12-22-2005
NO.
Naina, adding it to /etc/profile is like giving access to all users to these commands inherently. Well its not that users cant add it themselves. But why would you want a regular user to run a useradd command ( he wouldnt be able to run it anyway unless he has root priveleges). But not only useradd, there are other commands in sbin dir which if possible should be hidden from a normal user. As I said earlier a normal user can always add the sbin to his directory, but if he wants to, let him do it, I suggest you should not do that for him. By adding it in /etc/profile you are doing that for him.
Well that is my way of looking at it. I agree there is nothing that can stop this to be more secure, but when you know that the burglars can break the door and come in your house, you still latch the door in the night, right ?
10 More Discussions You Might Find Interesting
1. OS X (Apple)
I am building an installable package (.pkg) with PackageMaker 1.1.11 (that's the one that comes with Panther).
The package is for installing things both to /Applications and to some folders in /Library (/Library/StartupItems and a new folder that I'm putting in /Library).
I do (obviously) not... (4 Replies)
Discussion started by: ropers
4 Replies
2. UNIX for Dummies Questions & Answers
I'm working on further developing my Unix skills and I'm just curious what some of the experienced admins out there would consider to be 10 essential commands every admin should know. (12 Replies)
Discussion started by: Arkitech
12 Replies
3. HP-UX
Hi All
Please somebody send me list of admin commands used for HPUX.
Thanks
Sunanda (2 Replies)
Discussion started by: sunanda
2 Replies
4. UNIX for Dummies Questions & Answers
(Very New to UNIX- Solaris world)
I have my Solaris 10 system built, and can login using root.
This root user is a super type of admin user as I understand it.
1.My question is do UNIX admins usually use this account for all admin tasks or do they use another account similar to this... (2 Replies)
Discussion started by: deedaz
2 Replies
5. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
6. Gentoo
i have gentoo and i dont know what is my password user admin(root)
how i can to rest my passord?
thanks. (2 Replies)
Discussion started by: turivnkl
2 Replies
7. Linux
Hi,
Please give some important admin command document . which is helpful in my role.
THanks,
Mani (8 Replies)
Discussion started by: Mani_apr08
8 Replies
8. Red Hat
Hi ,
I have skill set in unix/shell scripting. But I would like to become a linux admin..So could you please help on this..
1) what are the things need to be learn,
2) any reference should be appreciable.
3) or any website..
THanks,
Mani (2 Replies)
Discussion started by: Mani_apr08
2 Replies
9. What is on Your Mind?
I am planning to choose my career as Unix/Linux Admin or a DBA. But I have come to know from forums and few admins like the job will be 24/7. I have few questions on that.
Can we get "DAY" shifts in any one of the admin Job ?
Can't we have shift timings in any company ?
Eventhough the... (7 Replies)
Discussion started by: Jacktts
7 Replies
10. AIX
Our AIX servers send e-mails which have the "from" address set to "root@company.com" for our root user ("C{M}company.com" in /etc/sendmail.cf). The problem is that when bad e-mails are sent out or rejected by remote servers, they are being returned and delivered to e-mail box of "Mary Root".
... (2 Replies)
Discussion started by: kah00na
2 Replies
LEARN ABOUT REDHAT
setuid
SETUID(2) Linux Programmer's Manual SETUID(2)
NAME
setuid - set user identity
SYNOPSIS
#include <sys/types.h>
#include <unistd.h>
int setuid(uid_t uid);
DESCRIPTION
setuid sets the effective user ID of the current process. If the effective userid of the caller is root, the real and saved user ID's are
also set.
Under Linux, setuid is implemented like the POSIX version with the _POSIX_SAVED_IDS feature. This allows a setuid (other than root) pro-
gram to drop all of its user privileges, do some un-privileged work, and then re-engage the original effective user ID in a secure manner.
If the user is root or the program is setuid root, special care must be taken. The setuid function checks the effective uid of the caller
and if it is the superuser, all process related user ID's are set to uid. After this has occurred, it is impossible for the program to
regain root privileges.
Thus, a setuid-root program wishing to temporarily drop root privileges, assume the identity of a non-root user, and then regain root priv-
ileges afterwards cannot use setuid. You can accomplish this with the (non-POSIX, BSD) call seteuid.
RETURN VALUE
On success, zero is returned. On error, -1 is returned, and errno is set appropriately.
ERRORS
EPERM The user is not the super-user, and uid does not match the real or saved user ID of the calling process.
CONFORMING TO
SVr4, SVID, POSIX.1. Not quite compatible with the 4.4BSD call, which sets all of the real, saved, and effective user IDs. SVr4 documents
an additional EINVAL error condition.
LINUX-SPECIFIC REMARKS
Linux has the concept of filesystem user ID, normally equal to the effective user ID. The setuid call also sets the filesystem user ID of
the current process. See setfsuid(2).
If uid is different from the old effective uid, the process will be forbidden from leaving core dumps.
SEE ALSO
getuid(2), setreuid(2), seteuid(2), setfsuid(2)
Linux 1.1.36 1994-07-29 SETUID(2)