What??????????????????? 1) 'Wheel' is a bsd term/group. He is talking about Solaris. No wheels here. You pretty much repeated what he asked, which was to add them to the root group.
2) From a security point of view: (better to worse) RBAC type of setup Sudu type of program Acl's (used with suid and sgid's) Sticky bit on the group Sticky bit on the owner Adding someone to the root group Reasons - RBAC and Sudu's can get you better control and logging. Also limit what someone can or can not do. You must configure. Acl's - again, you configure and know what you gave access to. Sticky bits can be a nightmare for tracking down problems. Log files...ect would have root as the group/owner. You also need to get every file. (would be really bad if you sticky bit a directory :) ) I don't mean every file on the system, but all files need to correctly admin the system. You also should use with ACL's to make sure you not opening your system security to all users) Adding them to the group - will not give them all the files. If I remember correctly, a lot of the files do not have root as the group owner. (some have sys, bin, lp ...ect) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Freeman, Michael Sent: Monday, September 18, 2006 1:23 PM To: dubaisans dubai; [email protected] Subject: RE: root group in solaris Typically you would add someone to the 'wheel' user group on a UNIX system if you want them to have those privileges. You must make sure that the tools you want users to have access to are also members of the 'wheel' group (chgrp), if it is not already setup that way by default. http://en.wikipedia.org/wiki/Unix_security http://www.onlamp.com/pub/a/bsd/2000/09/13/FreeBSD_Basics.html -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of dubaisans dubai Sent: Monday, September 18, 2006 7:50 AM To: [email protected] Subject: root group in solaris Hi, I would like to give root user privileges to a set of OS administrators. Everyone has individual user-ids on the system. Currently they login with their personal ID and then SU to root. I donot want to share root password with these many people. I am thinking of adding all these users to the "root" group[GID 0]. Will it provide root-equivalent UID O access to these users. If not why ? Does the "root" group not have root user-id equivalent privileges? Is it possible manually to make the GID 0 privileges equivalant of UID O? How else can I give these individual users root privileges - make all of them UID 0 or something.? Is that a smart idea? I am looking at something simpler than SUDO or RBAC ----------------------------------------- This e-mail message is private and may contain confidential or privileged information.
