topic Re: Alternate root user in Operating System - HP-UX

Alternate root user

Rook_1 — Wed, 28 Mar 2007 00:15:36 GMT

Is there a possibility for alternate root user on HP-UX machine? What could be limitations... suggestions?
TY

Re: Alternate root user

Wouter Jagers — Wed, 28 Mar 2007 00:20:29 GMT

Any user which is assigned a UID of 0 (zero) is a root user. However, doing this is not recommended for obvious security reasons.

Removing or renaming the actual 'root' account can be done in theory, but you shouldn't: a bunch of scripts, tools and software assume the existence of the root account.

In other words: unless you have really (really!) good reasons to do so, save yourself a bunch of trouble and leave your root account like it is.

Cheers,
Wout

Re: Alternate root user

Jollyjet — Wed, 28 Mar 2007 00:21:07 GMT

If you need to allow them to do other root-type commands, then your best bet is to install sudo.

http://www.courtesan.com/sudo

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/

Re: Alternate root user

Vishu — Wed, 28 Mar 2007 01:14:15 GMT

yeah ,
u can hv alternate root user that u can create with useradd command with UID 0 and have -o option for duplicate UID with this command.

Re: Alternate root user

Anshumali — Wed, 28 Mar 2007 22:35:26 GMT

This is not suggested though...
Make UID of the user as 0
better way is to install sudo and use that for your use...
I am not sure what requirement makes you think about the another root user... there are previous threads on this also.. please have a look at them as this has been already discussed many times..

Re: Alternate root user

Angus Crome — Wed, 28 Mar 2007 22:48:54 GMT

I would never suggest doing this. Sudo or Powerbroker, or one of the other privilege access tools would be a much safer and more secure solution.

In fact, in certain industries, performing this action is grounds for dismissal, regardless of the intent.

Re: Alternate root user

Sunny Jaisinghani — Wed, 28 Mar 2007 23:30:00 GMT

Refer to the below thread. u'll get some very good suggestions.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=943392

Regards

Re: Alternate root user

A. Clay Stephenson — Wed, 28 Mar 2007 23:43:50 GMT

You can have n users with UID 0.

Benefits: 0 - it is state-of-the-art stupid.

Risks: It will be impossible to determine which of these users did what because all tracking is done via UID rather than login.
You just flunked your security audit.

If you need to allow users to perform tasks which normally require superuser permission then look for a package called sudo.

Re: Alternate root user

Ashish Parashar — Sat, 31 Mar 2007 22:15:41 GMT

Hello Rook

Its right, you can have several user with UID 0 as root user for this you just have to edit passwd file ,but problem is that

if anyone of them will change the root password of all root user.. no one can login except him( possible threat).

If you want to give some root power to any user .. you can try retricted SAM or

edit sudoer file and give permission for some commands also.

Regards

Ashish Parashar

Re: Alternate root user

Raj D. — Sun, 01 Apr 2007 01:14:24 GMT

Rook,

You can create a alternate root user by creating an user with uid 0.

But, If you are trying to controll access or restrict access better to use sudo ,

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while logging the commands and arguments.

The current version is sudo 1.6.8p12, released on November 8, 2005.

Check this link:
http://www.gratisoft.us/sudo/

Cheers,
Raj.