System Security
This section describes how to safeguard your system against unauthorized access, such as how to prevent an intruder from logging in to your system, how to maintain the password files, and how to prevent unauthorized superuser access to sensitive system files and programs.
You can set up two security barriers on a system. The first security barrier is the login program. To cross this barrier and gain access to a system, a user must supply a user name and a corresponding password known by the local system or by the name service (NIS or NIS+).
The second security barrier is ensuring that the system files and programs can be changed or removed by superuser only. A would-be superuser must supply the root user name and its correct password.
Login Access Restrictions
When a user logs in to a system, the login program consults the appropriate database according to the information listed in the /etc/nsswitch.conf file. The entries in this file can include files (designating the /etc files), nis (designating the NIS database), and nisplus (designating the NIS+ database). See the NIS+ and FNS Administration Guide or nsswitch.conf(4) for a description of this file.
The login program verifies the user name and password entered. If the user name is not in the password file or the password is not correct for the user name, the login program denies access to the system. When the user supplies a name from the password file and the correct password for the name, the system grants the user access to the system.
Special Logins
There are two common ways to access a system--by using a conventional user login or by using the root login. In addition, a number of special system logins allow a user to perform administrative commands without using the root account. The administrator assigns password to these login accounts.
Table 50-2 lists the system login accounts and their uses. The system logins perform special functions, and each has its own group identifier number (GID). Each of these logins should have its own password, which should be distributed on a need-to-know basis.
Table 50-2 System Logins|
Login Account |
GID |
Use |
|---|---|---|
|
root |
0 |
Has almost no restrictions and overrides all other logins, protections, and permissions. The root account has access to the entire system. The password for the root login should be very carefully protected. |
|
daemon |
1 |
Controls background processing. |
|
bin |
2 |
Owns most of the commands. |
|
sys |
3 |
Owns many system files. |
|
adm |
4 |
Owns certain administrative files. |
|
lp |
71 |
Owns the object and spooled data files for the printer. |
|
uucp |
5 |
Owns the object and spooled data files for UUCP, the UNIX-to-UNIX copy program. |
|
nuucp |
9 |
Is used by remote systems to log in to the system and start file transfers. |
You should also set the security of the eeprom command to require a password. See eeprom(1M) for more information.
Managing Password Information
When logging in to a system, users must enter both a user name and a password. Although logins are publicly known, passwords must be kept secret, and known only to users. You should ask your users to choose their passwords carefully, and change them often.
Passwords are initially created when you set up a user account. To maintain security on user accounts, you can set up password aging to force users to routinely change their passwords, and you can also disable a user account by locking the password. See Chapter 2, Setting Up and Maintaining User Accounts and Groups (Tasks) for detailed information about setting up and maintaining passwords.
NIS+ Password File
If your network uses NIS+, the password information is kept in the NIS+ database. Information in the NIS+ database can be protected by restricting access to authorized users. You can use Solstice User Manager or the passwd(1) command to change a user's NIS+ password.
NIS Password File
If your network uses NIS, the password information is kept in the NIS password map. NIS does not support password aging. You can use Solstice User Manager or the passwd(1) command to change a user's NIS password.
/etc Files
If your network uses /etc files, the password information is kept in the system's /etc/passwd and /etc/shadow files. The user name and other information are kept in the password file /etc/passwd, while the encrypted password itself is kept in a separate shadow file, /etc/shadow. This is a security measure that prevents a user from gaining access to the encrypted passwords. While the /etc/passwd file is available to anyone who can log in to a machine, only superuser can read the /etc/shadow file. You can use Solstice AdminSuite's User Manager, Admintool, or the passwd(1) command to change a user's password on a local system.
Using the Restricted Shell
The standard shell allows a user to open files, execute commands, and so on. The restricted shell can be used to limit the ability of a user to change directories, and execute commands. The restricted shell (rsh) is located in the /usr/lib directory. (Note that this is not the remote shell, which is /usr/sbin/rsh.) The restricted shell differs from the normal shell in these ways:
-
The user is limited to the home directory (can't use cd to change directories).
-
The user can use only commands in the PATH set by the system administrator (can't change the PATH variable).
-
The user can access only files in the home directory and its subdirectories (can't name commands or files using a complete path name).
-
The user cannot redirect output with > or >>.
The restricted shell allows the system administrator to limit a user's ability to stray into the system files, and is intended mainly to set up a user who needs to perform specific tasks. The rsh is not completely secure, however, and is only intended to keep unskilled users from getting into (or causing) trouble.
See sh(1) for information about the restricted shell.
Tracking Superuser (Root) Login
Your system requires a root password for superuser mode. In the default configuration, a user cannot remotely log in to a system as root. When logging in remotely, a user must log in as himself and then use the su command to become root. This enables you to track who is using superuser privileges on your system.
Monitoring Who is Becoming Superuser or Other Users
You have to use the su command to change to another user, for example, if you want to become superuser. For security reasons, you may want to monitor who has been using the su command, especially those user's who are trying to gain superuser access.
See "How to Monitor Who Is Using the su Command" for detailed instructions.
- © 2010, Oracle Corporation and/or its affiliates