I understand the security implications - and I can believe that there may be better approaches. I am just not sure what they would be which do not involve a lot of setup and management overhead. It is what we have in place so I have to work with it.
This is for our development team only on a development platform. This is not done on the LIVE box. Programmers sometimes need root privileges for certain tasks. Setting passwords for test users etc. This is why we allow this level of access for a small number of identified users only by modifying the user login profile. John Rodgers MasterPack Project Team Masonite International Tel: (813) 2612396 ext 3036 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tom Whitmore Sent: Friday, April 02, 2010 8:45 AM To: U2 Users List Subject: Re: [U2] sudo for dummies Can you explain what you are trying to do? you are creating a huge security hole with sudo because once the user is logged into UniVerse as root they can shell out, as root, and do whatever they would like to as root. If you want to have a user that can perform UniVerse admin role, check out the uniadmin user. I also believe U2 is making this more functional. Tom RATEX Business Solutions. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of John Rodgers Sent: Friday, April 02, 2010 8:08 AM To: U2 Users List Subject: [U2] sudo for dummies I have a problem with a developer login where we want to provide 'root' privileges on our DEV box. HP-UX B.11.11 U 9000/800 (tl) UniVerse 9.6 in Pick flavor This is done by changing the login profile to run something this: exec /usr/local.bin/sudo /usr/opt/uv/bin/uv This gives us 'root' access in UniVerse. For one user this is not working but I cannot spot any difference in his setup from anyone else's. The exec sudo (above) is changing the user id to root. For our other users the @LOGNAME in UniVerse does not change. Our login process relies on the @LOGNAME to perform some other checks which are now failing for this user. Can anyone explain why the user.id would be changed by 'sudo'. Is there some setting or switch for sudo where this is controlled? Alternatively, is there a UniVerse option where the User Name might be somehow reset? (really clutching at straws here.) Cheers JR _______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users _______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users _______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users
