HPE Community
Operating System - HP-UX
1755637 Members
3381 Online
108837 Solutions
New Discussion юеВ

Change userid to superuser (HPUX 11.0)

 
SOLVED
Go to solution
John Ferrara
Frequent Advisor

тАО10-02-2001 06:45 AM

тАО10-02-2001 06:45 AM

Change userid to superuser (HPUX 11.0)

I have an L2000 w/ HPUX 11.00 on which the previous admin. created my account. I'm now the admin. but each time I run SAM as me (login as root over the netowrk has been disabled) it displays the msg. "Sorry, you must have superuser (root) privilege to enter SAM" On my 10.20 servers, I assume that I have superuser privilege b/c I do not receive that msg. Does my primary group need to be sys or is there someting else I need to do to my id to have superuser privilege and run SAM as "other than root"?
It was working fine when I left....what did you do?
0 Kudos
Reply
8 REPLIES 8
A. Clay Stephenson
Acclaimed Contributor

тАО10-02-2001 06:52 AM

тАО10-02-2001 06:52 AM

Re: Change userid to superuser (HPUX 11.0)

Hi John:

Sam requires super-user privileges (i.e. root); however, you can set up "Restricted SAM" to allow users to perform certain tasks.
Man sam and search for "Restricted SAM" for details.

On your old box, you may have been assigned a uid of 0 - this is a bad thing!.

The best way to do what you are doing is to use sam as root but login as a normal user for everyday, routine tasks. Going around with a uid of 0 can get you in a whole lot of trouble really fast; remaining a regular user most of the time keeps you from being your own worst enemy.

Regards, Clay
If it ain't broke, I can fix that.
0 Kudos
Reply
Ron Cornwell
Trusted Contributor

тАО10-02-2001 07:10 AM

тАО10-02-2001 07:10 AM

Re: Change userid to superuser (HPUX 11.0)

I assume your previous admin has setup the /etc/securetty file. This file specifies which tty's root can login from. This means you have to login as yourself but you can still do a su - to root when you have to complete admin task like going into SAM.
0 Kudos
Reply
John Ferrara
Frequent Advisor

тАО10-02-2001 07:12 AM

тАО10-02-2001 07:12 AM

Re: Change userid to superuser (HPUX 11.0)

When I try to run restricted sam, 'sam -r', I get the msg. "illegal option". On my other servers (HPUX 10.20) I do not have UID=0 and I simply run '/usr/sbin/sam' without any options, nor do I receive any errors. What tells HPUX that I am a superuser?
It was working fine when I left....what did you do?
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО10-02-2001 07:19 AM

тАО10-02-2001 07:19 AM

Re: Change userid to superuser (HPUX 11.0)

Hi John:

A 'uid' (regardless of what it's associated name is) identifies you as a 'superuser'. The /etc/passwd file forms the number-to-name mapping for which 'root' is uid=0. You will need to be a superuser to use the 'r' option of SAM (i.e. to run restricted SAM to confer privileges).

Resist, the temptation to make multiple superuser accounts. If you ever forget and, for instance, tell SAM to delete an account which happens to have a uid=0, you will "toast" your server as files owned by uid=0 begin to vaporize!

Regards!

...JRF...

0 Kudos
Reply
Bernie Vande Griend
Respected Contributor

тАО10-02-2001 07:22 AM

тАО10-02-2001 07:22 AM

Re: Change userid to superuser (HPUX 11.0)

sam -r can only be run as root user. It is used to set up the restricted shell for another user id. Once it is set up, then that user just runs sam and he will invoke his/her restricted shell.
But if you're trully the admin, you should just do a su - to become root and run sam that way.
Ye who thinks he has a lot to say, probably shouldn't.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО10-02-2001 07:29 AM

тАО10-02-2001 07:29 AM

Solution

Re: Change userid to superuser (HPUX 11.0)

Hi John:

To invoke the Restricted SAM Builder (sam -r), you must be root; otherwise, you get exactly that error message. Someone, must have used sam -r to basically allow you do do everything in SAM. If that's the case, you might as well run sam as root.

If it ain't broke, I can fix that.
Reply
John Ferrara
Frequent Advisor

тАО10-02-2001 07:43 AM

тАО10-02-2001 07:43 AM

Re: Change userid to superuser (HPUX 11.0)

One of the main reasons why I ask this is that I have PowerBroker installed on all of my servers (a sys admin nanny >:-( ) and instead of being able to su to root, I must pb su and all of my keystrokes get logged remotely, hence, I have keyboard/mouse click latency anywhere from .5 sec to .5 min. This is very frustrating.

However, I'll configure the restricted SAM as root to allow me to run SAM as my regular uid instead of root. Thanks.
It was working fine when I left....what did you do?
0 Kudos
Reply
Bernie Vande Griend
Respected Contributor

тАО10-02-2001 07:47 AM

тАО10-02-2001 07:47 AM

Re: Change userid to superuser (HPUX 11.0)

You should have mentioned pb, right away. You can just allow sam to be run as one of the pb allowable commands then. That is probably what they did on the other system.
Ye who thinks he has a lot to say, probably shouldn't.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.