Results 1 to 5 of 5

Thread: AIX /etc/security/user like file for Linux

  1. #1
    Junior Member
    Join Date
    May 2007
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default AIX /etc/security/user like file for Linux

    I'm a newbie in Linux. I understand that Linux and AIX has some similarity. However i tried to search whether there is a file system of /etc/security/user (like in AIX). In this file, i can see all the attribute of each individual users in the system. Is there somthing similar in Linux? I want to see whether the user is an admin (or having admin rites).

    Please advise.

    Thanks.

  2. #2
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,513
    Thanks
    17
    Thanked 807 Times in 511 Posts
    Rep Power
    10

    Default

    Quote Originally Posted by ftengcheng View Post
    I'm a newbie in Linux. I understand that Linux and AIX has some similarity. However i tried to search whether there is a file system of /etc/security/user (like in AIX). In this file, i can see all the attribute of each individual users in the system. Is there somthing similar in Linux? I want to see whether the user is an admin (or having admin rites).

    Please advise.

    Thanks.
    There is no such file which defines extended user attributes such as su , account_locked and so on. However there are other files and ways to accomplish some of the security issues. Basically the /etc/security/user is bit outdated and Linux use PAM based security mechanism. Can you tell me what you are trying to do? On a related note look at /etc/security directory it has some of the functionalities provided by the AIX user file in different files such as
    access.conf : Use login access permissions
    group.conf : Group related permissions
    limits.conf : Put resources limitations
    pam_env.conf : setup session management PAM variables
    time.conf : Specifies the times, days, or both, the user is allowed to access the system.
    /etc/pam.conf and /etc/pam.d/* PAM configs
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  3. #3
    Junior Member
    Join Date
    May 2007
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    Thanks Vivek,

    We are looking at Segregation of Duties (checking whether developers are in the production environment). I want to see whether the users in the systems are having administrator's rights. From what i understand, the /etc/security/user can show me whether they are having that rights or not. This /etc/security/user also includes other attributes like the password information. So i'm just wondering whether these information can be extracted/captured in Linux. If yes, where can i get them?

    I hope you understand.

    By the way, what is PAM?

    Thanks.

    Regards,
    Teng Cheng

  4. #4
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,513
    Thanks
    17
    Thanked 807 Times in 511 Posts
    Rep Power
    10

    Default

    want to see whether the users in the systems are having administrator's rights.
    All administrator's rights and to grant rights to other you need to use sudo under Linux. Login as root and enter:
    Code:
    vi /etc/sudoers
    OR type
    Code:
    visudo
    Here is my own file:

    Code:
    # User privilege specification
    root    ALL=(ALL) ALL
    
    # Members of the admin group may gain root privileges
    %admin ALL=(ALL) ALL
    
    # WWW-data can run any command w/o a password
    www-data ALL= NOPASSWD: ALL
    Read the man page for sudo or just get some basic idea here: Allow a normal user to run commands as root | nixCraft

    By the way, what is PAM?
    Pluggable authentication modules or PAM are a mechanism to integrate multiple low-level authentication schemes into a high-level API, which allows for programs that rely on authentication to be written independently of the underlying authentication scheme. PAM was first proposed by Sun Microsystems in an OSF-RFC dated October, 1995. It was adopted at the authentication framework of the Common Desktop Environment. As a stand-alone infrastructure, however, PAM first appeared from an open-source, Linux-PAM, development in Red Hat Linux 3.0.4 in August of 1996. PAM is currently supported in AIX, FreeBSD, HP-UX, Linux, Mac OS X, NetBSD and Solaris. With PAM you can do advanced security settings such as
    => Restrict the use of su command
    => Prevent from using or reuse same old passwords under Linux
    => OpenSSH Root user account restriction
    => Allow user to login via ftp but not via ssh/telnet and much more
    In short read PAM ADMIN Guide and other docs ==> The Linux-PAM Administration and Developer Guides

    Hope this helps!
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  5. #5
    Member
    Join Date
    Mar 2008
    Posts
    81
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    7

    Talking

    gid 0 normally means in admin group or in wheel or in root group and yes they have admin rights. check in /etc/groups and vigr to change. PAM is messy and PAM is also compatible with trusted bsd. good luck. trusted bsd is like PAM somewhat, IMO. please do run chkrootkit and rkhunter and also run audit on users and utmp wtmp as much as you can. else livecd!

    aite! too much posting making my fingers pain. time to hit the sack. later!
    p.s. this forum is techie hardcore and i never knew indian forums also could be techie. everytime i went like a virtual vanity insanity gaga limitless absurdity plus clueless forums in the net. three cheers to this forum.

    this geek is also a DJ! he is a DJ and he is a geek! so dont consider me just a geeky book worm! i do skid and scratch in real parties! :-p geeky part is which help me fetch bread.

    the difference between virtual and reality is same as mermaid is to walrus.
    play on playah!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Apply CentOS Linux package security updates from the Internet
    By raj in forum CentOS / RHEL / Fedora
    Replies: 0
    Last Post: 22nd April 2008, 01:53 AM
  2. Alphabetical file name and list logged in user script
    By oronno in forum Shell scripting
    Replies: 5
    Last Post: 22nd August 2007, 12:10 PM
  3. can not find user name in /etc/passwd file
    By subrata1in in forum Linux software
    Replies: 2
    Last Post: 26th March 2007, 10:44 AM
  4. Which Linux network services pose a security threat?
    By chimu in forum Linux software
    Replies: 2
    Last Post: 20th July 2006, 06:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •