells.

       Each line in the file consists of a netgroup name followed by a by a list of members, where a member is either another netgroup name, or  a
       triple:

	      (host, user, domain)

       where  the  host,  user,  and domain are character strings for the corresponding components. Any of the three fields can be empty, in which
       case it specifies a "wildcard", or may consist of the string "-" to specify "no valid value". The domain field must  either  be	the  local
       domain name or empty for the netgroup entry to be used. This field does not limit the netgroup or provide security. The domain field refers
       to the domain in which the triple is valid, not the domain containing the the trusted host.

       A gateway machine should be listed under all possible hostnames by which it may be recognized:

	      gateway (server,,) (server-sn,,) (server-bb,,)

       The getnetgrent functions should normally be used to access the netgroup database.

FILES

       /etc/netgroup

SEE ALSO

       getnetgrent(3), exports(5), makedbm(8), ypserv(8)

WARNINGS

       The triple (,,domain) allows all users and machines trusted access, and has the same effect as the triple  (,,).  Use  the  host  and  user
       fields of the triple to restrict the access correctly to a specific set of members.

BUGS

       The Linux libc5 does not query the /etc/netgroup file directly, it only querys the NIS server for the groups. So the netgroup database must
       be stored in the form of a hashed dbm database just like the passwd(5) and group(5) databases.

       This manpage mentions getnetgrent(3), but it seems that manpage hasn't been written yet. Since getnetgrent() is part of GNU libc  it  might
       also be that it is documented in info format.

AUTHOR

       Thorsten Kukuk <kukuk@suse.de>

NIS
								     May 1999							       netgroup(5)
All times are GMT -4. The time now is 02:38 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy