IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [privileged-account]

A user account with permissions to perform administrative actions within an operating system or application.

Related tag: .

On Windows, administrative actions are protected by the User Account Control (UAC) feature. A "privileged account" is one that has one or more admin powers within the UAC framework.

On Linux, OS X, and other Unix variants, a "privileged account" is either root or an account with rights to use sudo.

An application can have privileged accounts such as admin that are capable of special functions like user account administration or unrestricted data alteration.

70 questions
79
votes
8 answers

Should the sole user of a *nix system have two accounts?

Should the sole user of a *nix (particularly Linux and MacOS) have two accounts, one with sudo privileges and one without? Years ago I read that on your personal computer you should do your daily tasks as an unprivileged user and switch to a…
Ender Wiggin
  • 905
  • 1
  • 6
  • 7
34
votes
4 answers

Why is it a bad idea for management to have constant access to every employee's inbox?

This was prompted by my CEO asking to get permanent access to everyone's inbox. He wants for his email client to be configured so that as well as his own email account, he can see the contents/activity of everyone else's as well. What are all the…
BlackHatGuy
  • 441
  • 4
  • 3
30
votes
4 answers

Can the root user be removed from a *nix system to prevent privilege-escalation?

Once a *nix system is properly configured and hardened, is it a conceivable strategy to remove all super user/root users? Are there benefits to removing root from a system altogether to prevent super-user privilege escalation exploits…
Whome
  • 1,231
  • 11
  • 21
21
votes
2 answers

Backdoor account in passwd file

Long story short I was making sure a web app didn't create a LFI vuln by attempting to open /etc/passwd with it. My first attempt to prevent LFI was unsuccessful and listed out the file, and I noticed this at the…
CarlosAllende
  • 353
  • 2
  • 7
17
votes
8 answers

Should the requirement of admin privileges be extended?

Seeing this comic from xkcd.com made me thinking: Is extending the requirement of admin privileges to things such as connecting to the internet, running the web browser, reading browser and other software config files, etc, be something operating…
Alex
  • 819
  • 1
  • 7
  • 11
16
votes
3 answers

Is it OK to tell your password to an admin?

Possible Duplicate: From a security point : Is it OK to tell your password to an admin? I am working in a small company (20 employees) as a senior SW engineer. After having some email problems, our newly employed IT administrator asked me for a…
BЈовић
  • 1,199
  • 1
  • 9
  • 17
13
votes
3 answers

Should an admin user be able to edit passwords?

For your typical web app, should an admin superuser have the right to edit a user's password, or should only that user have the right? (Even with edit ability, the admin would never see the current password).
VirtuosiMedia
  • 3,142
  • 3
  • 26
  • 32
12
votes
2 answers

Benefits and drawbacks of giving an Administrator two accounts for elevated rights and another for daily use, such as email

Microsoft has long promoted the need to separate administrative accounts from regular use accounts, as shown with this guidance MSFT even went to far as create ADMINSDUser rights to put administrative accounts in a separate "class" than regular…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
11
votes
3 answers

What security requirements do you have for Domain Administrators?

With regard to managing a Windows network, what security polices and processes do you use? For example Do you require/support Smart Card Authentication? Restrict logins from a particular workstation? Require more complex passwords for Administrator…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
9
votes
4 answers

Security policy for system administrators

I've been in charge of systems administration for a small company for a couple of years and am now training some new collaborators to take over. So far, there has been no security policy, but I would like to leave behind a good security policy that…
tomeduarte
  • 345
  • 1
  • 9
7
votes
3 answers

Can I use 2 factor authentication for shared accounts?

Is it possible to use SecurID 2FA for Highly Privileged shared accounts? I am currently using CyberArk to vault passwords for privileged accounts. when I checkout a password, I would like to make sure that this account has to 2FA to the endpoint.…
user2219930
  • 101
  • 1
  • 2
7
votes
3 answers

What differences are there between built-in Administrator and other Administrators?

Are there any significant differences in the rights, privileges, permissions, or other powers held by the built-in Administrator account, and those held by non-built-in Administrator accounts?
Iszi
  • 26,997
  • 18
  • 98
  • 163
6
votes
2 answers

Is privilege escalation possible when shell is under www user?

So, suppose that someone obtained a shell of a remote machine (of course via Internet). But the (linux) shell is under www user. Would there be any way of trying privilege escalation?
AAAAAAA
  • 61
  • 2
  • 3
5
votes
1 answer

How can I objectively evaluate trust in a person? (Systems Admin, or other)

When recruiting for positions that require a level of integrity and trust, I'm looking for objective ways of accessing that, either positively or negatively. Is there any any guidance one should use for accessing an individual's propensity for…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
3 answers

Privilege Escalation Ubuntu

I am trying to learn how an attacker can escalate privileges in Ubuntu 10.04. I have heard that this can be done but no one has ever said how to do it. The best defense is knowing how it is done and doing it yourself. So to find out, I set up a…
tpar44
  • 173
  • 1
  • 3
1
2 3 4 5