Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Root admin info
Top Forums UNIX for Dummies Questions & Answers Root admin info Post 302159947 by deedaz on Saturday 19th of January 2008 11:13:45 AM
Old 01-19-2008
Root admin info
(Very New to UNIX- Solaris world)

I have my Solaris 10 system built, and can login using root.

This root user is a super type of admin user as I understand it.

1.My question is do UNIX admins usually use this account for all admin tasks or do they use another account similar to this account with the same privileges , if so how do you do this in basic terms.

Rgds

D
 

8 More Discussions You Might Find Interesting

1. OS X (Apple)

root/admin authorization and PackageMaker

I am building an installable package (.pkg) with PackageMaker 1.1.11 (that's the one that comes with Panther). The package is for installing things both to /Applications and to some folders in /Library (/Library/StartupItems and a new folder that I'm putting in /Library). I do (obviously) not... (4 Replies)
Discussion started by: ropers
4 Replies

2. UNIX for Dummies Questions & Answers

Admin info

I'm really a UNIX newbie. If someone can explain in detail, I would really appreciate it. Thanks in advance. In a UNIX box, how do I know if a user has Admin privileges? (3 Replies)
Discussion started by: boyzdynasty
3 Replies

3. UNIX for Dummies Questions & Answers

root/admin commands in LINUX

Hi I am working on LINUX shell scripting. I have root privileges and I know some basic root/admin commands like user creation, modification and so on. Till last week i was able to create users but now i am not able to create users or groups. When I give the command i got an error as ... (6 Replies)
Discussion started by: naina
6 Replies

4. UNIX for Advanced & Expert Users

How to find all the log files under the root directory -- Need Info

Hi I need to find all the log files under the root directory and delete them if necessary, if any one has a sample script who can share with me. Thanks (2 Replies)
Discussion started by: gkrishnag
2 Replies

5. Gentoo

help|how to rest my password admin(root)

i have gentoo and i dont know what is my password user admin(root) how i can to rest my passord? thanks. (2 Replies)
Discussion started by: turivnkl
2 Replies

6. What is on Your Mind?

Windows Admin switching to *nix Admin

I'm currently a Windows admin and have wanted to jump ship to the *nix side for a while now. I've been studying both through an lpic level 1 manual as I have time (focusing on debian), and a solaris 10 cert book. The problem is I only have a handful of hours a week to study, and my current job... (3 Replies)
Discussion started by: bobwilson
3 Replies

7. What is on Your Mind?

Regarding Admin life either as DBA or UNIX Linux admin

I am planning to choose my career as Unix/Linux Admin or a DBA. But I have come to know from forums and few admins like the job will be 24/7. I have few questions on that. Can we get "DAY" shifts in any one of the admin Job ? Can't we have shift timings in any company ? Eventhough the... (7 Replies)
Discussion started by: Jacktts
7 Replies

8. AIX

Change "root" to "root.admin" in outgoing e-mails

Our AIX servers send e-mails which have the "from" address set to "root@company.com" for our root user ("C{M}company.com" in /etc/sendmail.cf). The problem is that when bad e-mails are sent out or rejected by remote servers, they are being returned and delivered to e-mail box of "Mary Root". ... (2 Replies)
Discussion started by: kah00na
2 Replies

LEARN ABOUT OPENDARWIN

krb5_auth_rules

krb5_auth_rules(5)                                      Standards, Environments, and Macros                                     krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a  user  uses  kerberized  versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain  a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

         o  The user part of the authenticated principal name is the same as the target account name specified by the client.

         o  The realm part of the client and server are the same.

         o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even  if
       jdb  is  a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10                                                          13 Apr 2004                                                 krb5_auth_rules(5)
All times are GMT -4. The time now is 09:05 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy