topic Re: Root Password in Operating System - HP-UX

Root Password

Tim Martens — Tue, 07 Nov 2000 20:35:45 GMT

How do I put a password on Rootso when people su _ root it ask for a password

Re: Root Password

Kofi ARTHIABAH — Tue, 07 Nov 2000 20:38:46 GMT

Tim:

su - root should always ask for a password, unless you are logged in as root. If you are logged in as any other user, it will ask you for a password.

HOWEVER, if you are root, you can su to any account without a password.

Re: Root Password

Rick Garland — Tue, 07 Nov 2000 20:40:49 GMT

Are you making this account UID=0? If so, it will ask for a passwd execpt coming from root.

There are a lot of previous posts regarding the multiple UID=0 accts. Do a SEARCH for additional info.

Re: Root Password

Rick Garland — Tue, 07 Nov 2000 20:50:05 GMT

Assuming that this is a new acct, issue the passwd root_so command to associate a passwd with the acct as well.

Re: Root Password

Kofi ARTHIABAH — Tue, 07 Nov 2000 21:25:42 GMT

Tim: Like Rick mentioned, check your /etc/passwd and make sure that people in the bin group DO NOT have a UID of 0. That would explain why they can su - without a passwd. By the way, you might also want to do a find / -name "su" -print to search if there are other scripts called su that are executed instead of the normal su. another check is to list your aliases ie. alias to make sure that there isn't a substitute for su in there.

Good luck

Re: Root Password

Rick Garland — Tue, 07 Nov 2000 21:27:09 GMT

Being in the 'bin' group - that could be an issue.

For the SQL prompt, is the environment being called from root?

Re: Root Password

augusto cossa — Wed, 08 Nov 2000 09:38:43 GMT

Tim,

I think that you will have to modify your .rhosts by removing the (+) which allow the user to do rlogin whitout being asked for password.

Try it.

Augusto

Re: Root Password

Rick Garland — Wed, 08 Nov 2000 19:42:25 GMT

The rhost is not a group. You can find/place .rhosts in the following locations.
$HOME/.rhosts

This allows users to rlogin to other remote trusted systems without the use of passwds. For a user, they will rlogin to a new server as themselves without a passwd. For the root user, be careful as the root account now has access to all remote trusted systems without a passwd.

Check the inetd.sec man pages as well. There is a lot you can do with the security.

Re: Root Password

f. halili — Thu, 09 Nov 2000 14:45:01 GMT

Your "bin" group has two users, bin and root.
If the application is logged in as root then su won't prompt you for a password.
If it is logged in as bin.
1 ) Check if bin has a user ID of 0.
# more /etc/passwd | grep "bin:"

$ more /etc/passwd | grep "bin:"
bin:*:2:2::/usr/bin:/sbin/sh

If bin has a UID of 0 then making an su to root wont prompt you a password.

2) Check the .rhost files in your root user's home directory and your bin user's home directory if it at a + sign then they could rlogin back and forth w/o password.

# cd /usr/bin
# more .rhosts

# cd /
# more .rhosts