Login or Register to Ask a Question and Join Our Community


Red Hat

Password for a command!

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat Password for a command!
# 1  
Old 11-06-2013
RedHat Password for a command!
Team,

Is there any ability to create a password for a one or specific set of command in Linux? I don't know if such scenario has been posted in before, but I really want to protect poweroff, reboot, init 0 and init 6 even from root user with a password.

Thanks
# 2  
Old 11-06-2013
I doubt it. root can do anything to a machine.

I you have doubts about your root users, it might be time to rethink your access strategies.
# 3  
Old 11-06-2013
I understand that root can do everything, but just to grant the server more protection in case of power-off accidentally. It's something like the file with attribute +i, which can't be deleted by even by root user unless you remove that attribute.
Last edited by leo_ultra_leo; 11-06-2013 at 08:26 AM..
# 4  
Old 11-06-2013
Accidentally poweroff a server ? Smilie

I don't find this realistic scenario in environments with serious people working on the servers.
If folks accidentally poweroff a server, they should be denied access until proper education is done.

Regards
Peasant.
This User Gave Thanks to Peasant For This Post:
babinlonston
# 5  
Old 11-06-2013
Quote:
Originally Posted by leo_ultra_leo
I really want to protect poweroff, reboot, init 0 and init 6 even from root user with a password.
You cannot stop root from being root.

If you're trying to stop root from being root, there's something very wrong with your security model.

If you don't want people to have root, don't give them root at all.

Perhaps you can move the services they need to administrate to another user, so that they don't need to constantly login as root. That would protect /sbin/reboot much better than setting nonstandard permissions on system files.
Last edited by Corona688; 11-06-2013 at 11:23 AM..
# 6  
Old 11-06-2013
I'm talking here for a server holds more than 3.000.000 customer!!! I should protect the power commands with a password, at least a confirmation message!!
# 7  
Old 11-06-2013
If your security model involves stopping root from being root, it is flawed, because it doesn't work that way. You can't stop root from being root. If they really wanted to -- or even by accident -- your root users could write to the disk raw and trash it. There are no restrictions, because that's what root means... And if you do restrict all these somehow, eventually you'll end up in an emergency situation where root needs to do so and can't because you've altered your system in nonstandard ways.

The other problem is that your security model starts from 'default permit'. You wouldn't even write a firewall this way. Are there dangerous commands you don't know about? Almost certainly. Can you weed out 100% of each and every one individually? Doubtful. You need to work from the opposite direction -- give them access to what they need and only what they need, and absolutely nothing more, instead of giving them root, which gives them guaranteed unencumbered access to everything.

You should protect it by not giving out root. Find other ways besides root to let your admins do what they need. You can give them sudo access to particular commands for example without giving them carte blanche.
Last edited by Corona688; 11-06-2013 at 09:18 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

2. Shell Programming and Scripting

Passing password with SSH command

Hi Experts, I have specific requirement where I want to pass the password with the ssh username@hostname command . I dont want to use RSA public and private keys also. Because that will be on production server and no one wants to give access like that. Second thing it is production... (14 Replies)
Discussion started by: sharsour
14 Replies

3. Linux

Set password in single command

Hi, Can we set password for linux in non-interactive mode. I didn't find suitable option for this in man page. If we wnter "passwd" command, it will tell "Enter password" and "Re-enter password". i wanted to run this step in a script, and i don't want to use "expect" so i am looking for a single... (8 Replies)
Discussion started by: successlin
8 Replies

4. Shell Programming and Scripting

ssh command with password

hi: how can i use ssh with password in the command line . (4 Replies)
Discussion started by: rainboisterous
4 Replies

5. Shell Programming and Scripting

passing password to a command

Hi all, I have the expect binaries in our boxes.. I want to pass a passwd to a command automatically without manual intervention using "/<path_of_expect>/expect/<version>/bin/autopasswd" The below command will ask passwd in my script cleartool rmtag -all <vob_tag> #Some... (4 Replies)
Discussion started by: raghu.iv85
4 Replies

6. Solaris

Apply password in some command

hello guys, I need some command,script or anythng which will help me to prompt for a password if I give some common unix command. We need this command to restrict the access to few users only like for tip command. That wenever i give TIP command, it will ask for password and only autherized users... (1 Reply)
Discussion started by: harpreetrekhi
1 Replies

7. Shell Programming and Scripting

sudo command with password

Hello everybody, Say I forgot my root password (shit happens, no?) and I'd like to brutally try 100 possibilities to delete a file using sudo. How can I make a script that tries all the passwords? The following doesn't work. Do you have a clue? foo:~$ cat test sudo rm dummy <<< 'password' echo... (1 Reply)
Discussion started by: chebarbudo
1 Replies

8. Cybersecurity

Specify password in SFTP command

Hi, How can I specify a password on the scp command line so that it should not prompt for the password? Shabu (3 Replies)
Discussion started by: shabu
3 Replies

9. UNIX for Dummies Questions & Answers

SSH with a --password command line???

Has anyone heard of an OpenSSH client being compiled with an additional command-line option for password input? I realize there are reasons to NOT do this, and I realize you can achieve the same type of thing with keys, but I am specifically looking to pass the username & password BOTH on the... (5 Replies)
Discussion started by: jjinno
5 Replies

10. Shell Programming and Scripting

any way to use SU command without prompt for password

Hi, First i want to tell you i am not a administrator and everytime to run a sqlscritpt i have to login as SU in a particular account to connect to sqlplus.. I want to write a script which can make me free by doin this .. since i am having the permission for SU i want to know if i can SUDO... (7 Replies)
Discussion started by: myelvis
7 Replies
Login or Register to Ask a Question