Re: [caiman-discuss] Draft design for unconfiguration of user/root account

Thu, 17 Mar 2011 12:39:12 -0700 

On 03/17/11 10:45, Jan Damborsky wrote:

Hi Martin,

thank you very much for looking into this,
please see my response in line.

Jan


On 03/17/11 05:25 PM, Martin Widjaja wrote:

Hi Jan,

Looks good! I have 2 questions:


6.2 root account
----------------
For root account, smf unconfigure method will

* remove password hash from shadow(4) file
(replace it with empty string)

What is the effect of this. Would this allow root to not login at all,
or would it let root login without passwd?


Both, depending on which milestone you are booted in -
please see my response to Randall.



Both are bad I guess, unless the system knows to reset the passwd or
re-prompt the passwd securely (console?).


The intent here is to bring the system into pristine state e.g.
for purposes of removing credentials in case the system is shipped
in form of pre-installed image.
In most cases, 'unconfigured' state will be an transition phase -
e.g. when cloned zone is being reconfigured or when pre-install image
is constructed.
In those cases it is assumed that configuration step is to be carried
out before the system is finally deployed. For instance configuration
could be finalized by means of SCI tool during subsequent boot
of such system.





* change root to normal account if it was configured
asa role.

Does this mean that all the user accounts' root role would also be
removed?



No, other than initial user account will remain untouched.
I have tried and changing root to normal account via 'rolemod -K
type=normal root'
does not have an effect of removing root role from other accounts,
but those other accounts would be no longer able to assume root role.


        Once root is not a role, anyone who knows the root password
        can su to root.


If so, it might be good to log this clearly since this might affect
some users who have cron jobs, etc. using the role.


        I don't follow.  If an account root or foo is a role,
        only users granted that role (usermod -K role=) can
        assume it (su or su foo); the role cannot be directly
        logged into.  If an account is not a role, it can be
        directly logged into or secondarially assumed with su
        by knowlege of the account name and authentication information
        (usually just the password)
        I don't understand the cron jobs, etc. using the role.
        What have I missed?

Gary..
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss

Reply via email to