Quicksearch
Navigation
Events
Trusted Ad
Blower Door Test
Luftdichtigkeitsmessung für Gebäude Raum Hamburg ab 160 € excl. MwSt
www.m-tectum.de
Luftdichtigkeitsmessung für Gebäude Raum Hamburg ab 160 € excl. MwSt
www.m-tectum.de
Kategorien
About this blog- Apple
- iPhone
- Aviation
- Bahn
- Begriffe des Lebens
- Blogosphere
- Braindump
- Business Travel
- CANBOX
- CeBIT
- CEC
- Computing
- del.icio.us
- Fundsache
- General
- i hate sundays
- Kochen
- Mindfuck
- Movies
- Music
- On Benchmarketing
- Persoenliches Pech
- Photographie
- policy of ...
- Privacy
- Recommended Blogs
- Security
- Solaris
- Strange Days
- Sun
- suncec2007
- suncec2008
- Technology
- The IT Business
- Toolbox
- Travel
- Work
Get rid of root - or: PSARC/2008/321
Wednesday, July 9. 2008
An interesting PSARC case got it´s approval: PSARC/2008/321 - No Root Login:
Besides of making root a role, this would be another way to get rid of a direct usable root account in Solaris. With this change you can use your own username and password to log into an "root shell" without knowing the root password ... there doesn´t even have to be a root password. You only need the authorization
(via ceri on twitter)
It has been suggested that Solaris should permit "root" to be a no login account.
[...]
Add a "solaris.system.maintenance" authorization. Modify sulogin(1M) toprompt for a username and password. If the username entered is authenticated by the password and has the "solaris.system.maintenance" authorization, enter system maintenance mode. If not, as before this project, deny access.
Besides of making root a role, this would be another way to get rid of a direct usable root account in Solaris. With this change you can use your own username and password to log into an "root shell" without knowing the root password ... there doesn´t even have to be a root password. You only need the authorization
solaris.system.maintenance in your user attributes.(via ceri on twitter)
Posted by Joerg Moellenkamp
in Solaris
at
22:06
| Comments (5)
| Trackbacks (0)
View as PDF: This entry | This month | Full blog
View as PDF: This entry | This month | Full blog
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
Das Leben ist gut!
Das Travelnet buchte mir zwei Nächte im http://de.wikipedia.org/wiki/The_Ritz-Carlton_Berlin
In der Minibar steht ein 2001 Robert Mondavi Cabernet Sauvignon,
Im http://kulturkaufhaus.shop-asp.de/shop/action/?aUrl=90008115 kaufte ich mir eben http://www.welt.de/kultur/article807474/Glamour_Bohme_Netrebko__Villazn_.html
DANKE an Microsoft und Apple für proprietäre Software! Es klingt traumhaft!
Und Jonathan delivers to his promise, JAVA war heute bei 10$
ALLES IST GUT!
Das Travelnet buchte mir zwei Nächte im http://de.wikipedia.org/wiki/The_Ritz-Carlton_Berlin
In der Minibar steht ein 2001 Robert Mondavi Cabernet Sauvignon,
Im http://kulturkaufhaus.shop-asp.de/shop/action/?aUrl=90008115 kaufte ich mir eben http://www.welt.de/kultur/article807474/Glamour_Bohme_Netrebko__Villazn_.html
DANKE an Microsoft und Apple für proprietäre Software! Es klingt traumhaft!
Und Jonathan delivers to his promise, JAVA war heute bei 10$
ALLES IST GUT!
well, this is mad... wtf? why why why?
i see no reason why this would be usefull.
this is ubuntu style bullshit.
i see no reason why this would be usefull.
this is ubuntu style bullshit.
Auditing. Instead of everything being done as root, it's done by individual users (who might have some, but not necessarily all the abilities of root). This means instead of trying to figure out 'who did X as root', it's very apparent who did what.
It's also completely optional, so if you don't like it, don't use it.
It's also completely optional, so if you don't like it, don't use it.
as long as it stays optional im fine with it.
in 2008.05 its not...
ofc i know the reasons, but i also dont need to forbid access to it, just dont give out the root acc...
in 2008.05 its not...
ofc i know the reasons, but i also dont need to forbid access to it, just dont give out the root acc...
This isn´t mad ... it´s an addional way to ensure that nobody can login into the system with an anonymous acicout like root. As Jason wrote: It´s an auditing thing and it´s about the fact that nobody has the root password.
Another example: An admin leaves your team and works for a different team. When this admin was aware of the root password of your system you now have to change the password to lock him out of the systems managed by your team. With this change, you just remove the solaris.system.maintenance authorisation as the user used his own password to to get root privileges before ...
Another example: An admin leaves your team and works for a different team. When this admin was aware of the root password of your system you now have to change the password to lock him out of the systems managed by your team. With this change, you just remove the solaris.system.maintenance authorisation as the user used his own password to to get root privileges before ...
The LKSF book
The book with the consolidated Less known Solaris Tutorials is available for download here
Web 2.0
Contact
Networking
open.bc
LinkedIn
Facebook
My photos
- mail: joerg@c0t0d0s0.org
- icq: 144000169
- Me, myself and I
- openBC
- My del.icio.us
- c0t0d0s0@twitter
- c0t0d0s0@last.fm
- wiki@c0t0d0s0
- Amazon Wishlist
Networking
open.bc
My photos
Syndication
Comments
about Hardware teaser: SPARC Enterprise T3120
Thu, 20.11.2008 20:21
Tenaja will be an interesting product that will be on the ma rket in a few months, just sta y tuned
Thu, 20.11.2008 20:21
Tenaja will be an interesting product that will be on the ma rket in a few months, just sta y tuned
about My thoughts about the future of Sun ...
Thu, 20.11.2008 18:13
Wahrscheinlich hat man bei den anstehenden Kosten auf Office 2007 mal darauf geguckt, ob d as wirklich so wichtig u [...]
Thu, 20.11.2008 18:13
Wahrscheinlich hat man bei den anstehenden Kosten auf Office 2007 mal darauf geguckt, ob d as wirklich so wichtig u [...]
about My thoughts about the future of Sun ...
Thu, 20.11.2008 16:23
Das letzte Mal wie OO "hipp" w ar, hieß es, dass es an den vi elen, vielen firmenspezifische n Excel Plugins scheiter [...]
Thu, 20.11.2008 16:23
Das letzte Mal wie OO "hipp" w ar, hieß es, dass es an den vi elen, vielen firmenspezifische n Excel Plugins scheiter [...]
about My thoughts about the future of Sun ...
Thu, 20.11.2008 13:18
Fishworks is the way to get (O pen-)Solaris into companies wh ere Solaris is not strategic ( e.g. also Windows-only s [...]
Thu, 20.11.2008 13:18
Fishworks is the way to get (O pen-)Solaris into companies wh ere Solaris is not strategic ( e.g. also Windows-only s [...]
Getaggte Artikel
AMD Apple avs Bahn Blogging Blogosphere braindump Business Travel CeBIT cec cec2006 CMT del.icio.us deutsch dtrace fliegen Fundsache General Hamburg IBM i hate sundays Intel iscsi jumpstart Links Linux lksf Mindfuck Movies Music Musik Niagara Opensolaris Opteron Photographie policy of ... Politik Security Solaris storage Sun suncec2007 sunw t1 The IT Business Ultrasparc ultrasparc t1 Wirtschaft Work ZFS
Blog Administration
Buttons
