« SCSA10-1 Objective 4.2 - Monitor Solaris system access using appropriate commands
SCSA10-1 Objective 4.4 - Solaris security, restricting ftp access, SSH fundamentals »

SCSA10-1 Objective 4.3 - Solaris security switching users, becoming root, monitoring su attempts

The need for switching users goes beyond multiple personality disorders. The proper use of the root account prevents logging into a system as root. Instead, a non-privileged user account should be used for logins, then the user can switch to root.

Perform system security by switching users on a system, and by becoming root and monitoring su attempts.

Many dangers can arise from logging into a system as root, particularly through a GUI interface. Non-root users have limited access to the system. Root can do anything to the system, whether intentional or not.

The most important thing to remember about using the su command (switch user) is the hyphen option. The two options for switching user from the current login to some other user (bob, for example) are: su bob and su - bob The first example becomes bob but keeps the shell environment as it was for the current login. The second example (with the hyphen) causes the shell to load bob’s initialization files as though bob logged into the system. An example of the importance of the hyphen is when suing to the user oracle on a system running an Oracle database. The oracle user’s initialization files contain a number of essential environment variables without which access to Oracle tools will fail.

Becoming root on a system is typically achieved by running su - and providing root’s password when prompted. The su command will always prompt for a password unless it is run as root. The root user can do anything, including becoming any other user.

Because of the nature of the su command, all su attempts are logged whether they are successful or not. The file /var/adm/sulog is a text file logging su attempts, one per line. Each line shows the date and time of the attempt, a + for success or a - for failure, and the user switched from and to.

Actually, role based access control (RBAC) provides a better mechanism for providing fine-grained access control to a Solaris system. Given the explicit wording of this objective, knowledge of RBAC is not required for the SCSA exam.

This entry was posted on Wednesday, January 18th, 2006 at 10:24 pm and is filed under SCSA I Solaris 10. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.