Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] login as unix user

2006-01-26 08:46:10
Subject: [Veritas-bu] login as unix user
From: jlightner AT water DOT com (Jeff Lightner)
Date: Thu, 26 Jan 2006 08:46:10 -0500 
Sudo is a great idea for using utilities but any Unix Admin worth
his/her salt isn't going to give you a root shell via sudo - it defeats
the whole point of not giving out the root account in the first place.
The audit objections to having root is not the specific account but the
total power over the system it confers and giving you a root shell via
sudo would allow that same power.  Sudo should be used only to give you
access to specific commands.

If auditors at your company missed this then you lucked out but should
probably suggest to your management that they hire a new auditing
company next time because only God knows what else they missed.   At a
prior job I did give access to multiple accounts via sudo but you can be
sure none of them were root level.

The comment about /tmp throws me though.  /tmp should be viewable by
everyone - you shouldn't need root access.

-----Original Message-----
From: veritas-bu-admin AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On Behalf Of Ed Wilts
Sent: Thursday, January 26, 2006 7:35 AM
To: Yoseph Leleputra
Cc: Brzozowski, Dwayne; veritas-bu AT mailman.eng.auburn DOT edu
Subject: Re: [Veritas-bu] login as unix user

On Thu, Jan 26, 2006 at 12:18:10AM -0800, Yoseph Leleputra wrote:
>   Now i  got another problem. Causing by installing Master server is
>   not at dedicated server, and there is another aplication so i can't
>   got a root password.  So when i need start /Stop Netbackup or
>   running script from veritas like print available media i must wait
>   the my manager come.  Is there a way to upgrade my user authority to
>   running netbackup utility like root can do ??

Ask your system administrators to look into sudo.  They can configure
sudo so that you can run all the NetBackup commands you need.  They can
also give you root shell access without knowing the root password (I
never sign on as root on my master server but use sudo every day).

Your system administrators also need to know that a NetBackup
administrator has full read/write access to *every* file on *every*
system that's under NetBackup's control.  There's nothing they can do to
stop that.

-- 
Ed Wilts, Mounds View, MN, USA
mailto:ewilts AT ewilts DOT org
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] login as unix user, Ed Wilts
Next by Date:  [Veritas-bu] login as unix user, Ed Wilts
Previous by Thread:  [Veritas-bu] login as unix user, Ed Wilts
Next by Thread:  [Veritas-bu] login as unix user, Ed Wilts
Indexes:  [Date] [Thread] [Top] [All Lists]