10-28-2008
It's generally NOT possible to prevent root from seeing a local disk. You can, however, try to create a user-space filesystem which squashes root's access to it. I think cryptfs used to do this. The other possibility is using setfacl to achieve this effect. However, root can always call setfacl to remove whatever restrictions you add.
The long-term solution is to separate the root privilege into roles and have those roles separated through a judicious sudo configuration.
10 More Discussions You Might Find Interesting
1. IP Networking
i have one private network with one ip address, and i have a seperate network on a seperate ip address.
now, each network is behind a firewall/router. now what i want to do is be able to access one server on the second network from a computer on the first., but with the private ip address, (this... (2 Replies)
Discussion started by: norsk hedensk
2 Replies
2. Solaris
Hi everyone,
I'm looking to hire for private lessons a individual who is presently working as a unix system administrator or instructor in school who is teaching unix. I live in Clifton nj my nubmer is Cell **no phonenumbers on this forum** or email
**no emails on this forum** please let me... (1 Reply)
Discussion started by: john furman
1 Replies
3. IP Networking
Hi all,
Currently we are in the progress of setting up a private network on all of our Sun Solaris servers. Purpose is to move all backup tasks to the private, hence reduce load on public network.
Some of our servers only consists of 1 network card but with several ports. Shall we purchase... (10 Replies)
Discussion started by: *Jess*
10 Replies
4. Shell Programming and Scripting
How might I write a shell script that queries a user for information that is sensitive (say a password)-- and does something like:
Password? ******** <---- the user's entered information
or
Password? <---- the user's entered information
... (0 Replies)
Discussion started by: Prodiga1
0 Replies
5. Solaris
I have a Oracle dbase running in a Solaris 10 cluster and have two private interconnects that are being used for communication. Is there any way to connect these two interconnects together using IPMP for redundancy? I've made several attempts with no luck so far and was wondering if anyone had... (17 Replies)
Discussion started by: goose25
17 Replies
6. OS X (Apple)
Hello, whilst editing sudoers at 07:24 this morning via visudo I noticed that there are two files which get changed simultaneously as shown below. Then in fact what I noticed is that /private/etc contains exactly what /etc contains.
Why is this? What is the difference between these two... (2 Replies)
Discussion started by: michellepace
2 Replies
7. Windows & DOS: Issues & Discussions
Hello,
I have a desktop which has two network cards installed on it and I connected these two card through a hub.
On the desktop in have installed a Windows Vista Home Edition SO and a Windowx XP SO in a virtual way. I also had intalled a Virtual BOX software and Windows XP run through it.
By... (1 Reply)
Discussion started by: zendcool
1 Replies
8. Shell Programming and Scripting
I have two types of files
pubring.pkr
secring.skr
secring.skr is encrypted and not able to read.
How can i read secring.skr in text format after decrypting ?
is there any way of decrypting this file?
Unix HP - UX Version. (4 Replies)
Discussion started by: airesh
4 Replies
9. Post Here to Contact Site Administrators and Moderators
Hi,
As i am recieving private messages, i am unable to reply to them. Could you please enable my private messages.
Thanks! (2 Replies)
Discussion started by: Amulya
2 Replies
10. What is on Your Mind?
Well I have just noticed over the years that I have PMs that I have not seen or even known about.
Apologies if any of you have not had any replies to your PMs. It is too late now as some go back to my early days on here.
The notification that comes up currently has notified me of a couple... (10 Replies)
Discussion started by: wisecracker
10 Replies
LEARN ABOUT FREEBSD
roles
roles(1) User Commands roles(1)
NAME
roles - print roles granted to a user
SYNOPSIS
roles [ user ...]
DESCRIPTION
The command roles prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special
accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).
Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in passwd(4)
and shadow(4). Each role must have an entry in the user_attr(4) file that identifies it as a role. Roles can have their own authorizations
and profiles. See auths(1) and profiles(1).
Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him-- or herself and assume the role. The
actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the
original user who assumed the role.
A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see prof_attr(4)) are hierarchical
and can be used to achieve the same effect as hierarchical roles.
Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).
Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable. Successful assumption
requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4).
EXAMPLES
Example 1: Sample output
The output of the roles command has the following form:
example% roles tester01 tester02
tester01 : admin
tester02 : secadmin, root
example%
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
/etc/user_attr
/etc/security/auth_attr
/etc/security/prof_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauusernam(3BSM), auth_attr(4), passwd(4), prof_attr(4), shadow(4), user_attr(4),
attributes(5)
SunOS 5.10 14 Feb 2001 roles(1)