SUMMARY: root account

From: Ivo Ramos (ramosivo@hotmail.com)
Date: Mon Oct 09 2000 - 08:07:17 CDT


Thank you all for your valuable answers…

And the winner is sudo ! 28 out of 43 answers say this utility might
resolve most of my problems. However Joe Fletcher did make the point:
freeware and the like are forbidden (so far) in this Enterprise. We are
trying to overcome this new problem…

A few other products were also mentioned: Power Broker, PitBull, Virtual
Vault (HP), Axent, etc. I still have to check them.

As for other UID=0 do forget this option! If at all necessary, call your
attorney ! (jford@tusc.net has the proper approach…;-)) tks…

Solaris 8 and RBAC (role based access control) will probably be the answer
if implemented as described in the Trusted Solaris documentation. However we
are still on Solaris 6 due to a restriction imposed by IAS or CASP (I'm not
sure which one...; have to check with Sun).

Ivo

>Highlights:
>
>Customer: very large financial institution
> first time Solaris users
> special Web server
>Platform: E10K Solaris 6 & 7
>Environment: “hostile” IBM mainframe & NT networking
>Objective: throw the root password in a safe and still proceed
> with every administrative functions…
>who am I: third party (outsource) consultant
>----------------------------------------------------------------------
>
>Gentlemen,
>
>In the last 90 days it seems I’ve exhausted all alternatives and arguments
>to comply with my customer’s objective…
>
>Since they used mainframe for the past decades the root power found in
>every Unix system is unacceptable to them reason why I’ve tried all >my
>knowledge to reduce this power. What would you suggest?
>
>Somebody “invented” a very weird possibility: create two or three
>different
>accounts, with the same UID=0 (security now is doubled or tripled….). What
>are your comments on this?
>
>I’ve also considered using the Tru$ted Solaris, which I know nothing about…
>If any of you has experience with this product, do you believe it would
>satisfy my customer?
>
>Tks for your attention..
>
>Ivo Ramos
>Rio de Janeiro, Brasil
>

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.

S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@sunmanagers.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:19 CDT