Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: More than 1 UID 0
Operating Systems AIX More than 1 UID 0 Post 302550436 by frank_rizzo on Thursday 25th of August 2011 09:11:49 PM
Old 08-25-2011
Quote:
Originally Posted by naveedaix
Can you please tell what are real threats and security risks for assigning root UID 0 to more than 1 person? how can we convince system admin to remove such rights are use SU for super user tasks.

Thanks for your reply
1) auditing
2) very dangerous to be root all of the time
3) use su
4) use sudo - even better in some cases
5) use roles if available.
6) if you need a proof of concept create an account for me on your system with uid 0. I will show you in 2 seconds why it it bad. Smilie
This User Gave Thanks to frank_rizzo For This Post:
kah00na
 

10 More Discussions You Might Find Interesting

1. AIX

UID Change

Currently, I have about 7 servers and the uid for a given person is different on each server. I want to make the uid's the same for a given username on each server. I know how to change the uid via smit, but when I do the previous uid number shows up as the owner for the files of that username.... (4 Replies)
Discussion started by: mcateriny
4 Replies

2. UNIX for Dummies Questions & Answers

Reversing UID's

Is it possible given a uid to determine information about the person with the uid? An example would be simple information regarding what group and the name of the person associated with that uid. It seems there is probably an easy staring me in the face but i cant seem to find it... (3 Replies)
Discussion started by: dreaming1
3 Replies

3. AIX

UID not to be reused

Hello I want to find out how I can make sure in AIX that the UIDs cannot be reused Until after 6 Months after the user has left. Thanks, Noori (4 Replies)
Discussion started by: noori
4 Replies

4. Shell Programming and Scripting

checking uid

How do i go about getting the uid of the user and verify ? if then echo "You are not a superuser, please login as a superuser" exit1; fi the above code doesn't work. can some guru please help me. 1. how to get the uid of the user ? i know by typing id but how to... (7 Replies)
Discussion started by: filthymonk
7 Replies

5. Shell Programming and Scripting

Shall I go for uid or ppid?

Hi Guys, I'd like to ask your advice on the following, I've written this script to terminate a given process by name: #!/bin/bash echo 'Please enter the process you wish to terminate' read process pid=$(pidof $process) kill -9 $pid echo $2 to make it safer I want it to reject the... (4 Replies)
Discussion started by: Lora Graham
4 Replies

6. Shell Programming and Scripting

uid script help

i need a script to process a password file and based on the UIDs in the password file, generate the new UID that is 1 greater than the highest uid. i have some script logic but i dont really understand it. any help? #!/usr/bin/perl ########################################## #... (3 Replies)
Discussion started by: livewire06
3 Replies

7. Shell Programming and Scripting

UId

is tty command opens a process in the system if yes then why process got the userid????? (5 Replies)
Discussion started by: Mac91
5 Replies

8. UNIX for Dummies Questions & Answers

Duplicated UID

Hi folks! I need you help to discover what's the impact of a duplicated UID in an operating system. What's the meaning when someone put in different users the same UID? (3 Replies)
Discussion started by: phcostabh
3 Replies

9. Solaris

Changing uid value

Hi, I want to change user id gefadm ,uid=0(root) gid=0(root) to uid=16649(isaadmin) gid=16284(dstage), how can i change this uid ,gid one value to another value. Please provide the steps how can i change , uid=0(root) gid=0(root) to uid=16649(isaadmin) gid=16284(dstage). Thanks in advance for... (2 Replies)
Discussion started by: sridhardwh
2 Replies

10. Solaris

UID Admin

Hi All, I have to give permission to one of the groups called as "ABC" as like the permissions of the group "UNIXADM". Could you please some one help on this issue ? (3 Replies)
Discussion started by: ramareddi16
3 Replies

LEARN ABOUT LINUX

user-session-keyring

USER-SESSION-KEYRING(7) 				     Linux Programmer's Manual					   USER-SESSION-KEYRING(7)

NAME

       user-session-keyring - per-user default session keyring

DESCRIPTION

       The  user  session  keyring  is a keyring used to anchor keys on behalf of a user.  Each UID the kernel deals with has its own user session
       keyring that is shared by all processes with that UID.  The user session keyring has a name (description) of the form _uid_ses.<UID>  where
       <UID> is the user ID of the corresponding user.

       The  user  session  keyring  is	associated  with the record that the kernel maintains for the UID.  It comes into existence upon the first
       attempt to access either the user session keyring, the user-keyring(7), or the session-keyring(7).  The keyring remains pinned in existence
       so  long as there are processes running with that real UID or files opened by those processes remain open.  (The keyring can also be pinned
       indefinitely by linking it into another keyring.)

       The user session keyring is created on demand when a thread requests it or when a thread asks for its session-keyring(7) and  that  keyring
       doesn't	exist.	In the latter case, a user session keyring will be created and, if the session keyring wasn't to be created, the user ses-
       sion keyring will be set as the process's actual session keyring.

       The user session keyring is searched by request_key(2) if the actual session keyring does not exist and is ignored otherwise.

       A special serial number value, KEY_SPEC_USER_SESSION_KEYRING, is defined that can be used in lieu of the actual serial number of the  call-
       ing process's user session keyring.

       From the keyctl(1) utility, '@us' can be used instead of a numeric key ID in much the same way.

       User  session keyrings are independent of clone(2), fork(2), vfork(2), execve(2), and _exit(2) excepting that the keyring is destroyed when
       the UID record is destroyed when the last process pinning it exits.

       If a user session keyring does not exist when it is accessed, it will be created.

       Rather than relying on the user session keyring, it is strongly recommended--especially if the process is running as root--that a  session-
       keyring(7) be set explicitly, for example by pam_keyinit(8).

NOTES

       The user session keyring was added to support situations where a process doesn't have a session keyring, perhaps because it was created via
       a pathway that didn't involve PAM (e.g., perhaps it was a daemon started by inetd(8)).  In such a scenario, the user session  keyring  acts
       as a substitute for the session-keyring(7).

SEE ALSO

       keyctl(1), keyctl(3), keyrings(7), persistent-keyring(7), process-keyring(7), session-keyring(7), thread-keyring(7), user-keyring(7)

Linux								    2017-03-13						   USER-SESSION-KEYRING(7)
All times are GMT -4. The time now is 07:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy