08-25-2011
Quote:
Originally Posted by
naveedaix
Can you please tell what are real threats and security risks for assigning root UID 0 to more than 1 person? how can we convince system admin to remove such rights are use SU for super user tasks.
Thanks for your reply
1) auditing
2) very dangerous to be root all of the time
3) use su
4) use sudo - even better in some cases
5) use roles if available.
6) if you need a proof of concept create an account for me on your system with uid 0. I will show you in 2 seconds why it it bad.
This User Gave Thanks to frank_rizzo For This Post:
10 More Discussions You Might Find Interesting
1. AIX
Currently, I have about 7 servers and the uid for a given person is different on each server. I want to make the uid's the same for a given username on each server. I know how to change the uid via smit, but when I do the previous uid number shows up as the owner for the files of that username.... (4 Replies)
Discussion started by: mcateriny
4 Replies
2. UNIX for Dummies Questions & Answers
Is it possible given a uid to determine information about the person with the uid? An example would be simple information regarding what group and the name of the person associated with that uid. It seems there is probably an easy staring me in the face but i cant seem to find it... (3 Replies)
Discussion started by: dreaming1
3 Replies
3. AIX
Hello
I want to find out how I can make sure in AIX that the UIDs cannot be reused Until after 6 Months after the user has left.
Thanks,
Noori (4 Replies)
Discussion started by: noori
4 Replies
4. Shell Programming and Scripting
How do i go about getting the uid of the user and verify ?
if
then
echo "You are not a superuser, please login as a superuser"
exit1;
fi
the above code doesn't work. can some guru please help me.
1. how to get the uid of the user ? i know by typing id but how to... (7 Replies)
Discussion started by: filthymonk
7 Replies
5. Shell Programming and Scripting
Hi Guys,
I'd like to ask your advice on the following, I've written this script to terminate a given process by name:
#!/bin/bash
echo 'Please enter the process you wish to terminate'
read process
pid=$(pidof $process)
kill -9 $pid
echo $2
to make it safer I want it to reject the... (4 Replies)
Discussion started by: Lora Graham
4 Replies
6. Shell Programming and Scripting
i need a script to process a password file and based on the UIDs in the password file, generate the new UID that is 1 greater than the highest uid.
i have some script logic but i dont really understand it. any help?
#!/usr/bin/perl
##########################################
#... (3 Replies)
Discussion started by: livewire06
3 Replies
7. Shell Programming and Scripting
is tty command opens a process in the system if yes then why process got the userid????? (5 Replies)
Discussion started by: Mac91
5 Replies
8. UNIX for Dummies Questions & Answers
Hi folks!
I need you help to discover what's the impact of a duplicated UID in an operating system. What's the meaning when someone put in different users the same UID? (3 Replies)
Discussion started by: phcostabh
3 Replies
9. Solaris
Hi,
I want to change user id gefadm ,uid=0(root) gid=0(root) to uid=16649(isaadmin) gid=16284(dstage),
how can i change this uid ,gid one value to another value.
Please provide the steps how can i change , uid=0(root) gid=0(root) to uid=16649(isaadmin) gid=16284(dstage).
Thanks in advance for... (2 Replies)
Discussion started by: sridhardwh
2 Replies
10. Solaris
Hi All,
I have to give permission to one of the groups called as "ABC" as like the permissions of the group "UNIXADM".
Could you please some one help on this issue ? (3 Replies)
Discussion started by: ramareddi16
3 Replies
LEARN ABOUT LINUX
setresgid
SETRESUID(2) Linux Programmer's Manual SETRESUID(2)
NAME
setresuid, setresgid - set real, effective and saved user or group ID
SYNOPSIS
#define _GNU_SOURCE
#include <unistd.h>
int setresuid(uid_t ruid, uid_t euid, uid_t suid);
int setresgid(gid_t rgid, gid_t egid, gid_t sgid);
DESCRIPTION
setresuid() sets the real user ID, the effective user ID, and the saved set-user-ID of the calling process.
Unprivileged user processes may change the real UID, effective UID, and saved set-user-ID, each to one of: the current real UID, the cur-
rent effective UID or the current saved set-user-ID.
Privileged processes (on Linux, those having the CAP_SETUID capability) may set the real UID, effective UID, and saved set-user-ID to arbi-
trary values.
If one of the arguments equals -1, the corresponding value is not changed.
Regardless of what changes are made to the real UID, effective UID, and saved set-user-ID, the file system UID is always set to the same
value as the (possibly new) effective UID.
Completely analogously, setresgid() sets the real GID, effective GID, and saved set-group-ID of the calling process (and always modifies
the file system GID to be the same as the effective GID), with the same restrictions for unprivileged processes.
RETURN VALUE
On success, zero is returned. On error, -1 is returned, and errno is set appropriately.
ERRORS
EAGAIN uid does not match the current UID and this call would bring that user ID over its RLIMIT_NPROC resource limit.
EPERM The calling process is not privileged (did not have the CAP_SETUID capability) and tried to change the IDs to values that are not
permitted.
VERSIONS
These calls are available under Linux since Linux 2.1.44.
CONFORMING TO
These calls are nonstandard; they also appear on HP-UX and some of the BSDs.
NOTES
Under HP-UX and FreeBSD the prototype is found in <unistd.h>. Under Linux the prototype is provided by glibc since version 2.3.2.
SEE ALSO
getresuid(2), getuid(2), setfsgid(2), setfsuid(2), setreuid(2), setuid(2), capabilities(7), credentials(7), feature_test_macros(7)
COLOPHON
This page is part of release 3.27 of the Linux man-pages project. A description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.
Linux 2007-07-26 SETRESUID(2)