Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
This chapter is from the book

Special User Accounts

Both Windows NT and Solaris have a special privileged account that has permission to do anything on the local system. In the Windows NT world this user is called Administrator, while in the Solaris world, this user is called root. While there are many similarities between these two accounts there are also some differences.

Similarities

  • Both are created when the operating system is installed.

  • Both are treated as local accounts.

  • User rights on the local computer are not automatically transferable to other computers in the network.

Differences

  • Login information for root can be kept in NIS, while Administrator is always local.

  • Any account with the UID of 0 and GID of 1 has the same access rights as root on a Solaris system. Windows NT allows similar, but not identical access rights to be established for other accounts by allowing membership to Administrator groups.

  • The Administrator account cannot be removed, while root can.

  • Administrator is included in the group Everyone, while root is treated differently than other. See "Granting Remote File Access Rights to root" on page 12.

  • There are certain privileged commands only root can perform unless the suid bit is set on the command. See "The Solaris suid Bit" on page 12.

Granting Remote File Access Rights to root

Normally, you would expect that if a folder is shared with access rights to Everyone in Windows NT or other in Solaris software that Administrator and root would have those rights. In Solaris software this is not always the case. The default behavior of shared folders in Solaris software is to deny all access rights to root. To override this behavior, the folder must be shared with the anon=0 or root= option.

NOTE

Solaris software does not have an equivalent of the Domain Administrator group. Placing Administrator users from different Windows NT servers in the Domain Administrator group has the same effect of granting root permissions on remote systems using the anon=0 and root= options.

The Solaris suid Bit

Certain functions in Solaris software require that the process performing those functions be run as root. If the process is started via a Solaris command, then that command needs to be invoked by the root user. Sometimes, it's desirable for someone other than root to run the command. In this case, the Set User ID (suid) bit is set on the command which gives the command being run the same access rights as its owner, which in this case is root.

An example of a Solaris command which uses the suid bit is ps, which is used to look at the processes currently running on the local computer.

Guest and nobody Accounts

Windows NT has a built-in account for temporary users called Guest. Solaris software has a somewhat similar user account called nobody. Users who do not have an account in NIS or in the remote system's /etc/passwd file, are given the UID of nobody.

  • + Share This
  • 🔖 Save To Your Account