S 2.33 Division of administrator roles under Unix

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

In most Unix systems there only is one administration role (the Super-User called root with the user ID (UID) 0). Persons able to access this role have the full control over the system. In particular, they can read, change, and delete any file regardless of access rights.

The super user password must only be known to the administrators. Disclosing the password must be restricted to the cases defined in the regulations and must be documented. The super user login root can be protected additionally by applying the two-person-rule, e.g. by organisational safeguards such as a shared password. In doing so, the password must have a longer minimum length (12 or more characters). In this respect, it must be ensured that the full minimum length of the password is checked by the system.

For numerous Unix systems, tasks can be divided by using the existing administrator roles. These roles should be assumed by different persons in this case.

A host of administration activities may also be performed without any access to the root login. If there are administrators for such special tasks, they should be used. In particular, if several persons must be commissioned with the performance of administration activities in large systems, the risk can be reduced by dividing the tasks accordingly. For this, there are two options:

• creation of administrative logins: These logins have the UID 0, but only one program will be started during login that can be used to perform the administrative activity and that is terminated by logout. Examples: creating new users, mounting a drive. For UNIX V.4, the administrative login names setup, sysadm, powerdown, checkfsys, mountfsys, and umountfsys can be created with the eponymous programs, for example.
• Using logins without UID 0: These login names (sys, bin, adm, uucp, nuucp, daemon und lp) are the owners of files and programs decisive for the functionality of the system and therefore subject to particular protection. They are dedicated to administrating the corresponding services in most Unix systems.

In order to determine which logins have administrator rights, auxiliary programs (e.g. cops, tiger) should be used regularly which browse the password file for logins with the UID 0.

Review questions:

• Is there a regulation regarding the handling of super user passwords in Unix (role "root" and/or users with UID 0)?
• Is the password checked in its entire minimum length by the IT system?
• Is there a regulation regarding the separation of roles and the division of the administrative activities in Unix systems?
• Are regular checks as to which logins have administrator rights performed for Unix systems?