Hi,
Thank you for all the replies. I have concluded as
Stick to sudo or RBAC. The root group is nothing special. Making UID O
for multiple user accounts is not recommended. Using Least privileges
on Solaris 10 will make things even better.
Thank you for your time.
On 9/19/06, John Dewey <
jdewey2@...> wrote:
> On Mon, Sep 18, 2006 at 08:07:03PM +0200,
Casper.Dik@... wrote:
> >
> > >I would like to give root user privileges to a set of OS
> > >administrators. Everyone has individual user-ids on the system.
> > >Currently they login with their personal ID and then SU to root. I
> > >donot want to share root password with these many people.
> > >
> > >I am thinking of adding all these users to the "root" group[GID 0].
> > >Will it provide root-equivalent UID O access to these users. If not
> > >why ? Does the "root" group not have root user-id equivalent
> > >privileges?
> >
> >
> > >Is it possible manually to make the GID 0 privileges equivalant of UID O?
> >
> > No; you could have easily tested this but it has no effect at all.
> >
> > >How else can I give these individual users root privileges - make all
> > >of them UID 0 or something.? Is that a smart idea?
> > >
> > >I am looking at something simpler than SUDO or RBAC
> >
> > Even simpler?
> >
> > I would still strongly suggest RBAC or sudo as both all your system
> > administrators to execute programs with appropriate privileges when
> > needed. Giving them "root privileges all the time" is a bad idea;
> > it means that they can no longer safely use their user accounts
> > for email, web browsing or anything else.
> >
>
> There is also process rights management (least privilege) in Solaris 10.
>
http://blogs.sun.com/DirectoryManager/entry/forget_your_roots>
> John
>
