08-13-2012
Quote:
Originally Posted by
johnavery50
I would like create duplicate root equivalent account with all the privileges equal to root.
The trend is the opposite, i.e. removing root as an account as its presence causes security and auditing issues.
On Solaris, you can set root as a role (that's the default starting with Solaris 11) and then grant this role to the users who require it.
Alternatively (or in parallel), you can also use sudo.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello
im using sun Solaris, I need to get the user id number (generating unique id's)
but I fail to find switch to get only the number of the id
thanks for the help (5 Replies)
Discussion started by: umen
5 Replies
2. Solaris
Hello (sorry for the cross posting )
im using sun Solaris, I need to get the user id number (generating unique id's)
but I fail to find switch to get only the number of the id
when i try to do id -u , i got:
id: illegal option -- u
Usage: id
thanks for the help (2 Replies)
Discussion started by: umen
2 Replies
3. UNIX for Advanced & Expert Users
Hi,
I have a program with the following suid setup
-rwsr-sr-x 1 root other 653 Aug 16 17:00 restart_server
It basically starts up a service that has to be started by root. I just want the normal users to be able to restart the service using the script above.
But when the... (7 Replies)
Discussion started by: 0ktalmagik
7 Replies
4. UNIX for Dummies Questions & Answers
Hello,
Can someone give me some recommendations on how to protect this account? I understand that this account is an "operator" account and has root access.
Thanks in advance (5 Replies)
Discussion started by: susie2345
5 Replies
5. AIX
Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in.
I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies
6. Linux
Hi Techs,
Please guide me the answer with the explanation.
Q1) What is the uid of an individual account which can access ftp/http?
Thanks in advance to all. (3 Replies)
Discussion started by: ajazshariff
3 Replies
7. Solaris
HI i am trying to give su access to some users say X Y and Z to a account AB . I am able to give them su access to root with the help of sudoers file but i want to give them password less access to AB account which i am not able to do .
I want to this
when user X fires "su - AB" he is not... (9 Replies)
Discussion started by: rishiraaz
9 Replies
8. AIX
Hi all
I have a strange problem on one my my AIX machines. We have created a user called testroot with the same UID as root (uid=0) by changing the uid of that user in the /etc/passwd file. I know that this is a security breach but this is a test system.
Now the strange thing that happens is that... (3 Replies)
Discussion started by: abohmeed
3 Replies
9. Shell Programming and Scripting
I need to list users in /etc/passwd with root's GID or UID or /root as home directory
If we have these entries in /etc/passwd
root:x:0:0:root:/root:/bin/bash
rootgooduser1:x:100:100::/home/gooduser1:/bin/bash
baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies
10. Post Here to Contact Site Administrators and Moderators
Hi,
Can anyone suggest me for the below steps.
Here the index files is nothing but a text file and In index file there are n number of pdf files.
Step 0 check out if this is for A(index file) or B(index file)
1. Read the first line of the original index file
2. Read the 9th character... (1 Reply)
Discussion started by: pavand
1 Replies
LEARN ABOUT FREEBSD
pam_ksu
PAM_KSU(8) BSD System Manager's Manual PAM_KSU(8)
NAME
pam_ksu -- Kerberos 5 SU PAM module
SYNOPSIS
[service-name] module-type control-flag pam_ksu [options]
DESCRIPTION
The Kerberos 5 SU authentication service module for PAM, pam_ksu for only one PAM category: authentication. In terms of the module-type
parameter, this is the ``auth'' feature. The module is specifically designed to be used with the su(1) utility.
Kerberos 5 SU Authentication Module
The Kerberos 5 SU authentication component provides functions to verify the identity of a user (pam_sm_authenticate()), and determine whether
or not the user is authorized to obtain the privileges of the target account. If the target account is ``root'', then the Kerberos 5 princi-
pal used for authentication and authorization will be the ``root'' instance of the current user, e.g. ``user/root@REAL.M''. Otherwise, the
principal will simply be the current user's default principal, e.g. ``user@REAL.M''.
The user is prompted for a password if necessary. Authorization is performed by comparing the Kerberos 5 principal with those listed in the
.k5login file in the target account's home directory (e.g. /root/.k5login for root).
The following options may be passed to the authentication module:
debug syslog(3) debugging information at LOG_DEBUG level.
use_first_pass If the authentication module is not the first in the stack, and a previous module obtained the user's password, that password
is used to authenticate the user. If this fails, the authentication module returns failure without prompting the user for a
password. This option has no effect if the authentication module is the first in the stack, or if no previous modules
obtained the user's password.
try_first_pass This option is similar to the use_first_pass option, except that if the previously obtained password fails, the user is
prompted for another password.
SEE ALSO
su(1), syslog(3), pam.conf(5), pam(8)
BSD
May 15, 2002 BSD