Root access to NON-administrators

[ttutor]

I am being asked, as an IT professional (Unix OS - SUN and RS/6000), to allow multiple personnel in another department to the ability to run full root commands in order to fulfill their jobs as storage administrators (EMC). I am looking for some help in identifying the impacts and security vulnerabilities of allowing this to happen.

Any input would be appreciated.

 

[nwardez]

Hi,

You may have a look at "sudo" at

http://www.courtesan.com/sudo/sudo.html.

Aix version is available at

http://www.bullfreeware.com/.

Also do a search in tek-tips, several threads have been posted on that subject (thread60-8989 for example).

 

[Boria]

Hi Ttumor,
AIX user can have some 'roles' including backup/restore.
Regards Boris

 

[tiger6k]

Hi Ttumor!
which version of your AIX?
In version 5 you can do more roles.
If you use version before 5 it has the methode but it's more complex and more security problem.
Good luck

 

[Yegolev]

our storage team has root passwd, so "vulnerability" is a relative term. i'd rather give them root than have to help them all the time, as i do with the oracle dba's and SAP admins. the EMC tools and other lvm stuff they do require a lot of root access and there are only four of them, and all are UNIX admins anyway. besides if someone screws up we all know who did it anyway. =) IBM Certified -- AIX 4.3 Obfuscation

 

[icehawk55]

We use sudo for almost everything. It works well and allows for the logging of all activity as root. Giving out the root password to multiple folks removes a lot of the ability to back trace to who did what. In fact we have incorporated sudo with the secure ID cards. This adds a whole extra level of security to the sudo command.

 

[tek1tips]

Hi Tiger6k,

What's the way in Version 5?

Thanks.