Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to create root equivalent account on solaris 10 ?
- Thread starter bolobaboo
- Start date
The best thing to do is set up sudo. You can control who has access. If you allow an account to "[tt]sudo ksh[/tt]", then they effectively become [tt]root[/tt].
Another way is to create a normal user account, but then give it the userid 0 (zero). This is a less secure, and harder to track/audit way of doing it, but it does give you another "root" account. It's the uid of zero that gives the account the power, not the name "root".
Just make sure that entry is AFTER the normal "root" entry, or all your root owned files will look like they are owned by "bolobaboo_root".
Another way is to create a normal user account, but then give it the userid 0 (zero). This is a less secure, and harder to track/audit way of doing it, but it does give you another "root" account. It's the uid of zero that gives the account the power, not the name "root".
Code:
bolobaboo_root:x:0:0:Bolobaboo as root:/root:/sbin/sh
KenCunningham
Technical User
Agree with Sam, but you should really look at your security policy if too many people have access to the 'proper' root account. At the end of the day, if you're responsible for the security and integrity of the system, it's your head on the block if someone does something catastrophic, whether maliciously or accidentally.
Some days are diamonds, some days are rocks - make sure most are the former.
Some days are diamonds, some days are rocks - make sure most are the former.
- Thread starter
- #4
Hi
Sambones
My passwd file looks like below and i want make dsmadm account eqvivalent to root. Would you give me direction ?
What things i should become root once i logged in as dsmadm ?
THX
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90
ostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
anil:x:100:1:This user accound used for NBU testing for anil:/usr/anil/:/bin/ksh
dsmadm:x:101:1:This user accound used for NBU :/export/home/dsmadm/:/bin/ksh
Sambones
My passwd file looks like below and i want make dsmadm account eqvivalent to root. Would you give me direction ?
What things i should become root once i logged in as dsmadm ?
THX
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90
ostgreSQL Reserved UID:/:/usr/bin/pfkshsvctag:x:95:12:Service Tag UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
anil:x:100:1:This user accound used for NBU testing for anil:/usr/anil/:/bin/ksh
dsmadm:x:101:1:This user accound used for NBU :/export/home/dsmadm/:/bin/ksh
I agree with Ken, you need to keep an eye on accountability and auditability. And limit how many people might have root access. If this one account is shared, you are putting the system and your job at risk.
But, to make it an alternate root account, edit your passwd file and make the line for "dsmadm" look like...
Then do the following...
The "chmod 700" is important because this account is now an alternate "root" account. This will keep anyone from putting harmful scripts where you might run them unintentionally. You also need to secure this account as you would a normal "root" account (i.e. safe PATH, etc).
But, to make it an alternate root account, edit your passwd file and make the line for "dsmadm" look like...
Code:
dsmadm:x:[b]0:0[/b]:This user accound used for NBU :/export/home/dsmadm:/bin/kshThen do the following...
Code:
chown 0:0 /export/home/dsmadm
chown -R 0:0 /export/home/dsmadm/*
chmod 700 /export/home/dsmadmThe "chmod 700" is important because this account is now an alternate "root" account. This will keep anyone from putting harmful scripts where you might run them unintentionally. You also need to secure this account as you would a normal "root" account (i.e. safe PATH, etc).
- Thread starter
- #6
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
