|
|
Sponsored Content
Operating Systems
Solaris
Security of root access
Post 302174436 by falcon16 on Tuesday 11th of March 2008 06:34:16 AM
03-11-2008
|
|
10 More Discussions You Might Find Interesting
1. Linux
wish to know how to access root password it root password is forgotten in linux (1 Reply)
Discussion started by: wojtyla
1 Replies
2. SCO
We have SCO 5.0.5 and can't log into system as "root". The system indicates the password is incorrect. No one knows what happened.
How can we resolve this issue.. Are there files we can restore from backup...?
Any suggestions would be appreciated.
Thank you.. (2 Replies)
Discussion started by: RBurer
2 Replies
3. UNIX for Dummies Questions & Answers
Solaris 8 OS
I believe root access is being logged by my server but I only see it being written to the terminal. I want to know if there is a log file and how to not just log root access but if I can also log the IP address from which it is coming?
Thanks in advance. (1 Reply)
Discussion started by: dsbeck
1 Replies
4. UNIX for Advanced & Expert Users
I'm the admin in a shop in which my developers have and use the root account, all UNIX newbies.
I've been unable to convince management myself that this is an unacceptable practice.
I've looked in a couple books I have and can't find any chapters, discussions, etc that make the argument that... (2 Replies)
Discussion started by: keith.m
2 Replies
5. AIX
Hello
I have a question.
I have a box with Aix 5.3 but I want to disable root access direct from any terminal or console. I mean If I want to login to 10.10.10.10
login:root
password *********
Root access is not permited
Which file I have to edit. to the users first login with... (4 Replies)
Discussion started by: lo-lp-kl
4 Replies
6. SuSE
Guys
i have 2 SUSE Linux Enterprise Server 10 SP1 (i586) boxes.if i take a look into /etc/security/access.conf ,i see following lines at the eof
# All other users should be denied to get access from all sources.
#- : ALL : ALL
- : myID : ALL
now earlier i had written scripts where files... (1 Reply)
Discussion started by: ak835
1 Replies
7. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
8. Shell Programming and Scripting
Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal.
I want to give some users a root level access.
Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way
Regards
ADI (4 Replies)
Discussion started by: adisky123
4 Replies
9. SuSE
I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner:
1) Remote root access is turned off in the sshd_config file.
2) I am the only user of this admin... (6 Replies)
Discussion started by: dvbell
6 Replies
10. Ubuntu
We are having a little problem on a server. We want that some users should be able to do e.g. sudo and become root, but with the restriction that the user can't change root password. That is, a guarantee that we still can login to that server and become root no matter of what the other users will... (2 Replies)
Discussion started by: 244an
2 Replies
LEARN ABOUT LINUX
device_allocate
device_allocate(4) File Formats device_allocate(4) NAME
device_allocate - device_allocate file SYNOPSIS
/etc/security/device_allocate DESCRIPTION
The device_allocate file contains mandatory access control information about each physical device. Each device is represented by a one line entry of the form: device-name;device-type;reserved;reserved;auths;device-exec where device-name This is an arbitrary ASCII string naming the physical device. This field contains no embedded white space or non- printable characters. device-type This is an arbitrary ASCII string naming the generic device type. This field identifies and groups together devices of like type. This field contains no embedded white space or non-printable characters. reserved This field is reserved for future use. reserved This field is reserved for future use. auths This field contains a comma-separated list of authorizations required to allocate the device, or asterisk (*) to indicate that the device is not allocatable, or an '@' symbol to indicate that no explicit authorization is needed to allocate the device. The default authorization is solaris.device.allocate. See auths(1) device-exec This is the physical device's data purge program to be run any time the device is acted on by allocate(1). This is to ensure that all usable data is purged from the physical device before it is reused. This field contains the filename of a program in /etc/security/lib or the full pathname of a cleanup script provided by the system adminis- trator. The device_allocate file is an ASCII file that resides in the /etc/security directory. Lines in device_allocate can end with a `' to continue an entry on the next line. Comments may also be included. A `#' makes a comment of all further text until the next NEWLINE not immediately preceded by a `'. White space is allowed in any field. The device_allocate file must be created by the system administrator before device allocation is enabled. The device_allocate file is owned by root, with a group of sys, and a mode of 0644. EXAMPLES
Example 1: Declaring an allocatable device Declare that physical device st0 is a type st. st is allocatable, and the script used to clean the device after running deallocate(1) is named /etc/security/lib/st_clean. # scsi tape st0; st; reserved; reserved; solaris.device.allocate; /etc/security/lib/st_clean Example 2: Declaring an allocatable device with authorizations Declare that physical device fd0 is of type fd. fd is allocatable by users with the solaris.device.allocate authorization, and the script used to clean the device after running deallocate(1) is named /etc/security/lib/fd_clean. # floppy drive fd0; fd; reserved; reserved; solaris.device.allocate; /etc/security/lib/fd_clean Notice that making a device allocatable means that you need to allocate and deallocate it to use it (with allocate(1) and deallocate(1)). If a device is not allocatable, there will be an asterisk (*) in the auths field, and no one can use the device. FILES
/etc/security/device_allocate Contains list of allocatable devices SEE ALSO
auths(1), allocate(1), bsmconv(1M), deallocate(1), list_devices(1), auth_attr(4) NOTES
The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. SunOS 5.10 17 Mar 2003 device_allocate(4)