|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
Restricting Usage of Setuid Programs to the Admin User In MacOsx
Post 302623815 by neutronscott on Saturday 14th of April 2012 05:22:33 PM
04-14-2012
|
|
10 More Discussions You Might Find Interesting
1. OS X (Apple)
Hello, Do you guys know how does the root user works in this system?
from the terminal i try to su to root, and i thought the password was the same as the macosx password, at the /etc/passwd file the passwd field appears as *, so it's system bussines only, is there a way to become root? i... (6 Replies)
Discussion started by: sx3v1l_1n51de
6 Replies
2. UNIX for Advanced & Expert Users
This may be a dumb question, but I've been wondering why programs such as ping and traceroute must be setuid? Are there some restrictions which prevent normal users from accessing the world via sockets?
$ pwd
/bin
$ ls -l ping traceroute
-rwsr-xr-x 1 root root 35616 Apr 7 2005 ping... (1 Reply)
Discussion started by: nathan
1 Replies
3. Shell Programming and Scripting
Hi,
I want the user to enter only numeric values and also he should only enter
2 digits only ( eg 23 or 23 or 03 any 2 digits)
For the above purpose how should i declare my variable ?
integer value
if I read 03 in variable value then it gives me error ...also user can enter n number... (4 Replies)
Discussion started by: dhananjayk
4 Replies
4. UNIX for Dummies Questions & Answers
Hi,
Im working for a company that has over 400+ unix/solaris boxes.
Obviously when we get a new unix guy join the company, its take us AGES to set them up on all these boxes.
Can people recommend any programs/packages that can be added to our unix/solaris boxes to make this easier?
... (2 Replies)
Discussion started by: JamieP
2 Replies
5. UNIX for Dummies Questions & Answers
Hello,
For one of our servers, we have had people trying to illegally loggon using the ssh service.
My manager has asked me to restrict ssh access to users in our internal network but close ssh access to the "outside" world.
Could someone at the very least point me to some resources on the... (7 Replies)
Discussion started by: mojoman
7 Replies
6. Solaris
Hi
I am trying to automate the install of a package, I realise that I need to create an admin file, but as part of the install I am asked if I want to install these as setuid/setgid files, I want to say yes.
What value am I supposed to use for setuid= in the admin file
Thanks (1 Reply)
Discussion started by: eeisken
1 Replies
7. Shell Programming and Scripting
Hi,
I need to work on restricting the Linux commands to the ADMIN user to some extent. It means for example, Admin users should not use passwd command to change the password of "root" or other important accounts like oracle, etc.,
So, I want to know which commands should be restricted upto which... (5 Replies)
Discussion started by: Dpu
5 Replies
8. UNIX for Dummies Questions & Answers
Hey guys,
Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries.
However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
Discussion started by: syncmaster
2 Replies
9. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
10. Shell Programming and Scripting
I'm trying - as an ordinary user - to create a file in the root directory of my system. For that purpose I wrote a simple script that echoes a string into a file. I made the file executable, used sudo to change ownership to root. Like this:
$ cat hello
#!/bin/bash
echo hello > /hello
$... (5 Replies)
Discussion started by: Ralph
5 Replies
LEARN ABOUT LINUX
sudo_root
sudo_root(8) System Manager's Manual sudo_root(8) NAME
sudo_root - How to run administrative commands SYNOPSIS
sudo command sudo -i INTRODUCTION
By default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead, the installer will set up sudo to allow the user that is created during install to run all administrative commands. This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use a graphical sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed. To run a command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use sudo -i. ALLOWING OTHER USERS TO RUN SUDO
By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo, you have to add these users to the group 'admin' by doing one of the following steps: * In a shell, do sudo adduser username admin * Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group. BENEFITS OF USING SUDO
The benefits of leaving root disabled by default include the following: * Users do not have to remember an extra password, which they are likely to forget. * The installer is able to ask fewer questions. * It avoids the "I can do anything" interactive login by default - you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing. * Sudo adds a log entry of the command(s) run (in /var/log/auth.log). * Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do not know is what the usernames of your other users are. * Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not compromising the root account. * sudo can be set up with a much more fine-grained security policy. * On systems with more than one administrator using sudo avoids sharing a password amongst them. DOWNSIDES OF USING SUDO
Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted: * Redirecting the output of commands run with sudo can be confusing at first. For instance consider sudo ls > /root/somefile will not work since it is the shell that tries to write to that file. You can use ls | sudo tee /root/somefile to get the behaviour you want. * In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to leave the system unusable. An extra local user, or an enabled root password is needed here. GOING BACK TO A TRADITIONAL ROOT ACCOUNT
This is not recommended! To enable the root account (i.e. set a password) use: sudo passwd root Afterwards, edit the sudo configuration with sudo visudo and comment out the line %admin ALL=(ALL) ALL to disable sudo access to members of the admin group. SEE ALSO
sudo(8), https://wiki.ubuntu.com/RootSudo February 8, 2006 sudo_root(8)