topic Re: root in Operating System - HP-UX

root

navin — Thu, 29 Mar 2007 13:47:44 GMT

Hi ,
At situation when i forget the root passwd , i used to TC at VFP and interrupt the boot process to login to single user monde , from there i change the root passwd.
Is there any way with out reseting OS , can we change root passwd at VFP.

Thanks

Re: root

Pete Randall — Thu, 29 Mar 2007 13:50:17 GMT

No, in order to change the password, you have to be logged in. When you come up in single user mode, you are automatically logged in without having to enter a password. The VFP has no faciliity to accomplish this.

Pete

Re: root

navin — Thu, 29 Mar 2007 13:55:09 GMT

Ok Thank You

Re: root

Patrick Wallek — Thu, 29 Mar 2007 13:57:07 GMT

This is also why you should have some facility to do this without rebooting the machine.

sudo is a good tool for this.

http://www.courtesan.com/sudo/

Re: root

A. Clay Stephenson — Thu, 29 Mar 2007 14:07:14 GMT

Of course, a better idea than sudo is to never forget root passwords. In over 25 years in UNIX I have never forgotten a root password. If you will adopt a password creation convention (e.g terms related to Chess, names / lines from your favorite cartoons, parts of sailing vessels, ... and adopt your own intentional misspelling rules and punctuation rules for these terms) then there is really no excuse for forgetting a password -- root or otherwise. Using this system, I can rattle off password from machines that I haven't used (and probably no longer exist) in years.

Re: root

Duncan Edmonstone — Thu, 29 Mar 2007 15:13:19 GMT

... and for those without Clay's eidetic memory there's the old favourite... write the password down!

Now before everyone screams at me, it can still be physically secured (most companies have a firesafe somewhere on site). I even worked with one company where the passwords were split in 2 (yes each admin typed in his half when they were set) and the 2 components were stored in different safes requiring different managers to access (this was a site where no-one did anything as root during normal operation)

HTH

Duncan

Re: root

UVK — Fri, 30 Mar 2007 07:59:00 GMT

Hi Navin.

You can change the password if you are already logged in as root, if you are not a root user and still want to do it, do something to gain write access to /etc/passwd file :) and remove the characters in the 2nd field of the root line.

Cheers

Re: root

Patrick Wallek — Fri, 30 Mar 2007 08:07:57 GMT

Vijay -- That is fine as long as your system is not trusted. However, if your system is trusted, or even if you are using /etc/shadow, then just modifying /etc/passwd will not work.

Besides, one should NOT be able to "gain write access to /etc/passwd" since that should only be writeable by root! Anything else is a major security hole.