Thank you all for your valuable answers…
And the winner is sudo ! 28 out of 43 answers say this utility might
resolve most of my problems. However Joe Fletcher did make the point:
freeware and the like are forbidden (so far) in this Enterprise. We are
trying to overcome this new problem…
A few other products were also mentioned: Power Broker, PitBull, Virtual
Vault (HP), Axent, etc. I still have to check them.
As for other UID=0 do forget this option! If at all necessary, call your
attorney ! (email@example.com has the proper approach…;-)) tks…
Solaris 8 and RBAC (role based access control) will probably be the answer
if implemented as described in the Trusted Solaris documentation. However we
are still on Solaris 6 due to a restriction imposed by IAS or CASP (I'm not
sure which one...; have to check with Sun).
>Customer: very large financial institution
> first time Solaris users
> special Web server
>Platform: E10K Solaris 6 & 7
>Environment: “hostile” IBM mainframe & NT networking
>Objective: throw the root password in a safe and still proceed
> with every administrative functions…
>who am I: third party (outsource) consultant
>In the last 90 days it seems I’ve exhausted all alternatives and arguments
>to comply with my customer’s objective…
>Since they used mainframe for the past decades the root power found in
>every Unix system is unacceptable to them reason why I’ve tried all >my
>knowledge to reduce this power. What would you suggest?
>Somebody “invented” a very weird possibility: create two or three
>accounts, with the same UID=0 (security now is doubled or tripled….). What
>are your comments on this?
>I’ve also considered using the Tru$ted Solaris, which I know nothing about…
>If any of you has experience with this product, do you believe it would
>satisfy my customer?
>Tks for your attention..
>Rio de Janeiro, Brasil
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
U BEFORE POSTING please READ the FAQ located at
. and the list POLICY statement located at
A To submit questions/summaries to this list send your email message to:
A To unsubscribe from this list please send an email message to:
E and in the BODY type:
R unsubscribe sun-managers
. unsubscribe sun-managers firstname.lastname@example.org
L To view an archive of this list please visit:
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:19 CDT