Go Premium for a chance to win a PS4. Enter to Win


Unix Security & groups configuration...

Posted on 1998-08-24
Medium Priority
Last Modified: 2013-12-27
We are running Solaris 2.5.1 on E3000 & Sparc 4/5's.
We also have 2 NT 4.0 servers and a Novell 3.12 server.
We are implementing a private WAN over our countrywide branch network using our Telephone/Internet service provider.
Our 8 branches have a Sparc4 or 5 running Solaris 2.5.1 on  Ethernet LANs. Our application is client/server. On the server side (Solaris 2.5.1) we have Informix OWS 7.2.UC2 and MicroFocus Cobol 4.0. On the client side we have Win95b and APS generated DLLs.

Our telephone service provider is  saying that the PVC will be secure but I don't think that is absolutely true.
We want to protect our clients' data from outsiders, primarily.

We are located in Belize, Central America.
What security & encryption functions can I enable from Solaris, for example Kerberos & DES. I recall trying to setup DES encryption on a Sparc20 a few years ago, but It got messy and I could not access root account again. I had to reinstall the machine.
How can I find out what security & encryption tools are installed or available on the Solaris OS?

I'm having some problems with unix groups: Even with group permissions set, users in the same group cannot overwrite files from other users in the same group. This is needed because the group is for developers who frequently     recompile executables, etc.
The only way that a user can overwrite another user's file in the same group is if the permissions are set to 777. I tried setting the umask to 000 but that only results in 666.

It's really weird why the permissions don't appear to be working the way they should.

I also would appreciate some comments or suggestions about this problem.

Thanks in advance for your help!

By the way this posting is also feedback from a previous posting about unix security.

Why is is a good idea to create a group for each user?
Then how will you handle users who need to share files?
Can soft links be used to share files and directories between groups of users?

Thanks again for your time!

D. Weatherburn
Question by:denmarkw
LVL 51

Expert Comment

ID: 2006739
About group permissions:

use umask 002
make you directory chmod 775

then your users (of same group) should be able to overwrite other users files.

About groups:
each user in his own group: bad idea.
I suggest to use a general-purpose group which will be assigned
to each user in /etc/passwd; this should be a group with low-
level permissions.
For users having more rights, add them to a apropriate group in /etc/group.

Author Comment

ID: 2006740
Please clarify "a general-purpose group with low-level permissions"!

Author Comment

ID: 2006741
I would appreciate some comments on the Solaris security issues!

Expert Comment

ID: 2006742
This may not be what you want to do but any way.  You could set up encryption between the routes on both sided of the PVC.  That way the routers are doing the encryption/decryption.  I did this once using Cisco routers.  Much better then letting the unix machines do this.

Another way to do this is put a fire wall on both sides of the PVC and force all communications throught the firewall.  Then you could let the firewalls do the encryption.


Accepted Solution

nrosier earned 300 total points
ID: 2006743
You could try ssh, slogin... (secure shell, login)

This works with private and public keys like PGP. You need to install a sshd on your server and the ssh and slogin on the clients.

You can read more about it at: http://www.cs.hut.fi/ssh/


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question