Sponsored Content
Operating Systems AIX Best practices for sugroups for root ? backdoor user access ? Post 303020504 by maraixadm on Saturday 21st of July 2018 12:42:00 PM
Old 07-21-2018
Quote:
Originally Posted by rbatte1
Could you not have multiple groups defined in the sugroups= field for the root account and add a group that ONLY has your backdoor account in? I'm pretty sure it is a comma separated list but I don't have access to AIX servers any more so i can't test it.

I hope that this helps,
Robin
Thank you, I think that's where I'm headed, I'm just wondering if there's a best practice, or if when security calculus is applied to this exercise, a flashing light goes on about some hole that this might create or that's woven into the fabric of having a backdoor user who has access (even requiring a password) to root. "I never thought of that" is a common reaction for me to reading about exploits, so I'd rather not facilitate one...

thanks for your help!
 

10 More Discussions You Might Find Interesting

1. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies

2. Solaris

I can not access root user through LAN

Dear i have installed Solaris 10 on SUN V240 after installation i can not access system through root user if i access system through any other user it conects but root is not connecting through LAN if i connect through SC and then access root though cosole -f command it also works kindly... (6 Replies)
Discussion started by: rizwan225
6 Replies

3. Shell Programming and Scripting

access user history as root

Hi, I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history? thank you, S (4 Replies)
Discussion started by: sardare
4 Replies

4. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

5. Shell Programming and Scripting

Urgent Help...Pseudo-Device provides a Backdoor Entry to root.

Can Anybody help to create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel. Modules are object binaries that can be dynamically loaded into the kernel. ... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies

6. Homework & Coursework Questions

The pseudo-device provides a “backdoor” for gaining root access for a particular user.

Problem statement. In this part of the assignment, delegates will create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel, delegate will create a module.... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies

7. Cybersecurity

Linux Universal Packet/Ham Radio Backdoor - root!

Tails (LiveCD) is crap, and I'm being nice here. Bloated, contains HAMRADIO and PACKET RADIO modules which no one in their right mind would use on a distro aimed at Tor use, I don't even believe 1% of Linux users use them, yet they're generated right there in the directories. Google about ham radio... (0 Replies)
Discussion started by: chipinmybrain
0 Replies

8. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

9. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

10. UNIX for Advanced & Expert Users

Non root user access to /dev/mem

Hi All, I have to install an application which needs access to system BIOS information. The application needs to be installed by non root user. How would i grant read privileges of /dev/mem file to the non root user so that it can capture system BIOS information while running the application?... (13 Replies)
Discussion started by: Soumyadip Dutta
13 Replies
GSHADOW(5)                                                 File Formats and Conversions                                                 GSHADOW(5)

NAME
gshadow - shadowed group file DESCRIPTION
/etc/gshadow contains the shadowed information for group accounts. This file must not be readable by regular users if password security is to be maintained. Each line of this file contains the following colon-separated fields: group name It must be a valid group name, which exist on the system. encrypted password Refer to crypt(3) for details on how this string is interpreted. If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, users will not be able to use a unix password to access the group (but group members do not need the password). The password is used when a user who is not a member of the group wants to gain the permissions of this group (see newgrp(1)). This field may be empty, in which case only the group members can gain the group permissions. A password field which starts with an exclamation mark means that the password is locked. The remaining characters on the line represent the password field before the password was locked. This password supersedes any password specified in /etc/group. administrators It must be a comma-separated list of user names. Administrators can change the password or the members of the group. Administrators also have the same permissions as the members (see below). members It must be a comma-separated list of user names. Members can access the group without being prompted for a password. You should use the same list of users as in /etc/group. FILES
/etc/group Group account information. /etc/gshadow Secure group account information. SEE ALSO
gpasswd(5), group(5), grpck(8), grpconv(8), newgrp(1). shadow-utils 4.5 01/25/2018 GSHADOW(5)
All times are GMT -4. The time now is 07:04 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy