Hello experts,
I am an PLM application admin, use AIX/SOlaris servers where application is installed
to schedule a cron in my system this what i do
- Login to AIX/Unix system using an OS account,
- Schedule a service to execute the required script - The script will have a PLM utility and requires a User ID, Password & group as command line arguments. For plm, the Application user ID, password & group need to be provided
now there are export control regulation that prevent other users from accessing this password, even to a system admin with root access
Initially we have hard coded the paswd to a variable in a txt file, then use that $variable as argument, but as per new rules there is an opportunity for a sysadmin with root/super user access can get to know the contents of this file thus causing a security breach
Note the OS account and application userid/password are different, i need to provide the application user id/passwd for running the script
appreciate your help on this
You cannot stop root user of being root.
If you have password in file on the server in question, the administrator will know it, possibly other users based on file permissions.
I would recommend using other auth mechanisms for your application (like Kerberos or alike) *AND* having some sort of auditing on the application side in database, so if shit hits the fan, you will know who started it based on audit logs.
On Solaris you might configure auditing for a certain call or script execution which will notify who started what in which time. I am unfamiliar with AIX in this regard, but i'm sure there are similar auditing methods on IBM.
You should also take into consideration that auditing can be very intensive on machines and databases, depending on the depth of auditing.
Hope that helps
Regards
Peasant.
Agreed, you cannot stop root from being root. And frankly -- if you can't trust your root user, you're already in it eyeball-deep, there may be no saving this situation.
No matter how complicated your scheme for encrypting the password, the computer will have to automatically decrypt it to use it, therefore the root user can automatically get it by doing the exact same things. And if you invent a method which doesn't involve a password, then root wouldn't need a password either.
This is not the first thread on the topic and will not be the last. It just won't work this way. Sorry.
And to top it all off, putting the userid and password on the command line pretty much makes it readable by anyone logged onto the box by using the "ps" utility.
In other words, your application itself violates your security requirements.
As far as keeping root users from accessing the password, you need to look into RBAC.
Assuming you correctly stated the security requirement, the person(s) who created the requirement know very little about UNIX. Period. Sounds like a management decision.
root owns or can own everything ,or can gain access to all devices, process memory, etc.
Solaris Example pargs -e pid lets root see any environment variable in any process. Period. No limits nothing.
The only way to implement this securely is to change the root password, give it to you only, and remove any privileges granted in Solaris RBAC (/etc/user_attr ) from the persons who had root. And hope you are a great sysadmin. Based on your question - please do not consider doing this. You are not ready.
1 Like