Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Best practices for sugroups for root ? backdoor user access ?
Operating Systems AIX Best practices for sugroups for root ? backdoor user access ? Post 303021725 by MichaelFelt on Wednesday 15th of August 2018 01:28:08 PM
Old 08-15-2018
Actually, another process would be to use what is know as a dual password account.

I'll over simplify for now.

a) have a privileged account - i.e., let's say to suroot. This account is either added to sudoers, or setup using RBAC to be more powerful. "Audit" is also setup to monitor this accounts activity.

b) have two "key accounts", each of these have it's own password - which could be shared or coming from the vault. Each of these account has /bin/false as shell.

c) when access to "suroot" is needed TWO people (one from a "group" or vault access to key-1 password, and another with access to key-2 password)
* start by entering "suroot" as username at login (e.g., console) prompt. System will prompt for password from key-1; then system will prompt for password of account key-2 - and the login will complete with "suroot" the active user.

Note: if key-1 or key-2 try to login it will always "fail" because the shell is /bin/false (even root cannot "su" to that userid).

Hope this helps.
 

10 More Discussions You Might Find Interesting

1. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies

2. Solaris

I can not access root user through LAN

Dear i have installed Solaris 10 on SUN V240 after installation i can not access system through root user if i access system through any other user it conects but root is not connecting through LAN if i connect through SC and then access root though cosole -f command it also works kindly... (6 Replies)
Discussion started by: rizwan225
6 Replies

3. Shell Programming and Scripting

access user history as root

Hi, I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history? thank you, S (4 Replies)
Discussion started by: sardare
4 Replies

4. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

5. Shell Programming and Scripting

Urgent Help...Pseudo-Device provides a Backdoor Entry to root.

Can Anybody help to create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel. Modules are object binaries that can be dynamically loaded into the kernel. ... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies

6. Homework & Coursework Questions

The pseudo-device provides a “backdoor” for gaining root access for a particular user.

Problem statement. In this part of the assignment, delegates will create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel, delegate will create a module.... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies

7. Cybersecurity

Linux Universal Packet/Ham Radio Backdoor - root!

Tails (LiveCD) is crap, and I'm being nice here. Bloated, contains HAMRADIO and PACKET RADIO modules which no one in their right mind would use on a distro aimed at Tor use, I don't even believe 1% of Linux users use them, yet they're generated right there in the directories. Google about ham radio... (0 Replies)
Discussion started by: chipinmybrain
0 Replies

8. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

9. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

10. UNIX for Advanced & Expert Users

Non root user access to /dev/mem

Hi All, I have to install an application which needs access to system BIOS information. The application needs to be installed by non root user. How would i grant read privileges of /dev/mem file to the non root user so that it can capture system BIOS information while running the application?... (13 Replies)
Discussion started by: Soumyadip Dutta
13 Replies

LEARN ABOUT DEBIAN

dirvish-locate

DIRVISH-LOCATE(1)					      General Commands Manual						 DIRVISH-LOCATE(1)

NAME

       dirvish-locate - locate file versions in dirvish images

SYNOPSIS

       dirvish-locate vault[:branch] pattern

DESCRIPTION

       Locate versions of files in a dirvish vault

       The index of each image specified vault is searched for paths matching pattern.	Each path found matching the pattern will be reported fol-
       lowed by a modification time of each version of the file and all images having a link to it.

       The optional branch specification will restrict searching to the specified branch.

       Images with an error status will be skipped as will any without index files.  The index file may be compressed by gzip or bzip2.  See  tree
       and index in dirvish.conf(5) for details.

       The  pattern  is  a  perl regular expression to match the final component of the path.  Append .*  to the end of the pattern if you wish to
       match any substring of the whole path or $ if you wish to anchor the pattern to the end of the path.  See perlre(1) for details.

       Directories are excluded from matching as they would wind up matching every file within them  anyway.   Symlinks  are  also  excluded  from
       matching.

       If  the pattern matches too many paths dirvish-locate will only report the paths matched and not versions.  As a sanity check if the number
       of matches is really excessive dirvish-locate will limit the number of images searched.	Excessive matches is an indication of an  insuffi-
       ciently specific pattern.  Use the resulting path list to compose a more specific one.

EXIT CODES

       To  facilitate  further automation and integration of dirvish-locate with other tools dirvish-locate provides rationalised exit codes.  The
       exit codes are range based.  While the code for a specific error may change from one version to another it will remain within the specified
       range.	So don't test for specific exit codes but instead test for a range of values.  To the degree possible higher value ranges indicate
       more severe errors.

       0      success 200-219 An error was encountered in loading a configuration file.

       220-254
	      An error was detected in the configuration.

       255    Incorrect usage.

FILES

       /etc/dirvish/master.conf
	      alternate master configuration file.

       /etc/dirvish.conf
	      master configuration file.

       bank/vault/image/summary
	      image creation summary.

       bank/vault/image/index

       bank/vault/image/index.gz

       bank/vault/image/index.bz2
	      dirvish index file.

SEE ALSO

       dirvish.conf(5)

BUGS

																 DIRVISH-LOCATE(1)
All times are GMT -4. The time now is 02:16 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy