Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Login cancellation question
Top Forums UNIX for Beginners Questions & Answers Login cancellation question Post 302967160 by vbe on Saturday 20th of February 2016 04:43:52 AM
Old 02-20-2016
Most UNIX have root not locked unless using RBAC perhaps but accessible to only very limited devices where ordinary people have no access...
Thats is why servers are in white? rooms where security is high and only the sysadms have access...

To answer
Quote:
would the system and its contents be inaccessible?? This is pure curiosity.
The only system I found with root disabled was a lab machine configured with another sysadm of my team, we were trying all figures to go further in security... and so using RBAC we disabled root account... Fine till we forgot the passwords... And realised we were doomed, though my friend and collegue is highly specialized in solaris ( as I had no small HPUX to use at the time ) this was a sparc/solaris 10, we just could not find a way to get back at the system, OK we may did more than just RBAC as we were trying to highly secure... So on one hand we achieved what we wanted, on the other we saw the silly situation we were in for not remembering the passwords...
Morality?
I am sure all serious sysadm configures his boxes with a backdoor only it may not be at a user level, and the minimum security to my eyes is to not let direct connection from the net unless dedicated lan to root even via ssh, using su/sudo only and having root only accessible from console which should be a real dedicated console (/dev/console...) on serial port or dedicated lan for lan consoles
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

login question

Why, when you type in an obviously invalid login, does UNIX give you an opportunity to type in a password? Is it a security thing? (1 Reply)
Discussion started by: grassaj
1 Replies

2. UNIX for Dummies Questions & Answers

Root login question

Hi all I am administering Linux boxes (running rehat linux 7.3 and 8.0). The other day I tried to ssh from 1 linux box to the other. I was root on the client box. Surprisingly, I could login as root into the host after giving the password!! I am unable to get root login from a SSH client... (2 Replies)
Discussion started by: skotapal
2 Replies

3. UNIX for Dummies Questions & Answers

user login script question

hi all, what file(s) needs to be changed and in what way in order to do the following: when user A logs onto freebsd 4.8 automaticaly he needs to start up a script a made that executes: sets ltp0 in polling mode, executes tn5250 keyboard mapping starts tn5250 with the correct parameters. ... (2 Replies)
Discussion started by: termiEEE
2 Replies

4. Shell Programming and Scripting

.proflie .login question

I have been searching how to do this and haven't been able to make it work. When I login to our Unix machine running SunOS 5.8 it automatically starts in csh but I want bash. I don't have access to chsh or password commands so I guess I need to change .profile or .login or .cshrc? Which one and... (2 Replies)
Discussion started by: blackw
2 Replies

5. Solaris

Solaris 10 login question, seek guru's help

I post this question because it seems that no many people will knows about this. I hope to meet some real guru to help me out. Here is the question: I isntalled solaris 10 on Sun sparc 64 bit machine. I can login as root user through GUI or console. After I created an Oracle user, I only can... (1 Reply)
Discussion started by: duke0001
1 Replies

6. UNIX for Advanced & Expert Users

Solaris login question, need guru's help

I post this question because it seems that no many people will knows about this. I hope to meet some real guru to help me out. Here is the question: I isntalled solaris 10 on Sun sparc 64 bit machine. I can login as root user through GUI or console. After I created an Oracle user, I only can... (2 Replies)
Discussion started by: duke0001
2 Replies

7. UNIX for Dummies Questions & Answers

Question on .profile login script

Hey everyone, I'am a little new here and experincing Unix for the first time. I was wondering if somone could help me with this question i'am a bit stuck on Looking at the content of .profile login script The .profile file is in your login directory. It is a startup script file... (1 Reply)
Discussion started by: worldsoutro
1 Replies

8. Red Hat

Unable to login .Basic question

hi Guys , I m completely new to this environment. I m working in linux gnu operating type. I have root user access to this machine and i have created a user named scott using useradd command then set its password using passwd command. Now my problem is i m not able to loggin using this new... (4 Replies)
Discussion started by: pinga123
4 Replies

9. Shell Programming and Scripting

Question: Automatic launching of a CLI menu upon login (OpenBSD)

Hi all, I am OpenBSD newbie and currently need to manage some OpenBSD firewalls running pf. The OpenBSD version is 4.8 As the other sys admins are not so familiar with OpenBSD, so I have an idea across in my mind on how to minimize the root account usage and other unnecessary access and make... (9 Replies)
Discussion started by: lcxpics
9 Replies

10. Solaris

New User Login Exam Question

Hi Folks, I am studying for my 1z0-821 exam and I would like to clarify an answer to the following question : You have a ticket from a new user on the system, indicating that he cannot log in to his account. The information in the ticket gives you both the username and password. The ticket... (2 Replies)
Discussion started by: Ravneet_Pal
2 Replies

LEARN ABOUT NETBSD

usermod

USERMOD(8)						    BSD System Manager's Manual 						USERMOD(8)

NAME

     usermod -- modify user login information

SYNOPSIS

     usermod [-FmoSv] [-C yes/no] [-c comment] [-d home-dir] [-e expiry-time] [-f inactive-time] [-G secondary-group] [-g gid | name | =uid]
	     [-L login-class] [-l new-login] [-p password] [-s shell] [-u uid] user

DESCRIPTION

     The usermod utility modifies user login information on the system.

     Default values are taken from the information provided in the /etc/usermgmt.conf file, which, if running as root, is created using the built-
     in defaults if it does not exist.

     See user(8) for more information about EXTENSIONS.

     After setting any defaults, and then reading values from /etc/usermgmt.conf, the following command line options are processed:

     -C yes/no
	     Enable user accounts to be temporary locked/closed.  The yes/no operand can be given as ``yes'' to lock the account or ``no'' to
	     unlock the account.

     -c comment
	     Set the comment field (also, for historical reasons known as the GECOS field) for the user.  The comment field will typically include
	     the user's full name and, perhaps, contact information for the user.

     -d home-directory
	     Set the home directory without populating it; if the -m option is specified, tries to move the old home directory to home-directory.

     -e expiry-time
	     Set the time at which the account expires.  This can be used to implement password aging.	It should be entered in the form ``month
	     day year'', where month is the month name (the first three characters are sufficient), day is the day of the month, and year is the
	     year.  Time in seconds since the epoch (UTC) is also valid.  A value of 0 can be used to disable this feature.  This value can be
	     preset for all users using the expire field in the /etc/usermgmt.conf file.  See usermgmt.conf(5) for more details.

     -F      Force the user to change their password upon next login.

     -f inactive-time
	     Set the time at which the password expires.  See the -e option.

     -G secondary-group
	     Specify a secondary group to which the user will be added in the /etc/group file.	The secondary-group may be a comma-delimited list
	     for multiple groups.  Or the option may be repeated for multiple groups.  (16 groups maximum.)

     -g gid | name | =uid
	     Give the group name or identifier to be used for the user's primary group.  If this is '=uid', then a uid and gid will be picked
	     which are both unique and the same, and a line will be added to /etc/group to describe the new group.  This value can be preset for
	     all users by using the group field in the /etc/usermgmt.conf file.  See usermgmt.conf(5) for more details.

     -L login-class
	     Set the login class for the user.	See login.conf(5) for more information on user login classes.  This value can be preset for all
	     users by using the class field in the /etc/usermgmt.conf file.  See usermgmt.conf(5) for more details.  This option is included if
	     built with EXTENSIONS.

     -l new-user
	     Give the new user name.  It can consist of alphanumeric characters and the characters '.', '-', and '_'.

     -m      Move the home directory from its old position to the new one.  If -d is not specified, the new-user argument of the -l option is
	     used; one of -d and -l is needed.

     -o      Allow duplicate uids to be given.

     -p password
	     Specify an already-encrypted password for the user.  This password can then be changed by using the chpass(1) utility.  This value
	     can be preset for all users by using the password field in the /etc/usermgmt.conf file.  See usermgmt.conf(5) for more details.  This
	     option is included if built with EXTENSIONS.

     -S      Allow samba user names with a trailing dollar sign to be modified.  This option is included if built with EXTENSIONS.

     -s shell
	     Specify the login shell for the user.  This value can be preset for all users by using the shell field in the /etc/usermgmt.conf
	     file.  See usermgmt.conf(5) for more details.

     -u uid  Specify a new uid for the user.  Boundaries for this value can be preset for all users by using the range field in the
	     /etc/usermgmt.conf file.  See usermgmt.conf(5) for more details.

     -v      Enable verbose mode - explain the commands as they are executed.  This option is included if built with EXTENSIONS.

     Once the information has been verified, usermod uses pwd_mkdb(8) to update the user database.  This is run in the background.  At very large
     sites this can take several minutes.  Until this update is completed, the password file is unavailable for other updates and the new informa-
     tion is not available to programs.

EXIT STATUS

     The usermod utility exits 0 on success, and >0 if an error occurs.

FILES

     /etc/usermgmt.conf

SEE ALSO

     chpass(1), group(5), passwd(5), usermgmt.conf(5), pwd_mkdb(8), user(8), useradd(8), userdel(8)

HISTORY

     The usermod utility first appeared in NetBSD 1.5.	It is based on the addnerd package by the same author.

AUTHORS

     The usermod utility was written by Alistair G. Crooks <agc@NetBSD.org>.

BSD
								 January 13, 2009							       BSD
All times are GMT -4. The time now is 08:21 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy