Login or Register to Ask a Question and Join Our Community


AIX

Gid=0 and 7 + admin=FALSE

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Gid=0 and 7 + admin=FALSE
# 1  
Old 10-05-2010
Question Gid=0 and 7 + admin=FALSE
Checking configuration access files for an AIX server, left me wondering about this Smilie:
  • If a user is added to system group, it gets gid=0 with some security risks because it gets some root kind of file access level.
  • Is this insecure condition kept if the user has admin variable equal to FALSE in /etc/security/user file?
  • What happen if the user is also part of security group (gid=7).
What is the resultant combination of having gid=0,7 and ADMIN=FALSE?
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

False alerts

Hi I have written a script to send email alerts when load of my linux server reaches max point I keep getting false emails thought the load is normal , looks like same email is generated again and again - called from cron tab checked if the tempfile is present , no it is not , cleaned... (22 Replies)
Discussion started by: anil529
22 Replies

2. What is on Your Mind?

Regarding Admin life either as DBA or UNIX Linux admin

I am planning to choose my career as Unix/Linux Admin or a DBA. But I have come to know from forums and few admins like the job will be 24/7. I have few questions on that. Can we get "DAY" shifts in any one of the admin Job ? Can't we have shift timings in any company ? Eventhough the... (7 Replies)
Discussion started by: Jacktts
7 Replies

3. What is on Your Mind?

Windows Admin switching to *nix Admin

I'm currently a Windows admin and have wanted to jump ship to the *nix side for a while now. I've been studying both through an lpic level 1 manual as I have time (focusing on debian), and a solaris 10 cert book. The problem is I only have a handful of hours a week to study, and my current job... (3 Replies)
Discussion started by: bobwilson
3 Replies

4. Shell Programming and Scripting

False Condition

Hi All, I am using the below Script to enter a line in the File: #!/bin/ksh # To delete the last line if it contains the pattern Redirect permanent / Virgin Atlantic Airways - Popup echo "Enter the URL that should point to the particular microsite" read url # To delete the last line if it... (0 Replies)
Discussion started by: Shazin
0 Replies

5. AIX

script for finding all the users with GID 0 ( admin group )

Hi Friends, I am trying to write a script for finding all the users with the GID 0 i.e. Admin users. can you please help me on this. (1 Reply)
Discussion started by: anoopraok
1 Replies

6. Shell Programming and Scripting

Why is it always false?

Hi, I'm new to UNIX and am trying to learn shell scripting in order to work on an interface that I inherited when a co-worker left. I need to be able to check to see whether a file exists to determine whether the FTP has taken place, but in testing, the if statement always evaluates as false,... (3 Replies)
Discussion started by: JeffR
3 Replies

7. Shell Programming and Scripting

false use of sed???

i want to delete every newline and every line which starts with "RECORD......." in a file. FILE: Record 61391 in base BROCKHAUS (Timestamp: 2008-04-09 11:38:38) UNTERTITEL : Gräfin (seit 1707 Reichsgräfin) von, * Schwerin 4. 2. 1686, + Berlin 21. 10. 1744; wurde Record 61392 in base BROCKHAUS... (4 Replies)
Discussion started by: trek
4 Replies

8. Linux

bin\false

We have requirments to not allow a userid login abilities but allow users to 'su' to it. In solaris I normally set the shell in /etc/passwd to bin/false. THis does not work on Linux, any suggestions would help. (1 Reply)
Discussion started by: bryanthomas
1 Replies
Login or Register to Ask a Question

LEARN ABOUT REDHAT

setfsgid

SETFSGID(2)						     Linux Programmer's Manual						       SETFSGID(2)

NAME

       setfsgid - set group identity used for file system checks

SYNOPSIS

       #include <unistd.h> /* glibc uses <sys/fsuid.h> */

       int setfsgid(uid_t fsgid);

DESCRIPTION

       The  system call setfsgid sets the group ID that the Linux kernel uses to check for all accesses to the file system. Normally, the value of
       fsgid will shadow the value of the effective group ID. In fact, whenever the effective group ID is changed, fsgid will also be  changed	to
       the new value of the effective group ID.

       Explicit  calls	to  setfsuid and setfsgid are usually only used by programs such as the Linux NFS server that need to change what user and
       group ID is used for file access without a corresponding change in the real and effective user and group IDs.  A change in the normal  user
       IDs for a program such as the NFS server is a security hole that can expose it to unwanted signals. (But see below.)

       setfsgid  will  only  succeed  if  the caller is the superuser or if fsgid matches either the real group ID, effective group ID, saved set-
       group-ID, or the current value of fsgid.

RETURN VALUE

       On success, the previous value of fsgid is returned.  On error, the current value of fsgid is returned.

CONFORMING TO

       setfsgid is Linux specific and should not be used in programs intended to be portable.  It is present since Linux 1.1.44 and in libc  since
       libc 4.7.6.

BUGS

       No error messages of any kind are returned to the caller. At the very least, EPERM should be returned when the call fails.

NOTES

       When glibc determines that the argument is not a valid gid, it will return -1 and set errno to EINVAL without attempting the system call.

       Note  that  at the time this system call was introduced, a process could send a signal to a process with the same effective user ID.  Today
       signal permission handling is slightly different.

SEE ALSO

       kill(2), setfsuid(2)

Linux 1.3.15							    2002-07-23							       SETFSGID(2)