![]() | ![]() |
Users are granted access to their own host via the root entry in the /etc/passwd file. Instead of creating an additional root user, some sites use a modified version of su that consults a "personal" password file. The additional password file has one entry for each user that is allowed to become root, and each user has a unique root password.[20] With either system, users are able to manage their own systems but will not know the root passwords on any other hosts. The NIS-managed netroot password ensures that the system administration staff can still gain superuser access to every host.passwd: files nis
[20]An su-like utility is contained in Unix System Administration Handbook, by Evi Nemeth, Scott Seebass, and Garth Snyder (Prentice-Hall, 1990).
#! /bin/sh # ( cat /etc/shadow; ypcat passwd ) | awk -F':' '{if ($2 == "") print $1 ;}'
When the system is booted in single-user mode, the single-user shell will not be started until the user supplies the root password.PASSREQ=NO
CONSOLE=/dev/console
No PROM commands can be entered without supplying the PROM password; when you change from security-mode=none to security-mode=full you will be prompted for the new PROM password. This is not the same as the root password, and serves as a redundant security check for systems that can be halted and booted by any user with access to the break or reset switches.# eeprom security-mode=full
WARNING: There is no mechanism for removing the PROM security without supplying the PROM password. If you forget the PROM password after installing it, there is no software method for recovery, and you'll have to rely on Sun's customer service organization to recover!
# /usr/lib/netsvc/yp/ypstop # /usr/lib/netsvc/yp/ypstart
![]() | ![]() | ![]() |
12.2. How secure are NIS and NFS? | ![]() | 12.4. NFS security |
Copyright © 2002 O'Reilly & Associates. All rights reserved.