Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: root group in solaris : Tools
From: dubaisans dubai (dubaisansgmail.com)
Date: Tue Sep 19 2006 - 01:00:38 CDT
What is the suggestion on using a tool like Powerbroker from Symark.
The tool claims to centralise the "sudo" function and also provide
logging? Does anyone have feedback on this tool or any other third
party tool in the same space?
On 9/19/06, Suzanne Widup <Suzanne.Widupsafeway.com> wrote:
> Have you looked at implementing sudo? It's a root delegation tool and
> would give you some better accountability as to what people are doing.
> -----Original Message-----
> From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
> On Behalf Of dubaisans dubai
> Sent: Monday, September 18, 2006 5:50 AM
> To: focus-sunsecurityfocus.com
> Subject: root group in solaris
> I would like to give root user privileges to a set of OS administrators.
> Everyone has individual user-ids on the system.
> Currently they login with their personal ID and then SU to root. I donot
> want to share root password with these many people.
> I am thinking of adding all these users to the "root" group[GID 0].
> Will it provide root-equivalent UID O access to these users. If not why
> ? Does the "root" group not have root user-id equivalent privileges?
> Is it possible manually to make the GID 0 privileges equivalant of UID
> How else can I give these individual users root privileges - make all of
> them UID 0 or something.? Is that a smart idea?
> I am looking at something simpler than SUDO or RBAC
> "MMS <safeway.com>" made the following annotations.
> All e-mail sent to this address will be received by the Safeway corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain information proprietary to Safeway and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately.