Login or Register to Ask a Question and Join Our Community


AIX

Gid=0 and 7 + admin=FALSE

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Gid=0 and 7 + admin=FALSE
# 1  
Old 10-05-2010
Question Gid=0 and 7 + admin=FALSE
Checking configuration access files for an AIX server, left me wondering about this Smilie:
  • If a user is added to system group, it gets gid=0 with some security risks because it gets some root kind of file access level.
  • Is this insecure condition kept if the user has admin variable equal to FALSE in /etc/security/user file?
  • What happen if the user is also part of security group (gid=7).
What is the resultant combination of having gid=0,7 and ADMIN=FALSE?
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

False alerts

Hi I have written a script to send email alerts when load of my linux server reaches max point I keep getting false emails thought the load is normal , looks like same email is generated again and again - called from cron tab checked if the tempfile is present , no it is not , cleaned... (22 Replies)
Discussion started by: anil529
22 Replies

2. What is on Your Mind?

Regarding Admin life either as DBA or UNIX Linux admin

I am planning to choose my career as Unix/Linux Admin or a DBA. But I have come to know from forums and few admins like the job will be 24/7. I have few questions on that. Can we get "DAY" shifts in any one of the admin Job ? Can't we have shift timings in any company ? Eventhough the... (7 Replies)
Discussion started by: Jacktts
7 Replies

3. What is on Your Mind?

Windows Admin switching to *nix Admin

I'm currently a Windows admin and have wanted to jump ship to the *nix side for a while now. I've been studying both through an lpic level 1 manual as I have time (focusing on debian), and a solaris 10 cert book. The problem is I only have a handful of hours a week to study, and my current job... (3 Replies)
Discussion started by: bobwilson
3 Replies

4. Shell Programming and Scripting

False Condition

Hi All, I am using the below Script to enter a line in the File: #!/bin/ksh # To delete the last line if it contains the pattern Redirect permanent / Virgin Atlantic Airways - Popup echo "Enter the URL that should point to the particular microsite" read url # To delete the last line if it... (0 Replies)
Discussion started by: Shazin
0 Replies

5. AIX

script for finding all the users with GID 0 ( admin group )

Hi Friends, I am trying to write a script for finding all the users with the GID 0 i.e. Admin users. can you please help me on this. (1 Reply)
Discussion started by: anoopraok
1 Replies

6. Shell Programming and Scripting

Why is it always false?

Hi, I'm new to UNIX and am trying to learn shell scripting in order to work on an interface that I inherited when a co-worker left. I need to be able to check to see whether a file exists to determine whether the FTP has taken place, but in testing, the if statement always evaluates as false,... (3 Replies)
Discussion started by: JeffR
3 Replies

7. Shell Programming and Scripting

false use of sed???

i want to delete every newline and every line which starts with "RECORD......." in a file. FILE: Record 61391 in base BROCKHAUS (Timestamp: 2008-04-09 11:38:38) UNTERTITEL : Gräfin (seit 1707 Reichsgräfin) von, * Schwerin 4. 2. 1686, + Berlin 21. 10. 1744; wurde Record 61392 in base BROCKHAUS... (4 Replies)
Discussion started by: trek
4 Replies

8. Linux

bin\false

We have requirments to not allow a userid login abilities but allow users to 'su' to it. In solaris I normally set the shell in /etc/passwd to bin/false. THis does not work on Linux, any suggestions would help. (1 Reply)
Discussion started by: bryanthomas
1 Replies
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

group

group(4)							   File Formats 							  group(4)

NAME

       group - group file

DESCRIPTION

       The  group  file  is a local source of group information. The group file can be used in conjunction with other group sources, including the
       NIS maps group.byname and group.bygid, the NIS+ table group, or group information stored on an LDAP server. Programs use  the  getgrnam(3C)
       routines to access this information.

       The group file contains a one-line entry for each group recognized by the system, of the form:

       groupname:password: gid:user-list

       where

       groupname    The name of the group. A string consisting of lower case alphabetic characters and numeric characters. Neither a colon (:) nor
		    a NEWLINE can be part of a groupname. The string must be less than MAXGLEN-1, usually 8, characters long.

       gid	    The group's unique numerical ID (GID) within the system.

       user-list    A comma-separated list of users allowed in the group.

       The maximum value of the gid field is 2147483647. To maximize interoperability and compatibility, administrators are recommended to  assign
       groups using the range of GIDs below 60000 where possible.

       If the password field is empty, no password is demanded. During user identification and authentication, the supplementary group access list
       is initialized sequentially from information in this file. If a user is in more groups than the system is configured for, {NGROUPS_MAX},  a
       warning will be given and subsequent group specifications will be ignored.

       Malformed  entries  cause  routines that read this file to halt, in which case group assignments specified further along are never made. To
       prevent this from happening, use grpck(1B) to check the /etc/group database from time to time.

       If the number of characters in an entry exceeds 2047, group maintenance commands, such as groupdel(1M) and groupmod(1M), fail.

       Previous releases used a group entry beginning with a `+' (plus sign) or `-' (minus sign) to selectively incorporate entries from a  naming
       service	source	(for  example,	an  NIS  map  or  data	from an LDAP server) for group. If still required, this is supported by specifying
       group:compat in nsswitch.conf(4). The compat source may not be supported in future releases. Possible sources are files followed by ldap or
       nisplus.  This  has  the  effect  of incorporating information from an LDAP server or the entire contents of the NIS+ group table after the
       group file.

EXAMPLES

       Example 1 Example group File.

       The following is an example of a group file:

	 root::0:root
	 stooges:q.mJzTnu8icF.:10:larry,moe,curly

       and the sample group entry from nsswitch.conf:

	 group: files ldap

       With these entries, the group stooges will have members larry, moe, and curly, and all groups listed on the  LDAP  server  are  effectively
       incorporated after the entry for stooges.

       If the group file was:

	 root::0:root
	 stooges:q.mJzTnu8icF.:10:larry,moe,curly
	 +:

       and the group entry from nsswitch.conf:

	 group: compat

       all the groups listed in the NIS group.bygid and group.byname maps would be effectively incorporated after the entry for stooges.

SEE ALSO

       groups(1), grpck(1B), newgrp(1), groupadd(1M), groupdel(1M), groupmod(1M), getgrnam(3C), initgroups(3C), nsswitch.conf(4), unistd.h(3HEAD)

       System Administration Guide: Basic Administration

SunOS 5.11							    27 Aug 2008 							  group(4)