03-24-2013
You should not have more users with UID anything. This is a red flag in any security audit/control. This is 2013 - no excuses.
FYI: the commands lookup username based on userid - the number, not the name - and the first one found, whether it comes from files, ldap, nis, etc. will be the name a command lists. Only way around this would be to replace the standard system libraries with customized libraries that do lookups based on username.
Would still fail a security audit imho.
In short, these days an unacceptable situation. I recommend you make sure your users know they may be breaking the law and/or instructional compliance requirements - as there is no accountability.
If you have a security department - get their support to have this banned on company servers.
Last edited by MichaelFelt; 03-24-2013 at 07:21 AM..
Reason: read is not red - spelling correction!
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello,
I want to compare two files. All records in file 2 that are not in file 1 should be output to file 3.
For example:
file 1
123
1234
123456
file 2
123
2345
23456
file 3 should have
2345
23456
I have looked at diff, bdiff, cmp, comm, diff3 without any luck! (2 Replies)
Discussion started by: blt123
2 Replies
2. AIX
At the office, we often have to edit one file with VI. We are 4-6 workers doing it and sometimes can be done at the same time.
We have found a problem and want to prevent it with a file lock. Is it possible and how ?
problem :
Worker-a starts edit VI session on File-A at 1PM
Worker-b... (14 Replies)
Discussion started by: Browser_ice
14 Replies
3. AIX
Hello,
I am not the AIX guru..
This might seem simple for a lot but I am not sure where to start.. So here is my question:
I have a unix account on a remote site. My UID is 999999.
Now I need to create my account at my main site, with the same UID. So i have to make sure the UID 999999 is... (1 Reply)
Discussion started by: maxalarie
1 Replies
4. Shell Programming and Scripting
Moderator, please, delete this topic (1 Reply)
Discussion started by: optik77
1 Replies
5. OS X (Apple)
Q1. I understand that /usr/local/bin means I can install/uninstall stuff in here and have any chance of messing up my original system files or effecting any other users. I created this directory myself.
But what about the directory I didn't create, namely /Users/m/bin? How is that directory... (1 Reply)
Discussion started by: michellepace
1 Replies
6. Shell Programming and Scripting
Hi,
I am new to shell scripting.
please help me to find out the solution.
I need a script where we need to read the text file(consists of all file names) and get the file names one by one
and append the date suffix for each file name as 'yyyymmdd' .
Then search each file if exists... (1 Reply)
Discussion started by: Lucky123
1 Replies
7. Solaris
* Can we create multiple users with same UID?
* Can we give root permissions to normal user like admin.s ? If YES give me full details (syntax of sudo/RBAC) (14 Replies)
Discussion started by: Navkreddy
14 Replies
8. UNIX for Advanced & Expert Users
Hello,
I created a new user "rootNew"
After creation I manually change the file /etc/passwd and gave the new user "rootNew" uid 0.
Now I have 2 users with uid 0 (root,rootNew) how can I know which user is log in the system?
"whoami" command return "root" for both users.
Thanks,
Uri
No... (0 Replies)
Discussion started by: urip
0 Replies
9. Shell Programming and Scripting
I need to list users in /etc/passwd with root's GID or UID or /root as home directory
If we have these entries in /etc/passwd
root:x:0:0:root:/root:/bin/bash
rootgooduser1:x:100:100::/home/gooduser1:/bin/bash
baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies
10. Homework & Coursework Questions
I would like to get an opinion for my solution for this task and get feedback about better approach or mistakes I have made.
1. The problem statement, all variables and given/known data:
The task is to create a script which prints information about users whose names are specified in the... (2 Replies)
Discussion started by: kornfan
2 Replies
LEARN ABOUT PLAN9
gsscred
gsscred(1M) System Administration Commands gsscred(1M)
NAME
gsscred - add, remove and list gsscred table entries
SYNOPSIS
gsscred [ -n user [-o oid] [-u uid]] [-c comment] -m mech -a
gsscred [ -n user [-o oid]] [-u uid] [-m mech] -r
gsscred [ -n user [-o oid]] [-u uid] [-m mech] -l
DESCRIPTION
The gsscred utility is used to create and maintain a mapping between a security principal name and a local UNIX uid. The format of the user
name is assumed to be GSS_C_NT_USER_NAME. You can use the -o option to specify the object identifier of the name type. The OID must be
specified in dot-separated notation, for example: 1.2.3.45464.3.1
The gsscred table is used on server machines to lookup the uid of incoming clients connected using RPCSEC_GSS.
When adding users, if no user name is specified, an entry is created in the table for each user from the passwd table. If no comment is
specified, the gsscred utility inserts a comment that specifies the user name as an ASCII string and the GSS-APIsecurity mechanism that
applies to it. The security mechanism will be in string representation as defined in the /etc/gss/mech file.
The parameters are interpreted the same way by the gsscred utility to delete users as they are to create users. At least one of the follow-
ing options must be specified: -n, -u, or -m. If no security mechanism is specified, then all entries will be deleted for the user identi-
fied by either the uid or user name. If only the security mechanism is specified, then all user entries for that security mechanism will be
deleted.
Again, the parameters are interpreted the same way by the gsscred utility to search for users as they are to create users. If no options
are specified, then the entire table is returned. If the user name or uid is specified, then all entries for that user are returned. If a
security mechanism is specified, then all user entries for that security mechanism are returned.
OPTIONS
-a Add a table entry.
-c comment Insert comment about this table entry.
-l Search table for entry.
-m mech Specify the mechanism for which this name is to be translated.
-n user Specify the optional principal name.
-o oid Specify the OID indicating the name type of the user.
-r Remove the entry from the table.
-u uid Specify the uid for the user if the user is not local.
EXAMPLES
Example 1: Creating a gsscred Table for the Kerberos v5 Security Mechanism
The following shows how to create a gsscred table for the kerberos v5 security mechanism. gsscred obtains user names and uid's from the
passwd table to populate the table.
example% gsscred -m kerberos_v5 -a
Example 2: Adding an Entry for root/host1 for the Kerberos v5 Security Mechanism
The following shows how to add an entry for root/host1 with a specified uid of 0 for the kerberos v5 security mechanism.
example% gsscred -m kerberos_v5 -n root/host1 -u 0 -a
Example 3: Listing All User Mappings for the Kerberos v5 Security Mechanism
The following lists all user mappings for the kerberos v5 security mechanism.
example% gsscred -m kerberos_v5 -l
Example 4: Listing All Mappings for All Security Mechanism for a Specified User
The following lists all mappings for all security mechanisms for the user bsimpson.
example% gsscred -n bsimpson -l
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWgss |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
gssd(1m), See gsscred.conf(4), attributes(5)
NOTES
Some GSS mechanisms, such as kerberos_v5, provide their own authenticated-name-to-local-name (uid) mapping and thus do not usually have to
be mapped using gsscred. See gsscred.conf(4) for more information.
SunOS 5.10 11 Feb 2004 gsscred(1M)