Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Semi-operators using Root access all the time ?
Operating Systems AIX Semi-operators using Root access all the time ? Post 302296788 by Browser_ice on Wednesday 11th of March 2009 09:36:29 PM
Old 03-11-2009
PHP Semi-operators using Root access all the time ?
I am just curious about your opinion on something which I am against.

I work at the client location. Our office is very small (4 employees + 1 teamlead where 1 employee per 12hrs shifts) and we are responsible to process the reception of external files into the client's database via some tools. We work directly on the client's system. I would not call us operators as we really do not do operator work. We simply execute a few script to process those files, start a batch update process, do backups, do tapes shipping/receiving and a few reports. The criteria to be hired here is very little knowledge about Unix. In fact, you could be hired with no knowledge at all as all we do is day to day tasks listed in a checklist and binders.

But the thing is, the way it was set up here, is that all of us logon on to the system and then 80% of the time, switch to root to do our work. I find this very dangerous as you could very easily mess up the system. I am not an admin but I could be considered as the one with the most experience here and the one who is thinking more about security, bullet proofing and so on. The majority of the script written here were made by someone who has no knowledge about programming (just stuck a few commands in scripts to do the work without any validations at all and assuming everything will always work in the perfect conditions). I had done scripts in the past and I would not even call them scripts.

Following an initiative of mine, I have been given the responsability to automate/improve all of what we use. In my mind, I am thinking more about bullet proofing, reducing time and human errors. There are so many places where human errors can be very easily done and have happened too. The fact that we almost always use root access does not help at all.

So I am thinking of getting rid of root access and simply giving permissions to employee's id to do the work. As almost every scripts have been coded to assume root access is being used, some of the system access and DB will probably have to be looked at to see if permissions can be changed too.

What do you think ? Am I right in wanting to get rid of root access ?
 

10 More Discussions You Might Find Interesting

1. Linux

how to access root priveliges if root password is lost

wish to know how to access root password it root password is forgotten in linux (1 Reply)
Discussion started by: wojtyla
1 Replies

2. SCO

root access

We have SCO 5.0.5 and can't log into system as "root". The system indicates the password is incorrect. No one knows what happened. How can we resolve this issue.. Are there files we can restore from backup...? Any suggestions would be appreciated. Thank you.. (2 Replies)
Discussion started by: RBurer
2 Replies

3. UNIX for Dummies Questions & Answers

To What files root does not have access to??

Hi, I just wanted to know to what files root does not have access, not even read....I read that .profile for any user is the only file which root cannot access is it true..??...If we have to use passwords and ID's in a script can we use them in .profile and call them as parameters..??? ... (2 Replies)
Discussion started by: mgirinath
2 Replies

4. Shell Programming and Scripting

To What files root does not have access to??

Hi, I just wanted to know to what files root does not have access, not even read....I read that .profile for any user is the only file which root cannot access is it true..??...If we have to use passwords and ID's in a script can we use them in .profile and call them as parameters..??? ... (3 Replies)
Discussion started by: mgirinath
3 Replies

5. HP-UX

Creating a "semi" root user? Is it possible?

Hello All, I work as a system admin at a company of about 600 users on a HP-UX server. We have an IT department of about 15. My problem is that we give out the root password to the majority of them, they are phone support techs, as they need to get in to kill processes and setup users and... (4 Replies)
Discussion started by: Setan
4 Replies

6. AIX

root access

Hello I have a question. I have a box with Aix 5.3 but I want to disable root access direct from any terminal or console. I mean If I want to login to 10.10.10.10 login:root password ********* Root access is not permited Which file I have to edit. to the users first login with... (4 Replies)
Discussion started by: lo-lp-kl
4 Replies

7. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

8. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

9. SuSE

Auditors want more security with root to root access via ssh keys

I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner: 1) Remote root access is turned off in the sshd_config file. 2) I am the only user of this admin... (6 Replies)
Discussion started by: dvbell
6 Replies

10. Ubuntu

Root access that can't change root password?

We are having a little problem on a server. We want that some users should be able to do e.g. sudo and become root, but with the restriction that the user can't change root password. That is, a guarantee that we still can login to that server and become root no matter of what the other users will... (2 Replies)
Discussion started by: 244an
2 Replies

LEARN ABOUT MINIX

bsmconv

bsmconv(1M)						  System Administration Commands					       bsmconv(1M)

NAME

       bsmconv, bsmunconv - enable or disable the Basic Security Module (BSM) on Solaris

SYNOPSIS

       /etc/security/bsmconv [rootdir...]

       /etc/security/bsmunconv [rootdir...]

DESCRIPTION

       The  bsmconv  and  bsmunconv scripts are used to enable or disable the BSM features on a Solaris system. The optional argument rootdir is a
       list of one or more root directories of diskless clients that have already been configured. See smdiskless(1M).

       To enable or disable BSM on a diskless client, a server, or a stand-alone system, logon as super-user to the system being converted and use
       the bsmconv or bsmunconv commands without any options.

       To  enable or disable BSM on a diskless client from that client's server, logon to the server as super-user and use bsmconv, specifying the
       root directory of each diskless client you wish to affect. For example, the command:

       myhost# bsmconv /export/root/client1 /export/root/client2

       enables BSM on the two machines named client1 and client2. While the command:

       myhost# bsmconv

       enables BSM only on the machine called myhost. It is no longer necessary to enable BSM on both the server and its diskless clients.

       After running bsmconv the system can be configured by editing the files in /etc/security. Each diskless client has its own copy of configu-
       ration files in its root directory. You might want to edit these files before rebooting each client.

       Following  the  completion  of either script, the affected system(s) should be rebooted to allow the auditing subsystem to come up properly
       initialized.

FILES

       The following files are created by bsmconv:

       /etc/security/device_maps       Administrative file defining the mapping of device special files to allocatable device names.

       /etc/security/device_allocate   Administrative file defining parameters for device allocation.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsr			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       auditconfig(1M), auditd(1M), audit_startup(1M), audit.log(4), audit_control(4), attributes(5)

NOTES

       bsmconv and bsmunconv are not valid in a non-global zone.

SunOS 5.10							    26 May 2004 						       bsmconv(1M)
All times are GMT -4. The time now is 10:45 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy