I got very good responses from all the kind people below. A simple way (but not recommended for lack of audit) of doing it is by creating a normal user, and editing the entry in /etc/passwd. Set the UID and GID in the file to 0. admin:x:0:0::/:/bin/ksh Problem with this is files created will be owned by root still, not the new name, because there's a 1 to 1 mapping between UIDs and usernames and for audit purposes will be difficult to tell which user did what. There are two other utilities that you can use for this - sudo -> http://www.courtesan.com/sudo/ - RBAC -> integrated with Solaris 8,9. See: www.sun.com/solutions/blueprints/0603/817-3062.pdf and below are comparisons from Ximo Domenech [ximo_d@yahoo.com] on the differences ---------------------------------- RBAC doesnt work if you want to assign special authorizations that are not included in the auth_attr database. Sudo helps you assign any authorizations you might think of , or need to assign. But if you dont have any special authorizations you need to implement, rbac is much better, controlable. I currently have a sudoers file that is 19k long, and is quite difficult to figure out to move to differrent enviroment. Plus rbac is fully supported by sun when sudo is not. Unfortunately both of them dont have a way to centralize all the data. ---------------- RBAC Advantages: Built in to Solaris 9 Easy to configure in S9 with WBEM/SMC interface Very flexible RBAC Cons: Roles and rights not clearly defined Found I needed to test quite a bit Not as granular as sudo Sudo Advantages: Small, lightweight No massive GUI needed to configure Very very granular Superior logging Sudo Disadvantages: No ability to 'become' a role as with RBAC Have to define each and every command so setup takes longer Need to compile and install Not integrated with BSM ----------- Sudo allows more customized control over homemade scripts in my opinion. Rbac I would say controls more system level controls, printing, ufsdumps, useradds.... No expert but that is what I think the diffs are. -------------- RBAC and sudo do roughly the same thing, as I'm sure you know. There are a few key differences though. 1) RBAC is more difficult and complex to set up than sudo 2) RBAC is integrated into the Solaris authentication mechanism, whereas sudo acts like a 'shell' on top of the services. 3) RBAC is designed for a network. sudo is generally set up on single machines. 4) RBAC is supported by Sun. If you have a broad environment and want one central privilege granting system, you will definitely want to use RBAC. If you just have a few machines that you want to set up pseudo-root access to, then sudo is probably easier (especially since you're familiar with it) Looked at another way, RBAC is more difficult, but more powerful and it scales much better than sudo. The size of your environment and your requirements will determine which is the better tool. -------------------- Sudo is easier to configure, RBAC has gui tools to help you configure it, rbac is part of the operating system and will probably remain so. The more people that switch to native tools, the less the need for other tools. Ole-Morten Duesund [oduesund@bergen.oilfield.slb.com], ed.rolison@itc.alstom.com, hatter@pzat.meep.org, Ximo Domenech [ximo_d@yahoo.com], dom clermont [domclermont@yahoo.com], Bradley Alan [ABradley@omam.com], Joohyun Cha [zoo11@hst.co.kr], Ole-Morten Duesund [oduesund@bergen.oilfield.slb.com], Meier Adrian [ADRIAN.MEIER@T-SYSTEMS.CH], Parissis Pavlos [PParissi@athens2004.com], Ronny Martin [rmartin@be.tiscali.com], Hi, Good day all. I would like to know if it is possible for me to create another user, with superuser rights. Say a mirror of superuser for additional administrators. Thanks _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Jan 8 05:48:50 2004
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:28 EST