08-25-2011
Quote:
Originally Posted by
naveedaix
Can you please tell what are real threats and security risks for assigning root UID 0 to more than 1 person? how can we convince system admin to remove such rights are use SU for super user tasks.
Thanks for your reply
1) auditing
2) very dangerous to be root all of the time
3) use su
4) use sudo - even better in some cases
5) use roles if available.
6) if you need a proof of concept create an account for me on your system with uid 0. I will show you in 2 seconds why it it bad.
This User Gave Thanks to frank_rizzo For This Post:
10 More Discussions You Might Find Interesting
1. AIX
Currently, I have about 7 servers and the uid for a given person is different on each server. I want to make the uid's the same for a given username on each server. I know how to change the uid via smit, but when I do the previous uid number shows up as the owner for the files of that username.... (4 Replies)
Discussion started by: mcateriny
4 Replies
2. UNIX for Dummies Questions & Answers
Is it possible given a uid to determine information about the person with the uid? An example would be simple information regarding what group and the name of the person associated with that uid. It seems there is probably an easy staring me in the face but i cant seem to find it... (3 Replies)
Discussion started by: dreaming1
3 Replies
3. AIX
Hello
I want to find out how I can make sure in AIX that the UIDs cannot be reused Until after 6 Months after the user has left.
Thanks,
Noori (4 Replies)
Discussion started by: noori
4 Replies
4. Shell Programming and Scripting
How do i go about getting the uid of the user and verify ?
if
then
echo "You are not a superuser, please login as a superuser"
exit1;
fi
the above code doesn't work. can some guru please help me.
1. how to get the uid of the user ? i know by typing id but how to... (7 Replies)
Discussion started by: filthymonk
7 Replies
5. Shell Programming and Scripting
Hi Guys,
I'd like to ask your advice on the following, I've written this script to terminate a given process by name:
#!/bin/bash
echo 'Please enter the process you wish to terminate'
read process
pid=$(pidof $process)
kill -9 $pid
echo $2
to make it safer I want it to reject the... (4 Replies)
Discussion started by: Lora Graham
4 Replies
6. Shell Programming and Scripting
i need a script to process a password file and based on the UIDs in the password file, generate the new UID that is 1 greater than the highest uid.
i have some script logic but i dont really understand it. any help?
#!/usr/bin/perl
##########################################
#... (3 Replies)
Discussion started by: livewire06
3 Replies
7. Shell Programming and Scripting
is tty command opens a process in the system if yes then why process got the userid????? (5 Replies)
Discussion started by: Mac91
5 Replies
8. UNIX for Dummies Questions & Answers
Hi folks!
I need you help to discover what's the impact of a duplicated UID in an operating system. What's the meaning when someone put in different users the same UID? (3 Replies)
Discussion started by: phcostabh
3 Replies
9. Solaris
Hi,
I want to change user id gefadm ,uid=0(root) gid=0(root) to uid=16649(isaadmin) gid=16284(dstage),
how can i change this uid ,gid one value to another value.
Please provide the steps how can i change , uid=0(root) gid=0(root) to uid=16649(isaadmin) gid=16284(dstage).
Thanks in advance for... (2 Replies)
Discussion started by: sridhardwh
2 Replies
10. Solaris
Hi All,
I have to give permission to one of the groups called as "ABC" as like the permissions of the group "UNIXADM".
Could you please some one help on this issue ? (3 Replies)
Discussion started by: ramareddi16
3 Replies
LEARN ABOUT LINUX
user-session-keyring
USER-SESSION-KEYRING(7) Linux Programmer's Manual USER-SESSION-KEYRING(7)
NAME
user-session-keyring - per-user default session keyring
DESCRIPTION
The user session keyring is a keyring used to anchor keys on behalf of a user. Each UID the kernel deals with has its own user session
keyring that is shared by all processes with that UID. The user session keyring has a name (description) of the form _uid_ses.<UID> where
<UID> is the user ID of the corresponding user.
The user session keyring is associated with the record that the kernel maintains for the UID. It comes into existence upon the first
attempt to access either the user session keyring, the user-keyring(7), or the session-keyring(7). The keyring remains pinned in existence
so long as there are processes running with that real UID or files opened by those processes remain open. (The keyring can also be pinned
indefinitely by linking it into another keyring.)
The user session keyring is created on demand when a thread requests it or when a thread asks for its session-keyring(7) and that keyring
doesn't exist. In the latter case, a user session keyring will be created and, if the session keyring wasn't to be created, the user ses-
sion keyring will be set as the process's actual session keyring.
The user session keyring is searched by request_key(2) if the actual session keyring does not exist and is ignored otherwise.
A special serial number value, KEY_SPEC_USER_SESSION_KEYRING, is defined that can be used in lieu of the actual serial number of the call-
ing process's user session keyring.
From the keyctl(1) utility, '@us' can be used instead of a numeric key ID in much the same way.
User session keyrings are independent of clone(2), fork(2), vfork(2), execve(2), and _exit(2) excepting that the keyring is destroyed when
the UID record is destroyed when the last process pinning it exits.
If a user session keyring does not exist when it is accessed, it will be created.
Rather than relying on the user session keyring, it is strongly recommended--especially if the process is running as root--that a session-
keyring(7) be set explicitly, for example by pam_keyinit(8).
NOTES
The user session keyring was added to support situations where a process doesn't have a session keyring, perhaps because it was created via
a pathway that didn't involve PAM (e.g., perhaps it was a daemon started by inetd(8)). In such a scenario, the user session keyring acts
as a substitute for the session-keyring(7).
SEE ALSO
keyctl(1), keyctl(3), keyrings(7), persistent-keyring(7), process-keyring(7), session-keyring(7), thread-keyring(7), user-keyring(7)
Linux 2017-03-13 USER-SESSION-KEYRING(7)