Hi, Thank you for all the replies. I have concluded as
Stick to sudo or RBAC. The root group is nothing special. Making UID O for multiple user accounts is not recommended. Using Least privileges on Solaris 10 will make things even better. Thank you for your time. On 9/19/06, John Dewey <[EMAIL PROTECTED]> wrote:
On Mon, Sep 18, 2006 at 08:07:03PM +0200, [EMAIL PROTECTED] wrote: > > >I would like to give root user privileges to a set of OS > >administrators. Everyone has individual user-ids on the system. > >Currently they login with their personal ID and then SU to root. I > >donot want to share root password with these many people. > > > >I am thinking of adding all these users to the "root" group[GID 0]. > >Will it provide root-equivalent UID O access to these users. If not > >why ? Does the "root" group not have root user-id equivalent > >privileges? > > > >Is it possible manually to make the GID 0 privileges equivalant of UID O? > > No; you could have easily tested this but it has no effect at all. > > >How else can I give these individual users root privileges - make all > >of them UID 0 or something.? Is that a smart idea? > > > >I am looking at something simpler than SUDO or RBAC > > Even simpler? > > I would still strongly suggest RBAC or sudo as both all your system > administrators to execute programs with appropriate privileges when > needed. Giving them "root privileges all the time" is a bad idea; > it means that they can no longer safely use their user accounts > for email, web browsing or anything else. > There is also process rights management (least privilege) in Solaris 10. http://blogs.sun.com/DirectoryManager/entry/forget_your_roots John
