Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Problem with second user with uid 0?
  • From: Frank Steiner <fsteiner-mail@xxxxxxxxxxxxxx>
  • Date: Thu, 10 Mar 2005 22:56:52 +0100
  • Message-id: <4230C2A4.7080302@xxxxxxxxxxxxxx>
Hi Martin,

Wilde, Martin wrote

Hi Frank,

if your rootid user is managed on a per host basis I would not expect
*technical* security traps. During logon the passwd file is checked, if
there is a user named "rootid", then the crypted password is taken from the
shadow file and if there is a match then the userid 0 (or any other id from
the passwd file) is set. AFAIK: after login all programs just test the
userid (0) to find out if you have root permissions. So everything should be
fine except all commands that do an id-to-username translation (like id(1)
e. g.).

right, so that's what I would expect. Actually, having "id" or "who am i"
return "root" for the user rootid, is a good thing, so that even programs
comparing e.g. `uid -un` to "root" won't fail to grant access...


other problems: As you are talking about "normal" users: I do not know if
they *really* know what to do. So you usually need someone "trusted" that is
aware of what is meant by "having root permissions" - e. g. what happens
when he types "rm -rf .*" in some user directory.

Sure! There are trusted users, and only they know where to find the
envelopes with the root passwords. So far, they would get the real
root password, in future the will get the one for "rootid", for just
the one simple reason that I don't have to change my root passwords
that took me some time to learn ;-)

In case you are using NIS: Be aware that those users will have root
permissions on *all* systems.

Yes, we use /etc/passwd files and have different classes of hosts
with different passwd files and root passwords, so that should work
fine!


Also keep in mind that this user has access to *all* files including
documents from your genaral manager or the human ressources people!

Right, but that's ok. We are a chair at the university with 10 members,
and we really (have to) trust our research assistants. They have physical
access to their PCs and to the server room, so if we don't trust them
in a certain sense, we can't work at all. In general, they don't have
the root password, and if they need it during my holidays, I will be
notified and tell the boss who took it and let him/her report what
he/she did, and then change the root password again. If they want to
steal some data or install a trap door, they would find other ways
anyway (physical access to the server hosts...).

Be also sure, that the password for the rootid user is as strong as yours
should be!

I will do so :-)
Thanks!
cu,
Frank

--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: -4054
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *


< Previous Next >
References