Solaris 10 SSH users management



Hello Managers,

I am using a Solaris 10 box for development with subversion, C and Java.
The developers (45 accounts) have SSH access to the box and they
'checkout' the project from the repository. As a sysadmin, I have the
following questions:

- How to log all commands the users perform in the box using bash. The
history file can be ignored doing a simple export HISTFILE=/dev/null.
Another option is use truss and trace write/read syscall but I wonder if
there is another simpler solution.

- How to get started with RBAC to avoid execution of commands like su or
setuid root. I think RBAC is a good solution from Sun to this situation.

Thanks,

fabio
_______________________________________________
sunmanagers mailing list
sunmanagers@xxxxxxxxxxxxxxx
http://www.sunmanagers.org/mailman/listinfo/sunmanagers



Relevant Pages

  • Re: Menu in text mode Solaris 8
    ... Don't know if something like RBAC is in 8 though. ... > I would like to restrict users to execute only particular commands ... > sample scripts in Perl or SHELL? ...
    (comp.unix.solaris)
  • RE: NFS Security Question
    ... >I would recommend that you remove the su command or remove root access all ... Don't remove su if you intend to use RBAC with roles since su is how ... You can also assign the privelged commands directly to the user and ... >execute commands as root with "sudo" but they never actually become root. ...
    (Focus-SUN)
  • Re: New to UNIX and would like advice
    ... My next trick will be installing sudo so I can have another Windows ... Admin run some commands for the NetBackup jobs we have configured ... without having root access. ... It is equally bad to blindly say "Use RBAC!" ...
    (comp.unix.solaris)
  • mfc/c++ -> emulate user using ssh
    ... I'm having to do things "the hardway" because an organization won't let me run an application on their box, but the organization has no problem giving me ssh access, so... ... I need to write an application that will emulate a user that is using ssh to login onto a box and then execute commands as required by the controlling application. ...
    (microsoft.public.vc.mfc)
  • mfc/c++ -> emulate user using ssh2
    ... I'm having to do things "the hardway" because an organization won't let me run an application on their box, but the organization has no problem giving me ssh access, so... ... I need to write an application that will emulate a user that is using ssh to login onto a box and then execute commands as required by the controlling application. ...
    (microsoft.public.vc.language)