Login or Register to Ask a Question and Join Our Community


AIX

Gid=0 and 7 + admin=FALSE

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Gid=0 and 7 + admin=FALSE
# 1  
Old 10-05-2010
Question Gid=0 and 7 + admin=FALSE
Checking configuration access files for an AIX server, left me wondering about this Smilie:
  • If a user is added to system group, it gets gid=0 with some security risks because it gets some root kind of file access level.
  • Is this insecure condition kept if the user has admin variable equal to FALSE in /etc/security/user file?
  • What happen if the user is also part of security group (gid=7).
What is the resultant combination of having gid=0,7 and ADMIN=FALSE?
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

False alerts

Hi I have written a script to send email alerts when load of my linux server reaches max point I keep getting false emails thought the load is normal , looks like same email is generated again and again - called from cron tab checked if the tempfile is present , no it is not , cleaned... (22 Replies)
Discussion started by: anil529
22 Replies

2. What is on Your Mind?

Regarding Admin life either as DBA or UNIX Linux admin

I am planning to choose my career as Unix/Linux Admin or a DBA. But I have come to know from forums and few admins like the job will be 24/7. I have few questions on that. Can we get "DAY" shifts in any one of the admin Job ? Can't we have shift timings in any company ? Eventhough the... (7 Replies)
Discussion started by: Jacktts
7 Replies

3. What is on Your Mind?

Windows Admin switching to *nix Admin

I'm currently a Windows admin and have wanted to jump ship to the *nix side for a while now. I've been studying both through an lpic level 1 manual as I have time (focusing on debian), and a solaris 10 cert book. The problem is I only have a handful of hours a week to study, and my current job... (3 Replies)
Discussion started by: bobwilson
3 Replies

4. Shell Programming and Scripting

False Condition

Hi All, I am using the below Script to enter a line in the File: #!/bin/ksh # To delete the last line if it contains the pattern Redirect permanent / Virgin Atlantic Airways - Popup echo "Enter the URL that should point to the particular microsite" read url # To delete the last line if it... (0 Replies)
Discussion started by: Shazin
0 Replies

5. AIX

script for finding all the users with GID 0 ( admin group )

Hi Friends, I am trying to write a script for finding all the users with the GID 0 i.e. Admin users. can you please help me on this. (1 Reply)
Discussion started by: anoopraok
1 Replies

6. Shell Programming and Scripting

Why is it always false?

Hi, I'm new to UNIX and am trying to learn shell scripting in order to work on an interface that I inherited when a co-worker left. I need to be able to check to see whether a file exists to determine whether the FTP has taken place, but in testing, the if statement always evaluates as false,... (3 Replies)
Discussion started by: JeffR
3 Replies

7. Shell Programming and Scripting

false use of sed???

i want to delete every newline and every line which starts with "RECORD......." in a file. FILE: Record 61391 in base BROCKHAUS (Timestamp: 2008-04-09 11:38:38) UNTERTITEL : Gräfin (seit 1707 Reichsgräfin) von, * Schwerin 4. 2. 1686, + Berlin 21. 10. 1744; wurde Record 61392 in base BROCKHAUS... (4 Replies)
Discussion started by: trek
4 Replies

8. Linux

bin\false

We have requirments to not allow a userid login abilities but allow users to 'su' to it. In solaris I normally set the shell in /etc/passwd to bin/false. THis does not work on Linux, any suggestions would help. (1 Reply)
Discussion started by: bryanthomas
1 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

prelude-admin

prelude-admin(1)					      General Commands Manual						  prelude-admin(1)

NAME

       prelude-admin - Manage agents accounts

SYNOPSIS

       prelude-admin <subcommand> [options] [args]

       prelude-admin add <profile name> [--uid UID] [--gid GID]

       prelude-admin chown <profile name> [--uid UID] [--gid GID]

       prelude-admin del <profile name>

       prelude-admin rename <profile name> <profile name>

       prelude-admin  register	<profile  name>  <wanted  permission>  <registration-server  address>  [--uid  UID] [--gid GID] [--passwd=PASSWD>]
       [--passwd-file=<FILE>]

       prelude-admin registration-server <profile name> [--uid UID] [--gid GID] [--prompt] [--passwd=PASSWD>] [--passwd-file=<FILE>] [--keepalive]
       [--no-confirm] [--listen]

       prelude-admin revoke <profile> <analyzerID> [--uid UID] [--gid GID]

DESCRIPTION

       In order for an agent to communicate with a manager, it must be registered. Registration involves several steps:
	- Allocating an unique identity for the agent
	- Creating directory to be used by the agent (example: failover purpose)
	-  Registering	to a remote 'prelude-manager': get a signed X509 certificate that will allow communication between agent and manager using
       the specified permissions.

       All these informations are stored in an agent profile.

       An agent profile is identified by its name. When an agent is started, it will load the profile of the same name as the program itself, that
       is, if your agent is named "prelude-lml", the agent will load the profile named "prelude-lml".

       The  name  of the profile can be overriden using the '--prelude --profile name_of_my_profile' command line option. It is possible to define
       the profile name so that you can have several instances of one agent running with different permissions, using different profiles.

       Note that profiles are not specific to agents, but are used in all programs of the Prelude suite (agents, managers, etc).

       If you are not sure which permission your agent should get, just start it and default permissions will be displayed.

OPTIONS

       <profile name> is the default name of the agent you are installing or your own defined name.

       If you start your agent without prior registration, a warning is displayed including the default profile name on how to register the agent.

       <requested permission> is the permission your agent needs. It is composed of permission	attributes  (idmef  or	admin)	and  access  type:
       read/write (r/w). By default, an agent need permissions for writing IDMEF to a manager, and reading administrative command sent to it. That
       is : "idmef:w admin:r".

       <manager address> is the address of the prelude-manager you wish to register. this can either be its IP address or  its	hostname.  If  you
       made a local installation, you can write localhost to connect via unix socket.

       Remember  to  use  the  correct uid/gid when registering your agent. For instance, if you want to register snort (running with snort euid /
       egid), use --uid snort --gid snort.

       add <analyzer profile>
	    Setup a new agent user.

	    --uid=UID UID or user to use to setup agent files.

	    --gid=GID GID or group to use to setup agent files.

       chown <analyzer profile>
	    Change analyzer owner.

	    --uid=UID UID or user to use to setup agent files.

	    --gid=GID GID or group to use to setup agent files.

       del <analyzer profile>
	    The delete command will remove the agent files created through "add" command. Once this is done, the analyzer  can't  be  used  unless
	    "register" or "add" is called again.

       rename <analyzer profile> <analyzer profile>
	    Rename an existing analyzer.

       register <profile name> <wanted permission> <registration-server address>
	    Register an analyzer.

	    Register  and  create the analyzer basic setup if needed.  It will also configure communication of this analyzer with a receiving ana-
	    lyzer (like a Manager) through the specified registration-server.

	    --uid=UID UID or user to use to setup analyzer files.

	    --gid=GID GID or group to use to setup analyzer files.

	    --passwd=PASSWD Use provided password instead of prompting it.

	    --passwd-file=-|FILE Read password from file instead of prompting it (- for stdin).

       registration-server <profile name>
	    Start a registration server to register agents.  This is used in order to register 'sending' analyzer to 'receiving'  analyzer.  <pro-
	    file name> should be set to the profile name of the

	    --uid=UID UID or user to use to setup 'receiving' analyzer files.

	    --gid=GID GID or group to use to setup 'receiving' analyzer files.

	    --prompt Prompt for a password instead of auto generating it.

	    --passwd=PASSWD Use provided password instead of auto generating it.

	    --passwd-file=-|FILE Read password from file instead of auto generating it (- for stdin).

	    --keepalive Register analyzer in an infinite loop.

	    --no-confirm Do not ask for confirmation on agent registration.

	    --listen Address to listen on for registration request (default is any:5553).

       revoke <profile name>
	    Revoke access to <profile> for the given analyzerID.

	    --uid=UID UID or user to use to setup analyzer files.

	    --gid=GID GID to group to use to setup analyzer files.

       --help
	    Print help

AUTHOR

       This man page has been written by Frederic Motte

								   19 June 2007 						  prelude-admin(1)