01-17-2013
From experience of this situation i would in every case advise to create a command alias for a user to only use sudo for those specific commands and add each command as necessary (obviously dont add commands like su,sh,bash,ksh,visudo,passwd). Much better to have a secure server than give full access to a user and firefight in response to his attempts at gaining root.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
After Configuring a brand new netraT1, It appears, the only way you can log in as root is throught the Serial Port (console). I believe there is a file in /etc which can be edited to allow root to access login via other methods
eg: telnet, ssh, etc.
My Question:
Which file contains... (2 Replies)
Discussion started by: SmartJuniorUnix
2 Replies
2. Shell Programming and Scripting
I am writing a script that has some tasks that must be run as root, then set of tasks to be run as normal user, then again as root.
is there a way to switch between users in a script?
any other alternatives?
thx (3 Replies)
Discussion started by: melanie_pfefer
3 Replies
3. Shell Programming and Scripting
Good day Guys!!!
I am currently making a script in AIX, the script runs a SAS job, the owner of the script is the root, but the SAS jobs cannot be run by the root, as it should be run by a user 'sasia'. But inside the script, root creates a logfile, so what I need is just to su to sasia for the... (3 Replies)
Discussion started by: sasia
3 Replies
4. Solaris
I couldnt find this in any other post - so hoping someone can help out.
I want to set password expiry (or rather I have to) for a number of users on my solaris 9 system. I know i can set the following options in the /etc/default/passwd file to do it and then just type a passwd -f <username> to... (6 Replies)
Discussion started by: frustrated1
6 Replies
5. UNIX for Dummies Questions & Answers
I am able to disable direct root login through telnet. But when I add the rlogin = false into the /etc/security/user file. I am unable to log in as root from ssh. I uncommented the "PermitRootLogin yes" in the sshd_config file. Still can't log in. Can anyone help? (0 Replies)
Discussion started by: james0125
0 Replies
6. Linux
Hi Guys....
I am a newbie to unix. I have a requirement. I have a server. I have to configure ssh to disable direct root login and then add a user with sudo access to this server.Then change the ssh port to 22315 and the server should permit the ssh only from my local machine ip.I also have to... (1 Reply)
Discussion started by: mahesh_raghu
1 Replies
7. UNIX for Dummies Questions & Answers
I have already disabled root login over the ssh by modifying /etc/ssh/sshd_config.
But how would i disable root login on a server itself.
We have implemented LDAP in our environment and our security guide states that root login must be obtained by first logging into the host using his/her own... (2 Replies)
Discussion started by: pinga123
2 Replies
8. Red Hat
Hi all Expertise,
I have following issue to solve,
SSL / TLS Renegotiation DoS (low) 222.225.12.13
Ease of Exploitation Moderate
Port 443/tcp
Family Miscellaneous
Following is the problem description:------------------
Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies
9. AIX
I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account
I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies
10. UNIX for Dummies Questions & Answers
Whenever i switch from root to another user, by doing su - user, it takes me to home directory of user. This is very annoying as i want to be in same dir to run different commands as root sometimes and sometimes as normal user.
How to fix this? (1 Reply)
Discussion started by: syncmaster
1 Replies
LEARN ABOUT DEBIAN
eurephiadm-adminaccess
eurephiadm adminaccess(7) eurephiadm adminaccess(7)
NAME
eurephiadm-adminaccess - Access control for eurephia administration features
DESCRIPTION
The eurephiadm adminaccess is used to grant eurephia users access to the different administration modules in eurephia.
Available modes for the adminaccess command are:
-G | --grant
Grant a specific access level to a user
-R | --revoke
Revoke access levels
-l | --list
List all granted accesses
-h | --help <mode> Help about a specific mode
LIST MODE
The list mode will show the granted user access levels
-i | --uid
User account ID
-u | --username
User name
-I | --interface
Which interfaces to show (default "C")
-a | --access-level Which access level to show
GRANT MODE
The grant mode will grant a user access to a specified access level.
-i | --uid
User account ID
-I | --interface
Grant access through which interface (default "C")
-a | --access-level Which access level to grant access to
REVOKE MODE
The revoke mode will remove an access from the desired user accounts.
-i | --uid
User account ID
-I | --interface
Revoke access from interface (default "C")
-a | --access-level Which access level to revoke access from
ACCESS LEVELS
attempts
This access level grants access to the eurephiadm attempts command. The attempts command can list, reset or delete login attempts
records in the database.
blacklist
This is similar to the attempts access. It provides access to the eurphiadm blacklist command, where you can list, add or delete
blacklisted usernames, certificate digests or IP addresses.
certadmin
This level is needed to use the eurephiadm certs command. This commands provides you access to list, add or delete certificate
information which the eurephia plug-in will use during the authentication process.
config This level grants access to the eurephiadm config and eurephiadm show-config commands. The latter command will list out both the
eurephiadm config file and all configuration parameters in the database. The config command is used to set or delete configuration
parameters in the database.
fwprofiles
This access level is needed to list, add or delete firewall profiles eurephia which may use.
useradmin
This provides access to the eurephiadm users and eurephiadm usercerts commands, which is used to create or delete user accounts and
link the user accounts together with a certificate and a firewall access profile.
SEE ALSO
eurephiadm(7)
AUTHOR
Copyright (C) 2008-2010 David Sommerseth <dazo@users.sourceforge.net>
David Sommerseth July 2010 eurephiadm adminaccess(7)