topic Restricted SAM in Operating System - HP-UX

Restricted SAM

Charles Legge — Thu, 20 Feb 2003 17:05:18 GMT

Hello, I'm on 'D' class servers running HPUX 10.20. Are there safeguards in Restricted SAM that would not allow changes to key system accounts like ROOT, specified System Administration accounts,
etc. even though they can be viewed? It appears that changes could be made to these key accounts through restricted SAM? I'm familiar with the /etc/sam/rmuser.excl file which disables deletion of
specified accounts. My concern is someone making changes to ROOT and other key System Administration accounts (without authorization)?
Thanks

Re: Restricted SAM

Helen French — Thu, 20 Feb 2003 17:28:59 GMT

Even through restricted SAM, you cannot restrict the actual functionality of SAM. The only control you have is to allow or deny users access to areas within SAM. If you are concerned about the admin area security, then deny access to those areas.

Re: Restricted SAM

Helen French — Thu, 20 Feb 2003 17:34:19 GMT

Again, you don't need to worry about somebody changing the root password through restricted SAM. Becuase in restricted SAM, it will not allow to change the root password or the passwd of any user with a UID of 0.

Re: Restricted SAM

S.K. Chan — Thu, 20 Feb 2003 17:43:46 GMT

When you got a restricted SAM setup for say a normal user, you're basically allowing him to to use SAM as if he/she is root. To control what this user can do in restricted SAM, you got to configure which screen to allow or disallow. I think this is done in the restricted SAM builder. You can even configure say, you do not want the user to be able to change root's password (but he can change passwords of other users). It really depends on how you want to set it up and what funtionality you want to allow in the restricted SAM.

Re: Restricted SAM

Charles Legge — Thu, 20 Feb 2003 17:51:09 GMT

Hello, Thanks for the answers. I believe you've answered my question and concerns. Charles.