Login or Register to Ask a Question and Join Our Community


Solaris

su mistery

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris su mistery
# 1  
Old 02-20-2008
su mistery
Hi All,

Today I was logged in with my username (non root) on one of our Solaris 9 boxes and and typed "su - appserver".

The strange thing is that I was not prompted for appserver's password and it allowed me to become "appserver" even if I am not root.

Can anyone suggest where to look for problems as this appears to be a big security issue.

Cheers,

Midraga
# 2  
Old 02-20-2008
maybe the file /etc/suauth is existent and has entries?
# 3  
Old 02-20-2008
Hi,

I have checked there is no /etc/suauth file but there is a symbolic link /etc/sulogin which points to /sbin/sulogin. Thats all that I could find.

Can there be something else in the sudoers file?

Cheers,

Midraga
# 4  
Old 02-20-2008
may be that login doesn't have password ?
# 5  
Old 02-20-2008
Thanks a lot guys,

I will check it with the system admin tomorrow.

BTW do you know of any documents that would help me to do a proper Solaris security audit on production?

Cheers,

Midraga
# 6  
Old 02-20-2008
have a look at http://docs.sun.com
everything you might need is there... and a lot more Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Linux fopen() mistery. Help required.

Hello! I'm having problems with fopen() call in Linux. I have shared library (created by myself) that implements some file operations: int lib_func(char* file_name) { ... fd = fopen(file_name, "r"); if(!fd) {... exit with error ...} ... do something useful using fd ... ... (2 Replies)
Discussion started by: kalbi
2 Replies
Login or Register to Ask a Question