- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- System users restriction
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2003 06:34 AM
тАО04-29-2003 06:34 AM
System users restriction
I'm trying to limit the access to these users as much as possible, but have to explain why I want to do that and what the security risks are if someone has access to one of these users.
Bruno
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2003 06:38 AM
тАО04-29-2003 06:38 AM
Re: System users restriction
I'd imagine it to be a minor risk because the account you mentioned are configured witha an asterisk in the password field of /etc/passwd hence they are disabled. The only person that could su to them is root. Anyone who has root capabilities should be educated to not login as these users.
regards,
Darren.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2003 06:46 AM
тАО04-29-2003 06:46 AM
Re: System users restriction
Educating is not an option as I work for a very big company.
I'm sure there must be some documentation somewhere. User bin is e.g. very dangerous as all users belonging to the bin group (like user bin itself) are allowed to shutdown the box.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2003 07:46 AM
тАО04-29-2003 07:46 AM
Re: System users restriction
Thanks for mentioning that it's a trusted system. If you look at eg, the bin account on a trusted system (/tcb/files/auth/b/bin) you'll see that it is disabled too; ie u_pwd is an asterisk. As with a non-trusted system, only root (or someone with root priviliges) can then su to bin.
My point here is that the vast majority of users won't even be able to either login or su to these system users; hence there shouldn't be a problem.
You also mentioned that anyone in the group bin can shutdown the box; this is true - but the default situation is for only root and the bin user to be in group bin.
So, I'd be interested to hear how many other users are in group bin, and how many people have the root password.
I don't believe there'll be any documentation advising users not to login as bin or another system user as HP has done a large amount to prevent this from happening!
regards,
Darren.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-30-2003 04:33 AM
тАО04-30-2003 04:33 AM