Friday, June 19, 2009

Monitoring and User permissions

http://solarisinterview.blogspot.com/ Solaris interview questions and Answers.

Monitoring su Attempts

/etc/default/su -- File monitoring su login info

CONSOLE VARIABLE
# CONSOLE=/dev/console -- Remove the comment (#) symbol. So that root can login
remotely by su command.
SULOG VARIABLE
SULOG=/var/adm/sulog -- Specifies the file location of the log file


Controlling System Access

# /etc/default/login file

CONSOLE=/dev/console -- This line should be commented to login as root from remote system

PASSREQ=YES -- Enforces that each user should have password to login


/etc/ftpd/ftpusers -- Lists names of users prohibited from connecting to system through FTP
/etc/ftpusers -- Solaris 8

/etc/hosts.equiv & $HOME/.rhosts -- Files to determine if a remote user is allowed to access the local host, with the identity of a local user. This procedure first check /etc/hosts.equiv and then $HOME/.rhosts
hostname
hostname username
+

If a uses local host’s /etc/hosts.equiv file contains the host name ofa a remote host, then all regular users of that remote host are trusted and do not need to supply a password to login to the local host. Wherease the /rhosts file applies to a specific user

/etc/inetd.conf -- File used to control all services

# svcadm disable (or) enable ftp (or) telnet -- in solaris 10

# rsh 140.40.40.151
# rcp 140.40.40.151:/test/file1 . -- To copy remote system file to local
# rcp $HOME:/file1 140.40.40.151:/tmp -- To copy local files to remote system

# chown user2 file7 -- To change owner of a file
# chown –R user2 dir4 -- To change ownership for folder and all its subfolders
# chown user3:class file7 -- Changing both the individual and group ownership in one shot

# chgrp class file4 -- To change the group ownership of a file or directory

Setuid Permission on Executable Files

When the setuid permission is set on an executable file, a user or process that runs this executable file is granted access based on the owner of the file.
# ls –l /usr/bin/su
_ rs r_xr_x 1 root sys ………….
The setuid permission displays as an “s” in the owners executable field. You should disallow the use of setuid programs or at least restrict their use

# chmod 4555 -- To set setuid permission on a executable.
# find / -perm –4000 -- To search for setuid files


Setgid Permission on Executable Files

When the process runs, it runs as if it were a member of the same group in which the file is a member. Also access is granted based on the permission assigned to that group
# ls –l /usr/bin/write
_ r _ r_sr_x 1 root …………. -- Displays as “s” in the group’s execute field

# chmod 2555
# chmod g+s -- To set setgid for a directory
# find / -perm –2000 -- To search for setgid files


Sticky Bit Permission on Public Directories

If the directory permission have the sticky bit set, a file can be deleted only by the owner of the file/directory or the root user.

# ls –ld /tmp
drwxrwxrwt 6 root sys …… -- Displays as “t” in the execute field for other.

# chmod 1777
# find / -type d –perm –1000 -- To search for sticky bit directory

1 comment:

jaleel.S said...

hai

I read this post.really it is very useful for me .

thanks.

Custom Search

Feeds from my other blog

Samsung S2 Brand new for 25900 White piece sealed box

For Sale, Mobile Phones - Accessories in India, Andhra Pradesh, Hyderabad. Date September 17

For Sale in Hyderabad