TITANIC mistake by new sys admin! Please help!!!!
Donald H. Locker
Steve Simmons <s...@lokkur.dexter.mi.us> wrote:
>l...@panix.com (Larry Nathanson) writes:
>
>>I've just read this bit about not setting a user's uid to 0, and I'm
>>feeling a little sick now... :-/ Basically, did just this- under IRIX
>>on an iris, I edited an /etc/passwd line to make a user's uid 0.
>
...
>
>Giving root id to a user is 100% wrong. If they need superuser capability
>for some operations, I strongly recommend the "op" utility. Sorry, don't
Agreed. Also, when operating as root, the user (operator, sysadmin,
whoever) should be VERY AWARE of his/her uid and the power and
potential that lies in uid. I only do things as root if that is the
ONLY way to get it done. There are many other ways that do not entail
taking such risks.
>This post brought to you from glorious Dexter, Michigan, just eight scenic
>miles from Hell.
and 12 from Chelsea, which is not nearly far enough :)
--
Donald. | My grandfather's neighbours used to use
Opinions? sure they're mine. | the expression "dumb as a horse" until he
Who else would claim 'em? | pointed out to them that stumps were dumber.
Drew Eckhardt
>In article <JOSHUA.93O...@bailey.cpac.washington.edu>, jos...@cpac.washington.edu (Joshua Geller) writes:
>|>
>|> if you need a menu driven interface to do system administration you
>|> probably shouldn't be doing system administration.
>|>
>
>What about SMIT on AIX ?
>
>Personaly, I don't fancy manipulating the ODM by hand, do you ?
The posting was made to various comp.sys.hp groups and
comp.unix.admin - the later implying a standard Unix system with
standard ASCII config files and the former implying HPUX which
uses a standard configuration system.
In this regard, AIX Ain't Unix by any stretch of the imagination.
Erland Sommarskog
>Bill Hassell (b...@atl.hp.com) writes:
>|> One of the most serious mistakes that a novice administrator can make is to
>|> give *anyone* besides root a user ID of 0.
>!>
>I disagree with this. It is often useful to have another id with a uid of
>0. I think the only serious mistake made by the novice administrator was
>to trust Sam.
I'm a bit surprised that no one in this thread seems to have mentioned
sudo. Sudo is a great tool that takes a command line and executes it
as root, if you are listed in /usr/local/lib/sudoers with permission
for "all" or the command in question. The initial problem of the original
poster seemed to be that he was changing forth and back between root and
his normal id. With sudo this is not a problem.
Sudo is a public-domain program. Exactly where you can get hold of it,
I don't know; one of my colleagues introduced me to it, and I wouldn't
be without it on any machine where I'm supposed to execute a single
command as root.
--
Erland Sommarskog - som...@enea.se
I only express my own opinions. Others have to express theirs themselves.
Timothy Mooney
)Matt Donath (don...@math.uiowa.edu) writes:
)>Bill Hassell (b...@atl.hp.com) writes:
)>|> One of the most serious mistakes that a novice administrator can make is to
)>|> give *anyone* besides root a user ID of 0.
)>!>
)>I disagree with this. It is often useful to have another id with a uid of
)>0. I think the only serious mistake made by the novice administrator was
)>to trust Sam.
The chance for some horrible screw up is pretty high if you do this. If
someone needs to be root, then they should have root's password, not its
uid. With enough groups and proper permissions on certain directories and
files, the number of people that need root password can be kept at a minimum.
Why bother with two accounts with root's privs?
BTW, giving someone besides root uid 0 is recognized as a Really Bad Idea (TM)
in all of the books and literature I've seen.
)I'm a bit surprised that no one in this thread seems to have mentioned
)sudo. Sudo is a great tool that takes a command line and executes it
)as root, if you are listed in /usr/local/lib/sudoers with permission
)for "all" or the command in question. The initial problem of the original
)poster seemed to be that he was changing forth and back between root and
)his normal id. With sudo this is not a problem.
)
)Sudo is a public-domain program. Exactly where you can get hold of it,
)I don't know; one of my colleagues introduced me to it, and I wouldn't
)be without it on any machine where I'm supposed to execute a single
)command as root.
Sudo can be found on ftp.uu.net in published/books/sa-book.tar.Z. Its
advantages and disadvantages are talked about in the yellow book. That's
also where the archive comes from. Sudo itself was written by Cliff
Spencer.
Tim
--
Timothy Mooney aka Tim the Enchanter, MPtQftHG
moo...@plains.nodak.edu ------------------------------------------
.!uunet!plains!daphne!mooney +"...only a fat marmot lives to see the
moo...@beavis.cc.ndsu.nodak.edu + spring." -Marty Stouffer
-------------------------------------------------------------------------------
Yunqiang Zhu
I found a used Anritsu 8-mm tape drive. I tried to attach it to my
SPARC-2. I want to make its SCSI ID 5. Since there is no manual,
I do not know how to set its dip switch to make its ID 5.
Any body who knows how to do it or simply has any info about
Anritsu company, please give me some help.
Any helpful info will be fully appreciated, please reply to my
e-mail acount. Thanks.
--
Yunqiang Zhu
------------------------------------------------------------------------------
Why be normal? Phone:(713)745-0558 E-mail: z...@spec.mda.uth.tmc.edu
------------------------------------------------------------------------------
David Orr
|> In article <1993Nov6.2...@enea.se> som...@enea.se (Erland Sommarskog) writes:
|> )Matt Donath (don...@math.uiowa.edu) writes:
|> )>Bill Hassell (b...@atl.hp.com) writes:
|> )>|> One of the most serious mistakes that a novice administrator can make is to
|> )>|> give *anyone* besides root a user ID of 0.
|> )>!>
|> )>I disagree with this. It is often useful to have another id with a uid of
|> )>0. I think the only serious mistake made by the novice administrator was
|> )>to trust Sam.
|>
|> The chance for some horrible screw up is pretty high if you do this. If
|> someone needs to be root, then they should have root's password, not its
|> uid. With enough groups and proper permissions on certain directories and
|> files, the number of people that need root password can be kept at a minimum.
|> Why bother with two accounts with root's privs?
|>
|> BTW, giving someone besides root uid 0 is recognized as a Really Bad Idea (TM)
|> in all of the books and literature I've seen.
|>
|>
We do this at our company because all of our systems have the same root
password. Some prople (our distribution group) need root access to create
released copies of our software. We give them an account with UID 0 on their
systems so they can do their work. If we gave them the root password then they
could get into any of our other systems as root.
-- David Orr
davi...@sdrc.com
Bill Vermillion
>In article <1993Nov6.2...@enea.se> som...@enea.se (Erland Sommarskog) writes:
>)Matt Donath (don...@math.uiowa.edu) writes:
>)>Bill Hassell (b...@atl.hp.com) writes:
>)>|> One of the most serious mistakes that a novice administrator can make is to
>)>|> give *anyone* besides root a user ID of 0.
>)>I disagree with this. It is often useful to have another id with a uid of
>)>0. I think the only serious mistake made by the novice administrator was
>)>to trust Sam.
>The chance for some horrible screw up is pretty high if you do this. If
>someone needs to be root, then they should have root's password, not its
>uid. With enough groups and proper permissions on certain directories and
>files, the number of people that need root password can be kept at a minimum.
>Why bother with two accounts with root's privs?
I have some small business systems that I have one login running with
the root ID.
The login is called poweroff, and it immediately starts a shutdown.
Quite handy when a quick summer thunderstorm comes crashing down around
your head and anyone can shut it down before mother nature kills the
machine.
That's the only time I've done that.
--
Bill Vermillion - bi...@bilver.uucp OR bi...@bilver.oau.org
Dan Pop
>I have some small business systems that I have one login running with
>the root ID.
>
>The login is called poweroff, and it immediately starts a shutdown.
>Quite handy when a quick summer thunderstorm comes crashing down around
>your head and anyone can shut it down before mother nature kills the
>machine.
>
It looks like a good idea. But the login "shell", before invoking
/etc/shutdown should check that user "poweroff" is logging in from the
system console, otherwise anybody could shut down system from anywhere.
It is important to allow free access to shutdown only to persons who have
free access to the power switch anyway.
Good ol' Domain/OS doesn't need such a trick, because anybody can type
"shut" at the Display Manager prompt, even without logging in.
Dan
--
Dan Pop
CERN, L3 Experiment
Email: dan...@cernapo.cern.ch
Mail: CERN - PPE, Bat. 21 1-023, CH-1211 Geneve 23, Switzerland
System Admin (Mike Peterson)
>Good ol' Domain/OS doesn't need such a trick, because anybody can type
>"shut" at the Display Manager prompt, even without logging in.
Not if you have a file /sys/node_data/etc/dm_display/shut_lock -
only people with 'rw' (or just 'w'?) rights can shut the system,
so they have have login first too.
--
When the chips are down, switch to pretzels. | Mike Peterson, SysAdmin
| U/Toronto Chemistry
E-mail: sys...@alchemy.chem.utoronto.ca Tel: (416)978-7094 Fax: (416)978-8775
Steve Simmons
>In <1993Nov11.1...@bilver.oau.org> bi...@bilver.oau.org (Bill Vermillion) writes:
>>I have some small business systems that I have one login running with
>>the root ID.
>>
>>The login is called poweroff, and it immediately starts a shutdown.
>>Quite handy when a quick summer thunderstorm comes crashing down around
>>your head and anyone can shut it down before mother nature kills the
>>machine.
>>
>It looks like a good idea. But the login "shell", before invoking
>/etc/shutdown should check that user "poweroff" is logging in from the
>system console, otherwise anybody could shut down system from anywhere.
>It is important to allow free access to shutdown only to persons who have
>free access to the power switch anyway.
And for those who lack such a utility, here you go.
#! /bin/sh
# This is a shell archive. Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of shell archive."
# Contents: Makefile shutdown.sh.8 shutdown.sh.c
# Wrapped by s...@lokkur.dexter.mi.us on Fri Nov 12 22:02:05 1993
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f 'Makefile' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Makefile'\"
else
echo shar: Extracting \"'Makefile'\" \(1771 characters\)
sed "s/^X//" >'Makefile' <<'END_OF_FILE'
X# Makefile for the shutdown shell.
X#
X# This code and manual page are Copyright 1993 by Steven C. Simmons.
X# You may reuse it freely in any way you wish provided that this copyright
X# section is preserved and that any changes you make are clearly marked as
X# such.
X#
X# Do good for the world.
X# If you make changes or improvements to this program, publish them
X# so that others may share the benefit of your work as I share it with you.
X#
X# $Source: /home/lokkur/scs/src/is-utils/shutdown/RCS/Makefile,v $
X#
X# $Revision: 0.2 $ $Author: scs $ $Date: 1993/08/22 00:34:10 $
X#
X# $State: Exp $ $Locker: $
X#
X# $Log: Makefile,v $
X# Revision 0.2 1993/08/22 00:34:10 scs
X# Moved to a more general group.
X#
X
X# Fill in with what is being made
XTARGET = shutdown.sh
X
X# Default places and ownerships
XMANSEC = 8
XMAN = /usr/local/man/man$(MANSEC)
XBIN = /etc
XLIB = /usr/local/lib
XOWNER = root
XGROUP = bin
XMODE = 100
X
XCC = gcc
XDEFS = -I./
XDEBUG = -O
XCFLAGS = $(DEBUG) $(DEFS)
XSRCS = shutdown.sh.c
XOBJS = shutdown.sh.o
XCLUDES =
XLIBS =
X
X$(TARGET): $(OBJS)
X $(CC) $(CFLAGS) -o $(TARGET) $(OBJS) $(LIBS)
X
X$(OBJS): $(CLUDES)
X
Xall: $(TARGET).man lint tags $(TARGET)
X
X$(TARGET).man: $(TARGET).$(MANSEC)
X nroff -man $(TARGET).$(MANSEC) > $(TARGET).man
X
XManifest: $(SRCS) Makefile
X touch Manifest
X ls -ls $(SRCS) Makefile > Manifest
X
Xclean:
X rm -f $(OBJS) core lint tags TAGS $(TARGET).man *~ #*#
X
Xclobber: clean
X rm -f $(TARGET) Make.Log
X
Xlint: $(SRCS)
X lint -D lint $(DEFS) $(SRCS) > lint
X
Xtags: $(SRCS)
X ctags $(SRCS)
X
XTAGS: $(SRCS) $(CLUDES)
X etags $(SRCS) $(CLUDES)
X
Xinstall.man: $(TARGET).$(MANSEC)
X install -m 444 -o $(OWNER) -g $(GROUP) -c $(TARGET).$(MANSEC) $(MAN)
X
Xinstall: $(TARGET)
X install -m $(MODE) -o $(OWNER) -g $(GROUP) -s -c $(TARGET) $(BIN)
X
Xinstall.all: install install.man
END_OF_FILE
if test 1771 -ne `wc -c <'Makefile'`; then
echo shar: \"'Makefile'\" unpacked with wrong size!
fi
# end of 'Makefile'
fi
if test -f 'shutdown.sh.8' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'shutdown.sh.8'\"
else
echo shar: Extracting \"'shutdown.sh.8'\" \(2398 characters\)
sed "s/^X//" >'shutdown.sh.8' <<'END_OF_FILE'
X.\" This file is under RCS control. Do not edit it directly, check a copy
X.\" out using RCS. See the `Source' line to find the archive file.
X.\"
X.\" Sysadm (8) Manual page for shutdown.sh.8
X.\"
X.\" This code and manual page are Copyright 1993 by Steven C. Simmons.
X.\" You may reuse it freely in any way you wish provided that this copyright
X.\" section is preserved and that any changes you make are clearly marked as
X.\" such.
X.\"
X.\" Do good for the world.
X.\" If you make changes or improvements to this program, publish them
X.\" so that others may share the benefit of your work as I share it with you.
X.\"
X.\" $Source: /home/lokkur/scs/src/is-utils/shutdown/RCS/shutdown.sh.8,v $
X.\"
X.\" $Revision: 0.0 $ $Author: scs $ $Date: 1993/08/22 00:32:00 $
X.\"
X.\" $State: Exp $ $Locker: $
X.\"
X.\" $Log: shutdown.sh.8,v $
X# Revision 0.0 1993/08/22 00:32:00 scs
X# Initial revision.
X#
X.TH SHUTDOWN.SH 8 "April 8, 1992" "Inland Sea Utility"
X.SH NAME
Xshutdown.sh \- a login shell to do shutdowns
X.SH SYNOPSIS
X\fBShutdown.sh\fR is a shell exclusively for the purpose of shutting
Xdown a system.
XIt has various safeguards to prevent misuse.
X.SH DESCRIPTION
X\fBShutdown.sh\fR is not a command which users would give.
XIt should be made the shell of a privileged account,
Xfor example,
X.PP
Xshutdown::0:1:System Shutdown:/tmp:/etc/shutdown.sh
X.PP
XTo shut the system down, the user logs in as "shutdown".
XIf the shutdown UID is zero, the login is interactive,
Xand the user logs in on the console,
Xthe system is shut down immediately.
X.pp
XBy checking for the UID, interactive login, and console,
Xwe do a fairly decent (though not perfect) job of preventing
Xusers from shutting down another persons system remotely.
XHowever, remember that any account without a password is a potential
Xsecurity hole.
X\fBYOU USE THIS SOFTWARE AT YOUR OWN RISK.\fR
X.SH FILES
X/etc/shutdown.sh
X.br
X/etc/passwd
X.SH BUGS
XNone known.
XPlease report them to the author below.
X.SH AUTHOR
XSteve Simmons,
Xs...@lokkur.dexter.mi.us
X.SH "COPYRIGHT STATUS"
XThis code and manual page are Copyright 1993 by Steven C. Simmons.
XYou may reuse it freely in any way you wish provided that this copyright
Xsection is preserved and that any changes you make are clearly marked as
Xsuch.
X.PP
XDo good for the world.
XIf you make changes or improvements to this program, publish them
Xso that others may share the benefit of your work as I share it with you.
END_OF_FILE
if test 2398 -ne `wc -c <'shutdown.sh.8'`; then
echo shar: \"'shutdown.sh.8'\" unpacked with wrong size!
fi
# end of 'shutdown.sh.8'
fi
if test -f 'shutdown.sh.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'shutdown.sh.c'\"
else
echo shar: Extracting \"'shutdown.sh.c'\" \(2063 characters\)
sed "s/^X//" >'shutdown.sh.c' <<'END_OF_FILE'
X/*
X * Command to shut down a system immediately. Only works if you're
X * root and on the console. Suitable to be installed as a shell for
X * a shutdown id, eg,
X * shutdown::0:0:Shutdown System:/:/etc/shutdown.sh
X *
X * This code and manual page are Copyright 1993 by Steven C. Simmons.
X * You may reuse it freely in any way you wish provided that this copyright
X * section is preserved and that any changes you make are clearly marked as
X * such.
X *
X * Do good for the world.
X * If you make changes or improvements to this program, publish them
X * so that others may share the benefit of your work as I share it with you.
X *
X * $Source: /home/lokkur/scs/src/is-utils/shutdown/RCS/shutdown.sh.c,v $
X *
X * $Revision: 0.2 $ $Author: scs $ $Date: 1993/08/22 00:32:20 $
X *
X * $State: Exp $ $Locker: $
X *
X * $Log: shutdown.sh.c,v $
X * Revision 0.2 1993/08/22 00:32:20 scs
X * Added copyright and redistribution rule.
X *
X * Revision 0.1 1992/04/08 02:40:40 scs
X * Added RCS id string.
X *
X * Revision 0.0 1992/04/08 02:39:05 scs
X * Initial revision.
X */
X
X#ifndef lint
X# ifndef lib
Xstatic char rcsid[] = "$Id: shutdown.sh.c,v 0.2 1993/08/22 00:32:20 scs Exp $" ;
X# endif /* of ifndef lib */
X#endif /* of ifndef lint */
X
X#include <stdio.h>
X
Xextern char *ttyname() ;
Xextern void exit() ;
X
Xchar command[] = "/etc/shutdown -h now" ;
X
Xchar conditions[] = " To run this command you must be:\n\tlogged in as root (uid 0);\n\tlogged in interactively;\n\tlogged in on the console.\nNo shutdown will be done.\n";
X
Xmain()
X{
X char *tty ;
X
X if ( NULL == ( tty = ttyname( 0 ) ) )
X {
X (void) fputs( "You are not logged in interactively.", stderr );
X (void) fputs( conditions, stderr );
X exit( 0 ) ;
X }
X if ( 0 != strcmp( tty, "/dev/console" ) )
X {
X (void) fputs( "You are not logged in on the console.", stderr );
X (void) fputs( conditions, stderr );
X exit( 0 ) ;
X }
X else if ( 0 != getuid() )
X {
X (void) fputs( "You are not logged in as root.", stderr );
X (void) fputs( conditions, stderr );
X exit( 0 ) ;
X }
X (void) system( command ) ;
X exit( 0 ) ;
X return 0 ;
X}
END_OF_FILE
if test 2063 -ne `wc -c <'shutdown.sh.c'`; then
echo shar: \"'shutdown.sh.c'\" unpacked with wrong size!
fi
# end of 'shutdown.sh.c'
fi
echo shar: End of shell archive.
exit 0
--
"You can't blow my brains out. I work for Ford." Mike O'Connor
Brad Daniels
Dan Pop <dan...@cernapo.cern.ch> wrote:
>In <1993Nov11.1...@bilver.oau.org> bi...@bilver.oau.org (Bill Vermillion) writes:
>
>>I have some small business systems that I have one login running with
>>the root ID.
>>
>>The login is called poweroff, and it immediately starts a shutdown.
>>Quite handy when a quick summer thunderstorm comes crashing down around
>>your head and anyone can shut it down before mother nature kills the
>>machine.
>>
>It looks like a good idea. But the login "shell", before invoking
>/etc/shutdown should check that user "poweroff" is logging in from the
>system console, otherwise anybody could shut down system from anywhere.
>It is important to allow free access to shutdown only to persons who have
>free access to the power switch anyway.
It's even worse than that. If ftp allows root connections, you can
ftp to the machine, log in as "poweroff", and then ftp a file, say, oh,
I don't know, /etc/passwd maybe, over to the machine, with all kinds of
interesting results.
To do this right, you really need to have a privileged program which does
a shutdown if asked by a particular user or group of users, and then
create a nonprivileged powerfail account which will run that program
if you log in with it on the console.
- Brad
----------------------------------------------------------------------
+ Brad Daniels | "Let others praise ancient times; +
+ Biles and Associates | I am glad I was born in these." +
+ These are my views, not B&A's | - Ovid(43 B.C - 17 A.D) +
----------------------------------------------------------------------
Bill Vermillion
>
>>I have some small business systems that I have one login running with
>>the root ID.
>>The login is called poweroff, and it immediately starts a shutdown.
>>Quite handy when a quick summer thunderstorm comes crashing down around
>>your head and anyone can shut it down before mother nature kills the
>> machine.
>It looks like a good idea. But the login "shell", before invoking
>/etc/shutdown should check that user "poweroff" is logging in from the
>system console, otherwise anybody could shut down system from anywhere.
>It is important to allow free access to shutdown only to persons who have
>free access to the power switch anyway.
I actually copied the shutdown script over, and hardcoded in
the values. It does check for console login. That totally
slipped my mind when I posted this.
Glad you brought it up so as not to mislead others.
Thanks.
Bill