• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 728
  • Last Modified:

Using ID 0 to get ROOT privilages?

Due to tightening SOX restrictions, we are in need of taking away the root account password from the AIX administrators (me and another guy) and giving it to the IT manager.  However, we still need root access to do our job and can't sudo because, with the commands we'll need, we could get root access anyway.

Another guy in our IT team suggested we just add user accounts for ourselves with an ID of "0" to match root's ID and give us root-like access.  So, my question is, is this possible?  What are the downfalls of using multiple accounts on a single ID, especially if it's Root's ID?  Has anyone done this successfully?

We're using AIX 5L.

Thanks!
Dave
0
dsstao
Asked:
dsstao
  • 2
  • 2
2 Solutions
 
ajcaruso00Commented:
Question - are they taking away root access so you cannot do certain things or so there is a log of who is doing what?

Typically, for SOX, we've only concerned ourselves with logging and providing a paper trail.  Everyone using the same account (id 0 effectively) violates that principle.

What we do is login as ourselves and su - <mgt account> where the mgt account is to manage whatever it is this box is doing (e.g. dba, or webmaster, etc).  for super access, you can su - root.  All of this is logged and you can audit who logged in (their original account) and then to what account they su'd to do something.

A final option is (not recommended) sudo bash.  This will give you a shell with root privileges.

Hope this helps. -T
0
 
omarfaridCommented:
Hi,

It is possible to create users on the server with the same uid 0, but this is as good as having root access. So, it is not recommended since you will be effectively root.

You need to run privileged commands through sudo.

0
 
dsstaoAuthor Commented:
ajcaruso00: to answer your question, the purpose is indeed for logging and this is what  I thought.  Even with sudo, it's possible to masquarade as root which makes logging again impossible, correct?
0
 
ajcaruso00Commented:
Sure, you can even erase the logs.  But w/ SOX audits, the point is showing you didn't erase the logs (see - no time lapse), everything is audited, and no one can login directly as root.  If you need to "prove" what you did after su - root, then maybe:

history -c     (clears the history)

do what you need....

history > /var/log/what_I_just_did.date.log

or something silly to show every command you entered while acting as root.

These can be cross-correlated to the logs of when you logged in and type su -

With SOX IT audits (and I've had many), the auditors typically don't understand what's going on in IT.  They simply want to see that if, say, on 10/10/07 the balance sheet suddenly shows an extra $100,000,000, you have sufficient documentation and reasonable processes in place that IT didn't change the number (or if they did - it can be traced back to someone and effectively, not allowing direct root access (e.g. root can't login directly) and logging in under your ID, the su - is logged.

Does that help? -T
0
 
dsstaoAuthor Commented:
Yep there it is - ok... thanks for the help!
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now