07-21-2018
Quote:
Originally Posted by
rbatte1
Could you not have multiple groups defined in the sugroups= field for the root account and add a group that ONLY has your backdoor account in? I'm pretty sure it is a comma separated list but I don't have access to AIX servers any more so i can't test it.
I hope that this helps,
Robin
Thank you, I think that's where I'm headed, I'm just wondering if there's a best practice, or if when security calculus is applied to this exercise, a flashing light goes on about some hole that this might create or that's woven into the fabric of having a backdoor user who has access (even requiring a password) to root. "I never thought of that" is a common reaction for me to reading about exploits, so I'd rather not facilitate one...
thanks for your help!
10 More Discussions You Might Find Interesting
1. HP-UX
Hi
I have been asked to find out how to
1) create users
2) reset passwords
3) kill processes that may require root privileges
without having root password, sudo rights or rights to passwd command
Any ideas?
Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies
2. Solaris
Dear
i have installed Solaris 10 on SUN V240
after installation i can not access system through root user
if i access system through any other user it conects but root is not connecting through LAN
if i connect through SC and then access root though cosole -f command it also works
kindly... (6 Replies)
Discussion started by: rizwan225
6 Replies
3. Shell Programming and Scripting
Hi,
I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history?
thank you,
S (4 Replies)
Discussion started by: sardare
4 Replies
4. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
5. Shell Programming and Scripting
Can Anybody help to create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel. Modules are object binaries that can be dynamically loaded into the kernel.
... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies
6. Homework & Coursework Questions
Problem statement.
In this part of the assignment, delegates will create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel, delegate will create a module.... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies
7. Cybersecurity
Tails (LiveCD) is crap, and I'm being nice here. Bloated, contains HAMRADIO and PACKET RADIO modules which no one in their right mind would use on a distro aimed at Tor use, I don't even believe 1% of Linux users use them, yet they're generated right there in the directories. Google about ham radio... (0 Replies)
Discussion started by: chipinmybrain
0 Replies
8. Shell Programming and Scripting
Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal.
I want to give some users a root level access.
Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way
Regards
ADI (4 Replies)
Discussion started by: adisky123
4 Replies
9. Solaris
Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies
10. UNIX for Advanced & Expert Users
Hi All,
I have to install an application which needs access to system BIOS information.
The application needs to be installed by non root user.
How would i grant read privileges of /dev/mem file to the non root user so that it can capture system BIOS information while running the application?... (13 Replies)
Discussion started by: Soumyadip Dutta
13 Replies
LEARN ABOUT DEBIAN
dirvish-expire
DIRVISH-EXPIRE(8) System Manager's Manual DIRVISH-EXPIRE(8)
NAME
dirvish-expire - delete expired dirvish images
SYNOPSIS
dirvish-expire[OPTIONS]
DESCRIPTION
Delete dirvish image trees or whole images that have expired.
Each image summary file is checked for the Expire: field. If that field indicates the image has expired dirvish-expire will delete that
image from the vault.
By default all subdirectories of all banks will be treated as vaults and all directories therein except the one named dirvish will be
checked for summary files.
The removal of an image will have no effect on other images.
Dirvish-expire will not delete an image unless it finds at least one image in that branch that has an intact image tree and Status: success
in the summary that is not expired.
OPTIONS
Each option on the command line may be specified any number of times. Those options that support lists in the config files will accumulate
all of their arguments otherwise each specification will override the ones before.
Each option may be unambiguously abbreviated.
--time time_expression
Execute as though time_expression were the current time.
Time_expression is processed by Time::Parsedate(3pm) so relative time and date strings are permitted. See Time::Parsedate(3pm) for
more details.
--tree Only delete the image tree, leave in place the rest of the image directory with summary, log and any other image administrative
files.
--vault vault
Restrict expiration to the specified vault.
--no-run
Don't actually do anything. Just display what would have happened.
--quiet
Run quietly, only report errors.
Normally dirvish-expire will report the images deleted.
EXIT CODES
To facilitate further automation and integration of dirvish-expire with other tools dirvish-expire provides rationalised exit codes. The
exit codes are range based. While the code for a specific error may change from one version to another it will remain within the specified
range. So don't test for specific exit codes but instead test for a range of values. To the degree possible higher value ranges indicate
more severe errors.
0 success
200-219
An error was encountered in loading a configuration file.
220-254
An error was detected in the configuration.
255 Incorrect usage.
FILES
/etc/dirvish/master.conf
alternate master configuration file.
/etc/dirvish.conf
master configuration file.
bank/vault/image/summary
image creation summary.
bank/vault/image/tree
actual image of source directory tree.
SEE ALSO
dirvish.conf(5)
Time::ParseDate(3pm)
BUGS
Dirvish-expire will walk the file hierarchy of all banks or the specified vault looking for summary files. Anything non-dirvish in there
may cause excess file-walking.
DIRVISH-EXPIRE(8)